Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO] G_24370-24396_SI2_S25_8658.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpE291.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\VxQjXFYhdkY.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\VxQjXFYhdkY.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3uf0lb2g.usv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5k2ngf05.xz2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bruopfhl.co2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbt3um3i.nf4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gukgzo5h.elo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m2haumev.525.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjpy1ipl.oq0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vleerk1f.2ou.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO] G_24370-24396_SI2_S25_8658.exe
|
"C:\Users\user\Desktop\PO] G_24370-24396_SI2_S25_8658.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO] G_24370-24396_SI2_S25_8658.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VxQjXFYhdkY.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VxQjXFYhdkY" /XML "C:\Users\user\AppData\Local\Temp\tmpE291.tmp"
|
|
|
|
C:\Users\user\Desktop\PO] G_24370-24396_SI2_S25_8658.exe
|
"C:\Users\user\Desktop\PO] G_24370-24396_SI2_S25_8658.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://fontfabrik.com
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-jones.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4271000
|
trusted library allocation
|
page read and write
|
|
|
|
342E000
|
trusted library allocation
|
page read and write
|
|
|
|
33E1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
585E000
|
trusted library allocation
|
page read and write
|
||
|
64AD000
|
heap
|
page read and write
|
||
|
A96E000
|
stack
|
page read and write
|
||
|
5BC0000
|
heap
|
page execute and read and write
|
||
|
6B74000
|
heap
|
page read and write
|
||
|
7560000
|
heap
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
13A4000
|
heap
|
page read and write
|
||
|
B371000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
A86E000
|
stack
|
page read and write
|
||
|
5866000
|
trusted library allocation
|
page read and write
|
||
|
B36E000
|
stack
|
page read and write
|
||
|
185D000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3240000
|
trusted library allocation
|
page read and write
|
||
|
1727000
|
heap
|
page read and write
|
||
|
659E000
|
stack
|
page read and write
|
||
|
3328000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BA5000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
ABEE000
|
stack
|
page read and write
|
||
|
44AA000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
16E3000
|
heap
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16D9000
|
heap
|
page read and write
|
||
|
5E7E000
|
stack
|
page read and write
|
||
|
B26E000
|
stack
|
page read and write
|
||
|
5D3C000
|
stack
|
page read and write
|
||
|
7B5F000
|
stack
|
page read and write
|
||
|
58F0000
|
heap
|
page read and write
|
||
|
584B000
|
trusted library allocation
|
page read and write
|
||
|
5872000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
trusted library section
|
page readonly
|
||
|
16A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
A82F000
|
stack
|
page read and write
|
||
|
1759000
|
heap
|
page read and write
|
||
|
1860000
|
trusted library allocation
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page read and write
|
||
|
5A4B000
|
stack
|
page read and write
|
||
|
69BE000
|
stack
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
7CFE000
|
stack
|
page read and write
|
||
|
322C000
|
stack
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
6AB0000
|
trusted library allocation
|
page read and write
|
||
|
1A5C000
|
stack
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
12EA000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
5754000
|
trusted library allocation
|
page read and write
|
||
|
7660000
|
trusted library allocation
|
page read and write
|
||
|
1322000
|
heap
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
15EE000
|
stack
|
page read and write
|
||
|
D40000
|
unkown
|
page readonly
|
||
|
7340000
|
heap
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
1853000
|
trusted library allocation
|
page execute and read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
58F3000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
5E8E000
|
stack
|
page read and write
|
||
|
5DB0000
|
heap
|
page read and write
|
||
|
1A70000
|
heap
|
page read and write
|
||
|
6A9E000
|
stack
|
page read and write
|
||
|
A9AD000
|
stack
|
page read and write
|
||
|
576E000
|
trusted library allocation
|
page read and write
|
||
|
5B00000
|
trusted library section
|
page read and write
|
||
|
6488000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
23CE000
|
stack
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
7CB0000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
1129000
|
stack
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
13CA000
|
heap
|
page read and write
|
||
|
5E90000
|
trusted library allocation
|
page read and write
|
||
|
1315000
|
heap
|
page read and write
|
||
|
271A000
|
heap
|
page read and write
|
||
|
59EC000
|
stack
|
page read and write
|
||
|
3438000
|
trusted library allocation
|
page read and write
|
||
|
19B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B0000
|
trusted library allocation
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
6957000
|
trusted library allocation
|
page read and write
|
||
|
EB9000
|
stack
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
7080000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
33F000
|
unkown
|
page read and write
|
||
|
168D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3432000
|
trusted library allocation
|
page read and write
|
||
|
15AE000
|
stack
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
6944000
|
trusted library allocation
|
page read and write
|
||
|
7FA0000
|
trusted library section
|
page read and write
|
||
|
7682000
|
trusted library allocation
|
page read and write
|
||
|
1872000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
ACEF000
|
stack
|
page read and write
|
||
|
AE8E000
|
stack
|
page read and write
|
||
|
1882000
|
trusted library allocation
|
page read and write
|
||
|
188B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
33C0000
|
heap
|
page execute and read and write
|
||
|
5EA0000
|
trusted library allocation
|
page read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
57E2000
|
trusted library allocation
|
page read and write
|
||
|
7B7C000
|
heap
|
page read and write
|
||
|
1A1E000
|
stack
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
6962000
|
trusted library allocation
|
page read and write
|
||
|
263F000
|
stack
|
page read and write
|
||
|
B12B000
|
stack
|
page read and write
|
||
|
14F8000
|
stack
|
page read and write
|
||
|
24A000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
1876000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CB000
|
trusted library allocation
|
page read and write
|
||
|
3352000
|
trusted library allocation
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1887000
|
trusted library allocation
|
page execute and read and write
|
||
|
1324000
|
heap
|
page read and write
|
||
|
5CBE000
|
stack
|
page read and write
|
||
|
7B60000
|
heap
|
page read and write
|
||
|
5846000
|
trusted library allocation
|
page read and write
|
||
|
16B8000
|
heap
|
page read and write
|
||
|
443A000
|
trusted library allocation
|
page read and write
|
||
|
5FA0000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
16AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
669E000
|
stack
|
page read and write
|
||
|
AF8E000
|
stack
|
page read and write
|
||
|
5A00000
|
heap
|
page execute and read and write
|
||
|
6970000
|
trusted library allocation
|
page execute and read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
3235000
|
trusted library allocation
|
page read and write
|
||
|
7BB8000
|
heap
|
page read and write
|
||
|
AAB0000
|
heap
|
page read and write
|
||
|
5DB5000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page execute and read and write
|
||
|
169D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
19B2000
|
trusted library allocation
|
page read and write
|
||
|
54DD000
|
stack
|
page read and write
|
||
|
182E000
|
stack
|
page read and write
|
||
|
6470000
|
heap
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
AAAD000
|
stack
|
page read and write
|
||
|
5776000
|
trusted library allocation
|
page read and write
|
||
|
D42000
|
unkown
|
page readonly
|
||
|
7FB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
18AE000
|
stack
|
page read and write
|
||
|
6AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
187A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
1A60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
540C000
|
stack
|
page read and write
|
||
|
18C7000
|
heap
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
12EE000
|
heap
|
page read and write
|
||
|
811E000
|
stack
|
page read and write
|
||
|
18B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
5771000
|
trusted library allocation
|
page read and write
|
||
|
43E1000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
5278000
|
trusted library allocation
|
page read and write
|
||
|
16E6000
|
heap
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
19B5000
|
trusted library allocation
|
page execute and read and write
|
||
|
16EF000
|
stack
|
page read and write
|
||
|
5F7F000
|
stack
|
page read and write
|
||
|
AE4E000
|
stack
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
186D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5852000
|
trusted library allocation
|
page read and write
|
||
|
172E000
|
stack
|
page read and write
|
||
|
6BB3000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
2FE000
|
unkown
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page read and write
|
||
|
20D000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
19BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
44D9000
|
trusted library allocation
|
page read and write
|
||
|
1854000
|
trusted library allocation
|
page read and write
|
||
|
5884000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
584E000
|
trusted library allocation
|
page read and write
|
||
|
7090000
|
trusted library allocation
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
AD4D000
|
stack
|
page read and write
|
||
|
4409000
|
trusted library allocation
|
page read and write
|
||
|
3318000
|
trusted library allocation
|
page read and write
|
||
|
A72E000
|
stack
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
7F5E000
|
stack
|
page read and write
|
||
|
5E3F000
|
stack
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
5FA9000
|
trusted library allocation
|
page read and write
|
||
|
1863000
|
trusted library allocation
|
page read and write
|
||
|
DF8000
|
unkown
|
page readonly
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
586D000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
1683000
|
trusted library allocation
|
page execute and read and write
|
||
|
272C000
|
heap
|
page read and write
|
||
|
FB7000
|
stack
|
page read and write
|
||
|
575B000
|
trusted library allocation
|
page read and write
|
||
|
59F3000
|
heap
|
page read and write
|
||
|
1684000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
577D000
|
trusted library allocation
|
page read and write
|
||
|
43E9000
|
trusted library allocation
|
page read and write
|
||
|
1733000
|
heap
|
page read and write
|
||
|
585A000
|
trusted library allocation
|
page read and write
|
||
|
7F9E000
|
stack
|
page read and write
|
||
|
5861000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
19D0000
|
trusted library allocation
|
page read and write
|
||
|
B22C000
|
stack
|
page read and write
|
There are 245 hidden memdumps, click here to show them.