Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Cotizaci#U00f3n#12643283.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Cotizaci#U00f3n#12643283.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpAC01.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SoEOsZIV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\SoEOsZIV.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SoEOsZIV.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3krzvh1h.pyy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5l2phtpf.2em.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_stkvzaoe.fqi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmmeswp1.5q5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpBE22.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Cotizaci#U00f3n#12643283.exe
|
"C:\Users\user\Desktop\Cotizaci#U00f3n#12643283.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\SoEOsZIV.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SoEOsZIV" /XML "C:\Users\user\AppData\Local\Temp\tmpAC01.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SoEOsZIV.exe
|
C:\Users\user\AppData\Roaming\SoEOsZIV.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SoEOsZIV" /XML "C:\Users\user\AppData\Local\Temp\tmpBE22.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
E50000
|
direct allocation
|
page read and write
|
|
|
|
7059000
|
direct allocation
|
page execute and read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page execute and read and write
|
||
|
163E000
|
heap
|
page read and write
|
||
|
571B000
|
trusted library allocation
|
page read and write
|
||
|
9E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
57E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
160F000
|
stack
|
page read and write
|
||
|
34D000
|
stack
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
9825000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
7500000
|
trusted library allocation
|
page read and write
|
||
|
1900000
|
trusted library allocation
|
page execute and read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
9EBE000
|
stack
|
page read and write
|
||
|
F4D000
|
trusted library allocation
|
page read and write
|
||
|
522F000
|
stack
|
page read and write
|
||
|
587F000
|
trusted library section
|
page readonly
|
||
|
5D10000
|
heap
|
page read and write
|
||
|
1672000
|
heap
|
page read and write
|
||
|
7710000
|
heap
|
page read and write
|
||
|
D5B000
|
heap
|
page read and write
|
||
|
172D000
|
heap
|
page read and write
|
||
|
6F30000
|
direct allocation
|
page execute and read and write
|
||
|
1622000
|
trusted library allocation
|
page read and write
|
||
|
4139000
|
trusted library allocation
|
page read and write
|
||
|
586B000
|
stack
|
page read and write
|
||
|
5E40000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
572E000
|
trusted library allocation
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E7E000
|
stack
|
page read and write
|
||
|
5CF0000
|
heap
|
page read and write
|
||
|
9FFE000
|
stack
|
page read and write
|
||
|
750E000
|
trusted library allocation
|
page read and write
|
||
|
4DC5000
|
heap
|
page read and write
|
||
|
AB9000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
71FD000
|
direct allocation
|
page execute and read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
5CF5000
|
heap
|
page read and write
|
||
|
6D7D000
|
stack
|
page read and write
|
||
|
5742000
|
trusted library allocation
|
page read and write
|
||
|
430E000
|
trusted library allocation
|
page read and write
|
||
|
2751000
|
trusted library allocation
|
page read and write
|
||
|
48EC000
|
stack
|
page read and write
|
||
|
F83000
|
heap
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
1423000
|
trusted library allocation
|
page execute and read and write
|
||
|
A65C000
|
stack
|
page read and write
|
||
|
5B30000
|
heap
|
page execute and read and write
|
||
|
37A7000
|
trusted library allocation
|
page read and write
|
||
|
3116000
|
trusted library allocation
|
page read and write
|
||
|
5AC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
49A000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
5B20000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
33DF000
|
unkown
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
A760000
|
heap
|
page read and write
|
||
|
97F6000
|
heap
|
page read and write
|
||
|
18D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
771A000
|
heap
|
page read and write
|
||
|
18C7000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
4758000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
A23C000
|
stack
|
page read and write
|
||
|
57D0000
|
heap
|
page read and write
|
||
|
38A000
|
stack
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
7700000
|
heap
|
page read and write
|
||
|
5765000
|
trusted library allocation
|
page read and write
|
||
|
9AEE000
|
stack
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
1656000
|
heap
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
5870000
|
trusted library section
|
page readonly
|
||
|
450000
|
remote allocation
|
page execute and read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
31B5000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
6C8F000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page execute and read and write
|
||
|
A13C000
|
stack
|
page read and write
|
||
|
F2B000
|
trusted library allocation
|
page read and write
|
||
|
F65000
|
trusted library allocation
|
page read and write
|
||
|
5736000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
75F000
|
unkown
|
page read and write
|
||
|
16F1000
|
heap
|
page read and write
|
||
|
4462000
|
trusted library allocation
|
page read and write
|
||
|
6E92000
|
trusted library allocation
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
76FE000
|
stack
|
page read and write
|
||
|
5893000
|
heap
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
27DD000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
A22E000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
9DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
18D2000
|
trusted library allocation
|
page read and write
|
||
|
3843000
|
trusted library allocation
|
page read and write
|
||
|
71E1000
|
direct allocation
|
page execute and read and write
|
||
|
339E000
|
unkown
|
page read and write
|
||
|
A9B0000
|
trusted library allocation
|
page read and write
|
||
|
70CE000
|
direct allocation
|
page execute and read and write
|
||
|
5AD0000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page execute and read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
70E000
|
unkown
|
page read and write
|
||
|
A75C000
|
stack
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
9E2000
|
trusted library allocation
|
page read and write
|
||
|
99EE000
|
stack
|
page read and write
|
||
|
6A3E000
|
stack
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
18F0000
|
trusted library allocation
|
page read and write
|
||
|
A4DF000
|
stack
|
page read and write
|
||
|
392E000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
4131000
|
trusted library allocation
|
page read and write
|
||
|
322000
|
unkown
|
page readonly
|
||
|
A3DE000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page readonly
|
||
|
7278000
|
direct allocation
|
page execute and read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
A8F000
|
heap
|
page read and write
|
||
|
85B000
|
heap
|
page read and write
|
||
|
F46000
|
trusted library allocation
|
page read and write
|
||
|
3177000
|
trusted library allocation
|
page read and write
|
||
|
9B4000
|
trusted library allocation
|
page read and write
|
||
|
1663000
|
heap
|
page read and write
|
||
|
18DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
6BBF000
|
stack
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
4370000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
34FB000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
97F0000
|
heap
|
page read and write
|
||
|
5731000
|
trusted library allocation
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
45AA000
|
trusted library allocation
|
page read and write
|
||
|
9BEE000
|
stack
|
page read and write
|
||
|
6C7F000
|
stack
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
A260000
|
trusted library allocation
|
page read and write
|
||
|
161D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
7EF000
|
stack
|
page read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
2FDD000
|
stack
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
597000
|
stack
|
page read and write
|
||
|
464D000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
A9A0000
|
trusted library allocation
|
page read and write
|
||
|
142D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7505000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DAB000
|
stack
|
page read and write
|
||
|
4DB0000
|
trusted library section
|
page readonly
|
||
|
4E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
705D000
|
direct allocation
|
page execute and read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
91D000
|
stack
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
9CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B0000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
162A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
5238000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
6A80000
|
trusted library allocation
|
page read and write
|
||
|
53CC000
|
stack
|
page read and write
|
||
|
A0FF000
|
stack
|
page read and write
|
||
|
A89D000
|
stack
|
page read and write
|
||
|
9EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3E000
|
trusted library allocation
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
2797000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
1424000
|
trusted library allocation
|
page read and write
|
||
|
5714000
|
trusted library allocation
|
page read and write
|
||
|
9FBE000
|
stack
|
page read and write
|
||
|
1337000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
3131000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
6D3E000
|
stack
|
page read and write
|
||
|
18D0000
|
trusted library allocation
|
page read and write
|
||
|
A250000
|
trusted library allocation
|
page read and write
|
||
|
A61F000
|
stack
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
6C85000
|
trusted library allocation
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
4223000
|
trusted library allocation
|
page read and write
|
||
|
7400000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
90C000
|
stack
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
323A000
|
stack
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
F41000
|
trusted library allocation
|
page read and write
|
||
|
500D000
|
stack
|
page read and write
|
||
|
3759000
|
trusted library allocation
|
page read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
164F000
|
heap
|
page read and write
|
||
|
9FFE000
|
stack
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
A51E000
|
stack
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
6CBF000
|
stack
|
page read and write
|
||
|
9D2000
|
trusted library allocation
|
page read and write
|
||
|
51B0000
|
trusted library section
|
page read and write
|
||
|
51C0000
|
trusted library section
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
CCC000
|
stack
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
6A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
A29E000
|
stack
|
page read and write
|
||
|
163A000
|
heap
|
page read and write
|
||
|
9D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1626000
|
trusted library allocation
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
F24000
|
trusted library allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
B16000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
A62000
|
heap
|
page read and write
|
||
|
6A90000
|
trusted library section
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
9C0000
|
trusted library allocation
|
page read and write
|
||
|
310C000
|
stack
|
page read and write
|
||
|
9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
A39E000
|
stack
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
F52000
|
trusted library allocation
|
page read and write
|
||
|
43D2000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
5880000
|
heap
|
page read and write
|
||
|
980A000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
4506000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
71F6000
|
direct allocation
|
page execute and read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
9D7E000
|
stack
|
page read and write
|
||
|
A12E000
|
stack
|
page read and write
|
||
|
573D000
|
trusted library allocation
|
page read and write
|
||
|
79AF000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
37F5000
|
trusted library allocation
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
1239000
|
stack
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
A99F000
|
stack
|
page read and write
|
There are 303 hidden memdumps, click here to show them.