Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
order2024-10-07_174915.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\order2024-10-07_174915.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2bsto2j.4xi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dj4jfjyi.yis.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gtxryest.zrn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqwlcwdx.z15.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\order2024-10-07_174915.exe
|
"C:\Users\user\Desktop\order2024-10-07_174915.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\order2024-10-07_174915.exe"
|
|
|
|
C:\Users\user\Desktop\order2024-10-07_174915.exe
|
"C:\Users\user\Desktop\order2024-10-07_174915.exe"
|
|
|
|
C:\Users\user\Desktop\order2024-10-07_174915.exe
|
"C:\Users\user\Desktop\order2024-10-07_174915.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.mbarieservicesltd.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.mbarieservicesltd.com
|
199.79.62.115
|
|
|
|
18.31.95.13.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.79.62.115
|
mail.mbarieservicesltd.com
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E21000
|
trusted library allocation
|
page read and write
|
|
|
|
42E9000
|
trusted library allocation
|
page read and write
|
|
|
|
450D000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2E7A000
|
trusted library allocation
|
page read and write
|
|
|
|
5900000
|
trusted library allocation
|
page execute and read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
57DE000
|
stack
|
page read and write
|
||
|
64C0000
|
trusted library allocation
|
page read and write
|
||
|
AE3C000
|
stack
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
61FE000
|
stack
|
page read and write
|
||
|
152B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3727000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
5CC0000
|
heap
|
page read and write
|
||
|
359F000
|
trusted library allocation
|
page read and write
|
||
|
17FE000
|
stack
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
1516000
|
trusted library allocation
|
page execute and read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
2C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
8020000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
5930000
|
trusted library section
|
page readonly
|
||
|
14FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page execute and read and write
|
||
|
5804000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
heap
|
page execute and read and write
|
||
|
2C22000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
378F000
|
trusted library allocation
|
page read and write
|
||
|
358A000
|
trusted library allocation
|
page read and write
|
||
|
5322000
|
trusted library allocation
|
page read and write
|
||
|
1A00000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
79E0000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
35F1000
|
trusted library allocation
|
page read and write
|
||
|
74311000
|
unkown
|
page execute read
|
||
|
74326000
|
unkown
|
page readonly
|
||
|
19FE000
|
stack
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
6470000
|
trusted library allocation
|
page read and write
|
||
|
3E29000
|
trusted library allocation
|
page read and write
|
||
|
55DC000
|
stack
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
1574000
|
heap
|
page read and write
|
||
|
5CBD000
|
stack
|
page read and write
|
||
|
581E000
|
trusted library allocation
|
page read and write
|
||
|
801E000
|
stack
|
page read and write
|
||
|
3820000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
heap
|
page read and write
|
||
|
7F1E000
|
stack
|
page read and write
|
||
|
3835000
|
trusted library allocation
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
151A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3891000
|
trusted library allocation
|
page read and write
|
||
|
7AA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8045000
|
heap
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
2C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5316000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
ABFE000
|
stack
|
page read and write
|
||
|
2E10000
|
heap
|
page execute and read and write
|
||
|
16E5000
|
trusted library allocation
|
page read and write
|
||
|
1018000
|
heap
|
page read and write
|
||
|
532E000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
5354000
|
trusted library allocation
|
page read and write
|
||
|
124D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
5336000
|
trusted library allocation
|
page read and write
|
||
|
7432D000
|
unkown
|
page read and write
|
||
|
7AEE000
|
stack
|
page read and write
|
||
|
3644000
|
trusted library allocation
|
page read and write
|
||
|
5BBB000
|
stack
|
page read and write
|
||
|
42E1000
|
trusted library allocation
|
page read and write
|
||
|
1579000
|
heap
|
page read and write
|
||
|
53BC000
|
stack
|
page read and write
|
||
|
5342000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
1503000
|
trusted library allocation
|
page read and write
|
||
|
37B8000
|
trusted library allocation
|
page read and write
|
||
|
ACFE000
|
stack
|
page read and write
|
||
|
35DD000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
heap
|
page read and write
|
||
|
1527000
|
trusted library allocation
|
page execute and read and write
|
||
|
8120000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
37F6000
|
trusted library allocation
|
page read and write
|
||
|
7432F000
|
unkown
|
page readonly
|
||
|
163C000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
6590000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
5331000
|
trusted library allocation
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
1512000
|
trusted library allocation
|
page read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
2C35000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
E62000
|
unkown
|
page readonly
|
||
|
2E88000
|
trusted library allocation
|
page read and write
|
||
|
380B000
|
trusted library allocation
|
page read and write
|
||
|
366D000
|
trusted library allocation
|
page read and write
|
||
|
3765000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
6594000
|
trusted library allocation
|
page read and write
|
||
|
7FDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
36E9000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
804D000
|
heap
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
36FE000
|
trusted library allocation
|
page read and write
|
||
|
8024000
|
heap
|
page read and write
|
||
|
6447000
|
trusted library allocation
|
page read and write
|
||
|
1244000
|
trusted library allocation
|
page read and write
|
||
|
3899000
|
trusted library allocation
|
page read and write
|
||
|
74EE000
|
heap
|
page read and write
|
||
|
6377000
|
heap
|
page read and write
|
||
|
1584000
|
heap
|
page read and write
|
||
|
44B2000
|
trusted library allocation
|
page read and write
|
||
|
7D7E000
|
stack
|
page read and write
|
||
|
4FBD000
|
stack
|
page read and write
|
||
|
5CEE000
|
heap
|
page read and write
|
||
|
3658000
|
trusted library allocation
|
page read and write
|
||
|
35B3000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
64E7000
|
trusted library allocation
|
page read and write
|
||
|
3575000
|
trusted library allocation
|
page read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
37CD000
|
trusted library allocation
|
page read and write
|
||
|
63AC000
|
heap
|
page read and write
|
||
|
AABE000
|
stack
|
page read and write
|
||
|
3538000
|
trusted library allocation
|
page read and write
|
||
|
373C000
|
trusted library allocation
|
page read and write
|
||
|
7602000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
1A27000
|
heap
|
page read and write
|
||
|
53D3000
|
heap
|
page read and write
|
||
|
1582000
|
heap
|
page read and write
|
||
|
582D000
|
trusted library allocation
|
page read and write
|
||
|
34FC000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
531B000
|
trusted library allocation
|
page read and write
|
||
|
5826000
|
trusted library allocation
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page read and write
|
||
|
F8A000
|
stack
|
page read and write
|
||
|
64C5000
|
trusted library allocation
|
page read and write
|
||
|
7AF0000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
361A000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
1522000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
heap
|
page execute and read and write
|
||
|
18FE000
|
stack
|
page read and write
|
||
|
AD3C000
|
stack
|
page read and write
|
||
|
36AB000
|
trusted library allocation
|
page read and write
|
||
|
533D000
|
trusted library allocation
|
page read and write
|
||
|
65DD000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
heap
|
page read and write
|
||
|
532A000
|
trusted library allocation
|
page read and write
|
||
|
7FDF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
64B0000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
5F00000
|
trusted library section
|
page read and write
|
||
|
3523000
|
trusted library allocation
|
page read and write
|
||
|
54BC000
|
stack
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
A97E000
|
stack
|
page read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
531E000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
3E21000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
A640000
|
heap
|
page read and write
|
||
|
4E28000
|
trusted library allocation
|
page read and write
|
||
|
3897000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
5892000
|
trusted library allocation
|
page read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
52E8000
|
trusted library allocation
|
page read and write
|
||
|
61BD000
|
stack
|
page read and write
|
||
|
1046000
|
heap
|
page read and write
|
||
|
3894000
|
trusted library allocation
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
37E2000
|
trusted library allocation
|
page read and write
|
||
|
6480000
|
trusted library allocation
|
page execute and read and write
|
||
|
388D000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
6345000
|
heap
|
page read and write
|
||
|
2C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
5973000
|
heap
|
page read and write
|
||
|
7A60000
|
trusted library allocation
|
page read and write
|
||
|
10A1000
|
heap
|
page read and write
|
||
|
3561000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page read and write
|
||
|
580B000
|
trusted library allocation
|
page read and write
|
||
|
3682000
|
trusted library allocation
|
page read and write
|
||
|
6600000
|
heap
|
page read and write
|
||
|
64E0000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
362F000
|
trusted library allocation
|
page read and write
|
||
|
350E000
|
trusted library allocation
|
page read and write
|
||
|
74310000
|
unkown
|
page readonly
|
||
|
36D4000
|
trusted library allocation
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
1243000
|
trusted library allocation
|
page execute and read and write
|
||
|
5970000
|
heap
|
page read and write
|
||
|
377A000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
74E0000
|
heap
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
AF7E000
|
stack
|
page read and write
|
||
|
3849000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
79F0000
|
trusted library section
|
page read and write
|
||
|
3878000
|
trusted library allocation
|
page read and write
|
||
|
37A3000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7432D000
|
unkown
|
page read and write
|
||
|
7A69000
|
trusted library allocation
|
page read and write
|
||
|
3696000
|
trusted library allocation
|
page read and write
|
||
|
3606000
|
trusted library allocation
|
page read and write
|
||
|
3712000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
ABBF000
|
stack
|
page read and write
|
||
|
A83E000
|
stack
|
page read and write
|
||
|
53BB000
|
stack
|
page read and write
|
||
|
354C000
|
trusted library allocation
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
58A0000
|
heap
|
page execute and read and write
|
||
|
6350000
|
heap
|
page read and write
|
||
|
AA7E000
|
stack
|
page read and write
|
||
|
2C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5925000
|
heap
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
65C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5821000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
58DE000
|
stack
|
page read and write
|
||
|
AE7E000
|
stack
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
64E9000
|
trusted library allocation
|
page read and write
|
||
|
35C8000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
6368000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
14F4000
|
trusted library allocation
|
page read and write
|
||
|
3864000
|
trusted library allocation
|
page read and write
|
||
|
32E1000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
385E000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
6440000
|
trusted library allocation
|
page read and write
|
||
|
2DFC000
|
stack
|
page read and write
|
||
|
A93E000
|
stack
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
673E000
|
stack
|
page read and write
|
||
|
1043000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
7A70000
|
trusted library allocation
|
page read and write
|
||
|
64EC000
|
trusted library allocation
|
page read and write
|
||
|
634B000
|
heap
|
page read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
2C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
F39000
|
stack
|
page read and write
|
There are 281 hidden memdumps, click here to show them.