Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
vTHGfiwMDeoOH5a.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vTHGfiwMDeoOH5a.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cuza3cnf.3k0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mr1kh3f1.hqq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_scvnydfv.gi1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t0qllomw.uzq.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\vTHGfiwMDeoOH5a.exe
|
"C:\Users\user\Desktop\vTHGfiwMDeoOH5a.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\vTHGfiwMDeoOH5a.exe"
|
|
|
|
C:\Users\user\Desktop\vTHGfiwMDeoOH5a.exe
|
"C:\Users\user\Desktop\vTHGfiwMDeoOH5a.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 16 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
FF0000
|
direct allocation
|
page read and write
|
|
|
|
A29F000
|
stack
|
page read and write
|
||
|
127F000
|
stack
|
page read and write
|
||
|
A19D000
|
stack
|
page read and write
|
||
|
100D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
7A0F000
|
stack
|
page read and write
|
||
|
51FB000
|
trusted library allocation
|
page read and write
|
||
|
A63E000
|
stack
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
1026000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
50E4000
|
heap
|
page read and write
|
||
|
D68000
|
heap
|
page read and write
|
||
|
2E19000
|
trusted library allocation
|
page read and write
|
||
|
CAE000
|
stack
|
page read and write
|
||
|
680000
|
unkown
|
page readonly
|
||
|
30EA000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
A53E000
|
stack
|
page read and write
|
||
|
6D50000
|
trusted library allocation
|
page read and write
|
||
|
521D000
|
trusted library allocation
|
page read and write
|
||
|
30D9000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
7DA000
|
stack
|
page read and write
|
||
|
7500000
|
trusted library section
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
30CF000
|
trusted library allocation
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page read and write
|
||
|
30F3000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
A01E000
|
stack
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
2E05000
|
trusted library allocation
|
page read and write
|
||
|
2E6C000
|
trusted library allocation
|
page read and write
|
||
|
7590000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
1609000
|
direct allocation
|
page execute and read and write
|
||
|
73DC000
|
heap
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
A7BC000
|
stack
|
page read and write
|
||
|
2EBF000
|
trusted library allocation
|
page read and write
|
||
|
102A000
|
trusted library allocation
|
page execute and read and write
|
||
|
30FC000
|
trusted library allocation
|
page read and write
|
||
|
17A6000
|
direct allocation
|
page execute and read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
2F79000
|
trusted library allocation
|
page read and write
|
||
|
DDB000
|
heap
|
page read and write
|
||
|
303B000
|
trusted library allocation
|
page read and write
|
||
|
10A8000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AF1000
|
trusted library allocation
|
page read and write
|
||
|
2DDB000
|
trusted library allocation
|
page read and write
|
||
|
A15E000
|
stack
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
A8BC000
|
stack
|
page read and write
|
||
|
1037000
|
trusted library allocation
|
page execute and read and write
|
||
|
75A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
30B6000
|
trusted library allocation
|
page read and write
|
||
|
6D72000
|
trusted library allocation
|
page read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
30F8000
|
trusted library allocation
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5445000
|
heap
|
page read and write
|
||
|
2FB8000
|
trusted library allocation
|
page read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
A8D0000
|
trusted library allocation
|
page read and write
|
||
|
CFF000
|
heap
|
page read and write
|
||
|
1019000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
73FD000
|
heap
|
page read and write
|
||
|
1004000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
A4FF000
|
stack
|
page read and write
|
||
|
74B0000
|
trusted library allocation
|
page read and write
|
||
|
2B8A000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
A05D000
|
stack
|
page read and write
|
||
|
2F8E000
|
trusted library allocation
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
3D25000
|
trusted library allocation
|
page read and write
|
||
|
2F26000
|
trusted library allocation
|
page read and write
|
||
|
1828000
|
direct allocation
|
page execute and read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
103B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
1087000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
3AFD000
|
trusted library allocation
|
page read and write
|
||
|
7390000
|
trusted library section
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
1022000
|
trusted library allocation
|
page read and write
|
||
|
74C0000
|
trusted library allocation
|
page read and write
|
||
|
101D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AF9000
|
trusted library allocation
|
page read and write
|
||
|
2ED4000
|
trusted library allocation
|
page read and write
|
||
|
2FD4000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
30EF000
|
trusted library allocation
|
page read and write
|
||
|
2DB3000
|
trusted library allocation
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
137F000
|
stack
|
page read and write
|
||
|
30D5000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
trusted library section
|
page readonly
|
||
|
1035000
|
trusted library allocation
|
page execute and read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
A67E000
|
stack
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
2E43000
|
trusted library allocation
|
page read and write
|
||
|
2A4B000
|
stack
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
2B88000
|
trusted library allocation
|
page read and write
|
||
|
5222000
|
trusted library allocation
|
page read and write
|
||
|
160D000
|
direct allocation
|
page execute and read and write
|
||
|
527D000
|
trusted library allocation
|
page read and write
|
||
|
73C2000
|
heap
|
page read and write
|
||
|
715E000
|
heap
|
page read and write
|
||
|
5579000
|
heap
|
page read and write
|
||
|
53CC000
|
stack
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
5216000
|
trusted library allocation
|
page read and write
|
||
|
1032000
|
trusted library allocation
|
page read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
DA1000
|
heap
|
page read and write
|
||
|
2FE9000
|
trusted library allocation
|
page read and write
|
||
|
308D000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
trusted library allocation
|
page read and write
|
||
|
682000
|
unkown
|
page readonly
|
||
|
2E57000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
2FFD000
|
trusted library allocation
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
30CB000
|
trusted library allocation
|
page read and write
|
||
|
3012000
|
trusted library allocation
|
page read and write
|
||
|
30DD000
|
trusted library allocation
|
page read and write
|
||
|
A3FE000
|
stack
|
page read and write
|
||
|
1791000
|
direct allocation
|
page execute and read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
73BC000
|
heap
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
17AD000
|
direct allocation
|
page execute and read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
trusted library allocation
|
page read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E6000
|
trusted library allocation
|
page read and write
|
||
|
73B0000
|
heap
|
page read and write
|
||
|
2EE8000
|
trusted library allocation
|
page read and write
|
||
|
2F65000
|
trusted library allocation
|
page read and write
|
||
|
2F3B000
|
trusted library allocation
|
page read and write
|
||
|
5211000
|
trusted library allocation
|
page read and write
|
||
|
A77E000
|
stack
|
page read and write
|
||
|
5255000
|
trusted library allocation
|
page read and write
|
||
|
2F12000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EAA000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
direct allocation
|
page execute and read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
5060000
|
heap
|
page execute and read and write
|
||
|
2FCC000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
2EFD000
|
trusted library allocation
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
559E000
|
heap
|
page read and write
|
||
|
30E1000
|
trusted library allocation
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
2DC7000
|
trusted library allocation
|
page read and write
|
||
|
D23000
|
heap
|
page read and write
|
||
|
2FA3000
|
trusted library allocation
|
page read and write
|
||
|
4BEC000
|
stack
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
167E000
|
direct allocation
|
page execute and read and write
|
||
|
2E95000
|
trusted library allocation
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
3CCA000
|
trusted library allocation
|
page read and write
|
||
|
5063000
|
heap
|
page execute and read and write
|
||
|
D7B000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page execute and read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1003000
|
trusted library allocation
|
page execute and read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
D15000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page execute and read and write
|
||
|
5240000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
3079000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
7150000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
DAB000
|
heap
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
There are 208 hidden memdumps, click here to show them.