Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CHARIKLIA JUNIOR DETAILS.pdf.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CHARIKLIA JUNIOR DETAILS.pdf.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cwsuu0sb.sq3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gqultexp.2j3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqsknafn.34x.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vrbdbnsw.yx3.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\CHARIKLIA JUNIOR DETAILS.pdf.scr.exe
|
"C:\Users\user\Desktop\CHARIKLIA JUNIOR DETAILS.pdf.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\CHARIKLIA
JUNIOR DETAILS.pdf.scr.exe"
|
|
|
|
C:\Users\user\Desktop\CHARIKLIA JUNIOR DETAILS.pdf.scr.exe
|
"C:\Users\user\Desktop\CHARIKLIA JUNIOR DETAILS.pdf.scr.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://tempuri.org/ianiDataSet1.xsd
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://beirutrest.com
|
unknown
|
||
|
http://tempuri.org/ianiDataSet2.xsdM
|
unknown
|
||
|
http://tempuri.org/ianiDataSet.xsd
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
beirutrest.com
|
50.87.144.157
|
||
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
50.87.144.157
|
beirutrest.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CHARIKLIA JUNIOR DETAILS_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
327C000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3D79000
|
trusted library allocation
|
page read and write
|
|
|
|
3251000
|
trusted library allocation
|
page read and write
|
|
|
|
5240000
|
heap
|
page execute and read and write
|
||
|
3181000
|
trusted library allocation
|
page read and write
|
||
|
3192000
|
trusted library allocation
|
page read and write
|
||
|
A98C000
|
stack
|
page read and write
|
||
|
5D70000
|
trusted library allocation
|
page read and write
|
||
|
6A12000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
5A0C000
|
stack
|
page read and write
|
||
|
7A46000
|
heap
|
page read and write
|
||
|
7140000
|
heap
|
page read and write
|
||
|
6D87000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
||
|
3276000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
708E000
|
stack
|
page read and write
|
||
|
5250000
|
trusted library section
|
page readonly
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5460000
|
trusted library section
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page read and write
|
||
|
2CB6000
|
trusted library allocation
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
A5CE000
|
stack
|
page read and write
|
||
|
71AD000
|
stack
|
page read and write
|
||
|
1127000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
5270000
|
heap
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
577C000
|
stack
|
page read and write
|
||
|
6DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B2000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
13E7000
|
heap
|
page read and write
|
||
|
70CE000
|
stack
|
page read and write
|
||
|
323F000
|
trusted library allocation
|
page read and write
|
||
|
1355000
|
heap
|
page read and write
|
||
|
14A7000
|
heap
|
page read and write
|
||
|
5D78000
|
trusted library allocation
|
page read and write
|
||
|
1483000
|
trusted library allocation
|
page execute and read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
7A50000
|
heap
|
page read and write
|
||
|
2E68000
|
trusted library allocation
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
2CC2000
|
trusted library allocation
|
page read and write
|
||
|
3201000
|
trusted library allocation
|
page read and write
|
||
|
7A52000
|
heap
|
page read and write
|
||
|
A84E000
|
stack
|
page read and write
|
||
|
111A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1328000
|
trusted library allocation
|
page read and write
|
||
|
3282000
|
trusted library allocation
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
F99000
|
stack
|
page read and write
|
||
|
12AD000
|
heap
|
page read and write
|
||
|
2DCA000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
112B000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
56BD000
|
stack
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
56E5000
|
heap
|
page read and write
|
||
|
110D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5283000
|
heap
|
page read and write
|
||
|
5D50000
|
heap
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
3186000
|
trusted library allocation
|
page read and write
|
||
|
F7C000
|
heap
|
page read and write
|
||
|
316B000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
328E000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
744F000
|
stack
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
3166000
|
trusted library allocation
|
page read and write
|
||
|
6D6E000
|
stack
|
page read and write
|
||
|
7A3F000
|
stack
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
7A81000
|
heap
|
page read and write
|
||
|
15CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10EE000
|
stack
|
page read and write
|
||
|
128A000
|
heap
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page execute and read and write
|
||
|
FAA000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
A4CE000
|
stack
|
page read and write
|
||
|
7A40000
|
heap
|
page read and write
|
||
|
2CBD000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
6DD0000
|
trusted library allocation
|
page read and write
|
||
|
73AF000
|
stack
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
3150000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
heap
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
1246000
|
heap
|
page read and write
|
||
|
A9B0000
|
trusted library allocation
|
page read and write
|
||
|
1122000
|
trusted library allocation
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
1484000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
1248000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
1116000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A44000
|
heap
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
A70E000
|
stack
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
F33000
|
heap
|
page read and write
|
||
|
676F000
|
stack
|
page read and write
|
||
|
57B0000
|
heap
|
page execute and read and write
|
||
|
148D000
|
trusted library allocation
|
page execute and read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
6EE0000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page execute and read and write
|
||
|
E9A000
|
stack
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
heap
|
page execute and read and write
|
||
|
15C2000
|
trusted library allocation
|
page read and write
|
||
|
3278000
|
trusted library allocation
|
page read and write
|
||
|
6A38000
|
heap
|
page read and write
|
||
|
4269000
|
trusted library allocation
|
page read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
3D71000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
6E8F000
|
stack
|
page read and write
|
||
|
69F0000
|
heap
|
page read and write
|
||
|
A9A0000
|
trusted library allocation
|
page read and write
|
||
|
57C3000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
3172000
|
trusted library allocation
|
page read and write
|
||
|
16B7000
|
heap
|
page read and write
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
523B000
|
stack
|
page read and write
|
||
|
A60E000
|
stack
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
A38E000
|
stack
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
2CAE000
|
trusted library allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
710E000
|
stack
|
page read and write
|
||
|
7450000
|
heap
|
page read and write
|
||
|
7230000
|
trusted library section
|
page read and write
|
||
|
1103000
|
trusted library allocation
|
page read and write
|
||
|
A74E000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
F25000
|
heap
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
149D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
EFE000
|
heap
|
page read and write
|
||
|
2C9B000
|
trusted library allocation
|
page read and write
|
||
|
7A58000
|
heap
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
15AF000
|
stack
|
page read and write
|
||
|
A48E000
|
stack
|
page read and write
|
||
|
316E000
|
trusted library allocation
|
page read and write
|
||
|
16AC000
|
stack
|
page read and write
|
||
|
A88C000
|
stack
|
page read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
15B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
15BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
12EB000
|
stack
|
page read and write
|
||
|
4229000
|
trusted library allocation
|
page read and write
|
||
|
6ED7000
|
trusted library allocation
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
A13E000
|
stack
|
page read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
4E6C000
|
stack
|
page read and write
|
||
|
2DD5000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
9AA000
|
stack
|
page read and write
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
820000
|
unkown
|
page readonly
|
||
|
166E000
|
stack
|
page read and write
|
||
|
FDF000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
4201000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
6D7D000
|
trusted library allocation
|
page read and write
|
||
|
F31000
|
heap
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
910000
|
unkown
|
page readonly
|
||
|
51B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
123A000
|
heap
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
A23E000
|
stack
|
page read and write
|
||
|
822000
|
unkown
|
page readonly
|
||
|
15C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
7A74000
|
heap
|
page read and write
|
||
|
74F2000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
318D000
|
trusted library allocation
|
page read and write
|
There are 241 hidden memdumps, click here to show them.