Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Catalina - Particulars.pdf.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Catalina - Particulars.pdf.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1q2qy225.5mf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3ffuu2e.sqc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rq405u4c.ocl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnf1nayc.yfe.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe
|
"C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Catalina
- Particulars.pdf.scr.exe"
|
|
|
|
C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe
|
"C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe"
|
|
|
|
C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe
|
"C:\Users\user\Desktop\Catalina - Particulars.pdf.scr.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
172.67.74.152
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
http://beirutrest.com
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
beirutrest.com
|
50.87.144.157
|
|
|
|
api.ipify.org
|
172.67.74.152
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.144.157
|
beirutrest.com
|
United States
|
|
|
|
172.67.74.152
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Catalina - Particulars_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29A1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
29C7000
|
trusted library allocation
|
page read and write
|
|
|
|
36A9000
|
trusted library allocation
|
page read and write
|
|
|
|
6717000
|
trusted library allocation
|
page read and write
|
||
|
4E36000
|
trusted library allocation
|
page read and write
|
||
|
26ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AD000
|
stack
|
page read and write
|
||
|
6220000
|
heap
|
page read and write
|
||
|
36A1000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
B50E000
|
stack
|
page read and write
|
||
|
B74E000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
84C8000
|
heap
|
page read and write
|
||
|
9F3000
|
trusted library allocation
|
page read and write
|
||
|
84F7000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page execute and read and write
|
||
|
39A000
|
stack
|
page read and write
|
||
|
4E4A000
|
trusted library allocation
|
page read and write
|
||
|
CB8000
|
trusted library allocation
|
page read and write
|
||
|
26E4000
|
trusted library allocation
|
page read and write
|
||
|
B54B000
|
stack
|
page read and write
|
||
|
26E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
4EE3000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
270E000
|
trusted library allocation
|
page read and write
|
||
|
27F4000
|
trusted library allocation
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
B18E000
|
stack
|
page read and write
|
||
|
271B000
|
trusted library allocation
|
page execute and read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
3951000
|
trusted library allocation
|
page read and write
|
||
|
503E000
|
heap
|
page read and write
|
||
|
6C00000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
4EF0000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
6610000
|
trusted library allocation
|
page read and write
|
||
|
8490000
|
heap
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AEB000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
7E9000
|
heap
|
page read and write
|
||
|
4E42000
|
trusted library allocation
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
62AA000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
9FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
634E000
|
stack
|
page read and write
|
||
|
65A8000
|
trusted library allocation
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
2702000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
6840000
|
trusted library allocation
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
2706000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E56000
|
trusted library allocation
|
page read and write
|
||
|
C12000
|
trusted library allocation
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
B2CE000
|
stack
|
page read and write
|
||
|
B40E000
|
stack
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
4E3E000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
6DA000
|
stack
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
26FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
B55000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page execute and read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
298F000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
AC00000
|
heap
|
page read and write
|
||
|
65C7000
|
trusted library allocation
|
page read and write
|
||
|
4B9B000
|
stack
|
page read and write
|
||
|
84D0000
|
heap
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page execute and read and write
|
||
|
B04E000
|
stack
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
trusted library section
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page read and write
|
||
|
2715000
|
trusted library allocation
|
page execute and read and write
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
5E8D000
|
stack
|
page read and write
|
||
|
306000
|
unkown
|
page readonly
|
||
|
6226000
|
heap
|
page read and write
|
||
|
AEFE000
|
stack
|
page read and write
|
||
|
4E4E000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page execute and read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
4B0D000
|
trusted library allocation
|
page read and write
|
||
|
4E5D000
|
trusted library allocation
|
page read and write
|
||
|
29DD000
|
trusted library allocation
|
page read and write
|
||
|
6862000
|
trusted library allocation
|
page read and write
|
||
|
B64C000
|
stack
|
page read and write
|
||
|
4D00000
|
trusted library section
|
page readonly
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
262000
|
unkown
|
page readonly
|
||
|
C16000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
4B06000
|
trusted library allocation
|
page read and write
|
||
|
C53000
|
heap
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
4E3B000
|
trusted library allocation
|
page read and write
|
||
|
700D000
|
stack
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
B27000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
3979000
|
trusted library allocation
|
page read and write
|
||
|
2986000
|
trusted library allocation
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
6620000
|
trusted library allocation
|
page execute and read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
6E36000
|
trusted library allocation
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
629F000
|
heap
|
page read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
C0F000
|
stack
|
page read and write
|
||
|
9E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B14E000
|
stack
|
page read and write
|
||
|
39B8000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
6B80000
|
heap
|
page read and write
|
||
|
299D000
|
trusted library allocation
|
page read and write
|
||
|
7E2000
|
heap
|
page read and write
|
||
|
2690000
|
heap
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page read and write
|
||
|
4CD3000
|
heap
|
page read and write
|
||
|
266B000
|
stack
|
page read and write
|
||
|
6263000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
2712000
|
trusted library allocation
|
page read and write
|
||
|
27BC000
|
stack
|
page read and write
|
||
|
4F05000
|
heap
|
page read and write
|
||
|
7220000
|
trusted library allocation
|
page execute and read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
82E000
|
heap
|
page read and write
|
||
|
68CF000
|
stack
|
page read and write
|
||
|
9E4000
|
trusted library allocation
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
6E7E000
|
stack
|
page read and write
|
||
|
B28E000
|
stack
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
6F7F000
|
stack
|
page read and write
|
||
|
4E51000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
7F9E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
84E9000
|
heap
|
page read and write
|
||
|
62BE000
|
heap
|
page read and write
|
||
|
C1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EAC000
|
stack
|
page read and write
|
||
|
270A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
9F0000
|
trusted library allocation
|
page read and write
|
||
|
5019000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
4958000
|
trusted library allocation
|
page read and write
|
||
|
5054000
|
heap
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
84EE000
|
heap
|
page read and write
|
||
|
7D9000
|
stack
|
page read and write
|
||
|
D87000
|
heap
|
page read and write
|
||
|
4AED000
|
stack
|
page read and write
|
||
|
8590000
|
trusted library section
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
88C000
|
heap
|
page read and write
|
||
|
7C7000
|
heap
|
page read and write
|
||
|
2951000
|
trusted library allocation
|
page read and write
|
||
|
2675000
|
trusted library allocation
|
page read and write
|
||
|
6980000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
B760000
|
trusted library allocation
|
page read and write
|
||
|
522C000
|
stack
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
4B01000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
ADFE000
|
stack
|
page read and write
|
||
|
2717000
|
trusted library allocation
|
page execute and read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
C56000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
4AFE000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
479C000
|
stack
|
page read and write
|
||
|
6630000
|
trusted library allocation
|
page execute and read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
C27000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
262F000
|
stack
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
644E000
|
stack
|
page read and write
|
||
|
C2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3CF000
|
stack
|
page read and write
|
||
|
65BD000
|
trusted library allocation
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
C22000
|
trusted library allocation
|
page read and write
|
There are 248 hidden memdumps, click here to show them.