Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#U0110#U1eb7t h#U00e0ng.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#U0110#U1eb7t h#U00e0ng.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13txmx3a.hsl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_is0eidbu.bod.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j5d03lhp.x14.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jezhzs43.zri.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\#U0110#U1eb7t h#U00e0ng.exe
|
"C:\Users\user\Desktop\#U0110#U1eb7t h#U00e0ng.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\#U0110#U1eb7t
h#U00e0ng.exe"
|
|
|
|
C:\Users\user\Desktop\#U0110#U1eb7t h#U00e0ng.exe
|
"C:\Users\user\Desktop\#U0110#U1eb7t h#U00e0ng.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
18.31.95.13.in-addr.arpa
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
13A0000
|
direct allocation
|
page read and write
|
|
|
|
54C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
9E3000
|
unkown
|
page readonly
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
AABB000
|
stack
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
135F000
|
stack
|
page read and write
|
||
|
51F2000
|
trusted library allocation
|
page read and write
|
||
|
15A9000
|
direct allocation
|
page execute and read and write
|
||
|
5340000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
5465000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
11C3000
|
trusted library allocation
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
C7A000
|
stack
|
page read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
51ED000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
ABBC000
|
stack
|
page read and write
|
||
|
A490000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
direct allocation
|
page execute and read and write
|
||
|
A93E000
|
stack
|
page read and write
|
||
|
54AB000
|
stack
|
page read and write
|
||
|
74E2000
|
trusted library allocation
|
page read and write
|
||
|
7E3E000
|
stack
|
page read and write
|
||
|
11D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
51DE000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7380000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
7F0E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
79C2000
|
heap
|
page read and write
|
||
|
11E2000
|
trusted library allocation
|
page read and write
|
||
|
FE7000
|
heap
|
page read and write
|
||
|
5300000
|
heap
|
page execute and read and write
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library section
|
page readonly
|
||
|
592E000
|
stack
|
page read and write
|
||
|
4D7B000
|
stack
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
73D1000
|
trusted library allocation
|
page read and write
|
||
|
A6BE000
|
stack
|
page read and write
|
||
|
6FDF000
|
stack
|
page read and write
|
||
|
2CFC000
|
trusted library allocation
|
page read and write
|
||
|
79D5000
|
heap
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
79DA000
|
heap
|
page read and write
|
||
|
3CA9000
|
trusted library allocation
|
page read and write
|
||
|
51E1000
|
trusted library allocation
|
page read and write
|
||
|
7260000
|
trusted library section
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
unkown
|
page readonly
|
||
|
932000
|
unkown
|
page readonly
|
||
|
550E000
|
stack
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
7D70000
|
trusted library section
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
1731000
|
direct allocation
|
page execute and read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
11EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
174D000
|
direct allocation
|
page execute and read and write
|
||
|
1265000
|
trusted library allocation
|
page read and write
|
||
|
A6FD000
|
stack
|
page read and write
|
||
|
FC8000
|
heap
|
page read and write
|
||
|
A480000
|
trusted library allocation
|
page read and write
|
||
|
5373000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
7AC0000
|
trusted library section
|
page read and write
|
||
|
15AD000
|
direct allocation
|
page execute and read and write
|
||
|
51E6000
|
trusted library allocation
|
page read and write
|
||
|
9DC000
|
unkown
|
page readonly
|
||
|
119E000
|
stack
|
page read and write
|
||
|
F87000
|
heap
|
page read and write
|
||
|
11B4000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
102E000
|
heap
|
page read and write
|
||
|
161E000
|
direct allocation
|
page execute and read and write
|
||
|
A485000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page execute and read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
7270000
|
trusted library allocation
|
page read and write
|
||
|
71DF000
|
stack
|
page read and write
|
||
|
7250000
|
trusted library allocation
|
page read and write
|
||
|
F58000
|
heap
|
page read and write
|
||
|
FE1000
|
heap
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
A4DE000
|
stack
|
page read and write
|
||
|
79DE000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
2CFA000
|
trusted library allocation
|
page read and write
|
||
|
79E9000
|
heap
|
page read and write
|
||
|
11BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F3F000
|
stack
|
page read and write
|
||
|
51CB000
|
trusted library allocation
|
page read and write
|
||
|
19C0000
|
heap
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
70DE000
|
stack
|
page read and write
|
||
|
11E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
79BE000
|
stack
|
page read and write
|
||
|
18CF000
|
stack
|
page read and write
|
||
|
51C4000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
57BE000
|
heap
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
11DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5630000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1746000
|
direct allocation
|
page execute and read and write
|
||
|
79C0000
|
heap
|
page read and write
|
||
|
D77000
|
stack
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
4CA8000
|
trusted library allocation
|
page read and write
|
||
|
5352000
|
trusted library allocation
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
3CA1000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
17C8000
|
direct allocation
|
page execute and read and write
|
||
|
A7FE000
|
stack
|
page read and write
|
||
|
1240000
|
heap
|
page execute and read and write
|
||
|
A83E000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
A48F000
|
trusted library allocation
|
page read and write
|
There are 145 hidden memdumps, click here to show them.