Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zHdApQc7XO.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zHdApQc7XO.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\zHdApQc7XO.exe
|
"C:\Users\user\Desktop\zHdApQc7XO.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
https://api.ip.s
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 18 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3DC5000
|
trusted library allocation
|
page read and write
|
|
|
|
312F000
|
stack
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
8E75000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
144B000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
338F000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
heap
|
page execute and read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
32C3000
|
trusted library allocation
|
page read and write
|
||
|
32DE000
|
trusted library allocation
|
page read and write
|
||
|
129D000
|
trusted library allocation
|
page execute and read and write
|
||
|
32BD000
|
trusted library allocation
|
page read and write
|
||
|
128D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F5F000
|
trusted library allocation
|
page read and write
|
||
|
55FC000
|
stack
|
page read and write
|
||
|
331D000
|
trusted library allocation
|
page read and write
|
||
|
33A4000
|
trusted library allocation
|
page read and write
|
||
|
4131000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page execute and read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
32D8000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
3345000
|
trusted library allocation
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
32F7000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
5A90000
|
trusted library allocation
|
page read and write
|
||
|
58E5000
|
heap
|
page read and write
|
||
|
A88000
|
unkown
|
page readonly
|
||
|
32C6000
|
trusted library allocation
|
page read and write
|
||
|
1284000
|
trusted library allocation
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page read and write
|
||
|
12A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page execute and read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
3249000
|
trusted library allocation
|
page read and write
|
||
|
3338000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
119B000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
330A000
|
trusted library allocation
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
8E40000
|
heap
|
page read and write
|
||
|
3195000
|
trusted library allocation
|
page read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
3DC1000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
13C4000
|
trusted library allocation
|
page read and write
|
||
|
31FC000
|
trusted library allocation
|
page read and write
|
||
|
14CF000
|
heap
|
page read and write
|
||
|
3293000
|
trusted library allocation
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
32B3000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
798E000
|
stack
|
page read and write
|
||
|
3317000
|
trusted library allocation
|
page read and write
|
||
|
3363000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
338B000
|
trusted library allocation
|
page read and write
|
||
|
12AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5600000
|
trusted library section
|
page readonly
|
||
|
32D6000
|
trusted library allocation
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
1283000
|
trusted library allocation
|
page execute and read and write
|
||
|
3327000
|
trusted library allocation
|
page read and write
|
||
|
8E10000
|
heap
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
1293000
|
trusted library allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
13DE000
|
trusted library allocation
|
page read and write
|
||
|
1174000
|
trusted library allocation
|
page read and write
|
||
|
333E000
|
trusted library allocation
|
page read and write
|
||
|
3357000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
5953000
|
heap
|
page read and write
|
||
|
32E5000
|
trusted library allocation
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
3391000
|
trusted library allocation
|
page read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
32FD000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
1434000
|
heap
|
page read and write
|
||
|
32BB000
|
trusted library allocation
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
31EC000
|
trusted library allocation
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
333C000
|
trusted library allocation
|
page read and write
|
||
|
70D0000
|
trusted library allocation
|
page read and write
|
||
|
8E1E000
|
heap
|
page read and write
|
||
|
337A000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
3374000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
58C0000
|
heap
|
page read and write
|
||
|
8E58000
|
heap
|
page read and write
|
||
|
8E70000
|
heap
|
page read and write
|
||
|
3131000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
32E7000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
heap
|
page execute and read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
140B000
|
heap
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DC1000
|
trusted library allocation
|
page execute and read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
1064000
|
heap
|
page read and write
|
||
|
3321000
|
trusted library allocation
|
page read and write
|
||
|
4DFD000
|
stack
|
page read and write
|
||
|
32DA000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
32D4000
|
trusted library allocation
|
page read and write
|
||
|
32F3000
|
trusted library allocation
|
page read and write
|
||
|
1164000
|
trusted library allocation
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
329F000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
3325000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
unkown
|
page readonly
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
13E6000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
3359000
|
trusted library allocation
|
page read and write
|
||
|
3334000
|
trusted library allocation
|
page read and write
|
||
|
14F6000
|
heap
|
page read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
456000
|
remote allocation
|
page execute and read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
3315000
|
trusted library allocation
|
page read and write
|
||
|
13DF000
|
stack
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
8E4A000
|
heap
|
page read and write
|
||
|
335F000
|
trusted library allocation
|
page read and write
|
||
|
33A6000
|
trusted library allocation
|
page read and write
|
||
|
3323000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
3342000
|
trusted library allocation
|
page read and write
|
||
|
3355000
|
trusted library allocation
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
32DC000
|
trusted library allocation
|
page read and write
|
||
|
329B000
|
trusted library allocation
|
page read and write
|
||
|
32FB000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
trusted library allocation
|
page read and write
|
||
|
12D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3347000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
D3A000
|
stack
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
2DC3000
|
trusted library allocation
|
page read and write
|
||
|
8E5D000
|
heap
|
page read and write
|
||
|
33C4000
|
trusted library allocation
|
page read and write
|
||
|
8E64000
|
heap
|
page read and write
|
||
|
70F2000
|
trusted library allocation
|
page read and write
|
||
|
8E54000
|
heap
|
page read and write
|
||
|
32B9000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
heap
|
page read and write
|
||
|
335D000
|
trusted library allocation
|
page read and write
|
||
|
13ED000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
14FA000
|
heap
|
page read and write
|
||
|
105C000
|
heap
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
32BF000
|
trusted library allocation
|
page read and write
|
||
|
31F4000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
338D000
|
trusted library allocation
|
page read and write
|
||
|
1424000
|
heap
|
page read and write
|
||
|
14ED000
|
heap
|
page read and write
|
||
|
3245000
|
trusted library allocation
|
page read and write
|
||
|
14DF000
|
heap
|
page read and write
|
||
|
2F65000
|
trusted library allocation
|
page read and write
|
||
|
5935000
|
heap
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F83000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
58AD000
|
stack
|
page read and write
|
||
|
335B000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
137C000
|
stack
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
13F2000
|
trusted library allocation
|
page read and write
|
||
|
32F9000
|
trusted library allocation
|
page read and write
|
||
|
3372000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page execute and read and write
|
||
|
333A000
|
trusted library allocation
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
12A2000
|
trusted library allocation
|
page read and write
|
||
|
74DE000
|
heap
|
page read and write
|
||
|
337D000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
3393000
|
trusted library allocation
|
page read and write
|
||
|
103E000
|
heap
|
page read and write
|
||
|
12D2000
|
trusted library allocation
|
page read and write
|
||
|
3340000
|
trusted library allocation
|
page read and write
|
||
|
8E30000
|
heap
|
page read and write
|
||
|
33A8000
|
trusted library allocation
|
page read and write
|
||
|
A32000
|
unkown
|
page readonly
|
||
|
13E1000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
trusted library allocation
|
page read and write
|
||
|
3310000
|
trusted library allocation
|
page read and write
|
||
|
13B7000
|
heap
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
522C000
|
stack
|
page read and write
|
||
|
595F000
|
heap
|
page read and write
|
||
|
13CB000
|
trusted library allocation
|
page read and write
|
||
|
5979000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
33BF000
|
trusted library allocation
|
page read and write
|
||
|
33A2000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page execute and read and write
|
There are 231 hidden memdumps, click here to show them.