Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MV BBG MUARA Ship's Particulars.pdf.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MV BBG MUARA Ship's Particulars.pdf.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11lz2jrg.ahb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhln2n40.zeh.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
|
"C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG
MUARA Ship's Particulars.pdf.scr.exe"
|
|
|
|
C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
|
"C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://tempuri.org/ianiDataSet2.xsdM
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://tempuri.org/ianiDataSet.xsd
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://tempuri.org/ianiDataSet1.xsd
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
http://www.sakkal.comhs
|
unknown
|
||
|
http://beirutrest.com
|
unknown
|
||
|
http://crl.micros
|
unknown
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
beirutrest.com
|
50.87.144.157
|
||
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.12.205
|
api.ipify.org
|
United States
|
||
|
50.87.144.157
|
beirutrest.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MV BBG MUARA Ship's Particulars_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2D5C000
|
trusted library allocation
|
page read and write
|
|
|
|
3569000
|
trusted library allocation
|
page read and write
|
|
|
|
1267000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
727000
|
trusted library allocation
|
page execute and read and write
|
||
|
7187000
|
heap
|
page read and write
|
||
|
6C3F000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
3D09000
|
trusted library allocation
|
page read and write
|
||
|
2D21000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
FC5000
|
heap
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page read and write
|
||
|
6890000
|
trusted library allocation
|
page read and write
|
||
|
32000
|
unkown
|
page readonly
|
||
|
25C5000
|
trusted library allocation
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
78E000
|
stack
|
page read and write
|
||
|
FC7000
|
heap
|
page read and write
|
||
|
2D17000
|
trusted library allocation
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
BAB000
|
stack
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
24E5000
|
trusted library allocation
|
page read and write
|
||
|
2D2D000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
49B2000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
F50000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library section
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
FBA000
|
heap
|
page read and write
|
||
|
996E000
|
stack
|
page read and write
|
||
|
521E000
|
trusted library allocation
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
3CE1000
|
trusted library allocation
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
7F2000
|
heap
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
5222000
|
trusted library allocation
|
page read and write
|
||
|
5BD000
|
stack
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
687F000
|
stack
|
page read and write
|
||
|
6BEE000
|
stack
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page read and write
|
||
|
465C000
|
stack
|
page read and write
|
||
|
70D000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F2E000
|
stack
|
page read and write
|
||
|
1073000
|
heap
|
page read and write
|
||
|
4A30000
|
heap
|
page execute and read and write
|
||
|
2D6E000
|
trusted library allocation
|
page read and write
|
||
|
63C0000
|
heap
|
page read and write
|
||
|
1262000
|
trusted library allocation
|
page read and write
|
||
|
FCB000
|
heap
|
page read and write
|
||
|
2D58000
|
trusted library allocation
|
page read and write
|
||
|
69F7000
|
trusted library allocation
|
page read and write
|
||
|
68A7000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
581E000
|
stack
|
page read and write
|
||
|
5216000
|
trusted library allocation
|
page read and write
|
||
|
677E000
|
stack
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
9A6E000
|
stack
|
page read and write
|
||
|
70F0000
|
trusted library section
|
page read and write
|
||
|
722000
|
trusted library allocation
|
page read and write
|
||
|
68ED000
|
stack
|
page read and write
|
||
|
1043000
|
heap
|
page read and write
|
||
|
F82000
|
trusted library allocation
|
page read and write
|
||
|
522A000
|
trusted library allocation
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
6FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
641A000
|
heap
|
page read and write
|
||
|
52BC000
|
stack
|
page read and write
|
||
|
3561000
|
trusted library allocation
|
page read and write
|
||
|
66B2000
|
trusted library allocation
|
page read and write
|
||
|
71C7000
|
heap
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
A1D0000
|
trusted library allocation
|
page read and write
|
||
|
5242000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
673E000
|
stack
|
page read and write
|
||
|
2CCC000
|
stack
|
page read and write
|
||
|
6C60000
|
heap
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page execute and read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
25C3000
|
trusted library allocation
|
page read and write
|
||
|
663E000
|
stack
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
9DEE000
|
stack
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
F64000
|
trusted library allocation
|
page read and write
|
||
|
571C000
|
stack
|
page read and write
|
||
|
4A05000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
6C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D0000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
12E7000
|
heap
|
page read and write
|
||
|
A1C0000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page execute and read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
521B000
|
trusted library allocation
|
page read and write
|
||
|
A0AC000
|
stack
|
page read and write
|
||
|
71A2000
|
heap
|
page read and write
|
||
|
9E2E000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
2D62000
|
trusted library allocation
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
523D000
|
trusted library allocation
|
page read and write
|
||
|
3D47000
|
trusted library allocation
|
page read and write
|
||
|
1024000
|
heap
|
page read and write
|
||
|
866000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
24B6000
|
trusted library allocation
|
page read and write
|
||
|
9F6E000
|
stack
|
page read and write
|
||
|
F6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
4ECE000
|
heap
|
page read and write
|
||
|
F7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2561000
|
trusted library allocation
|
page read and write
|
||
|
24C2000
|
trusted library allocation
|
page read and write
|
||
|
6900000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D3000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
1BA000
|
stack
|
page read and write
|
||
|
F86000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF9000
|
stack
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
24BD000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
trusted library allocation
|
page read and write
|
||
|
68F0000
|
trusted library allocation
|
page read and write
|
||
|
716000
|
trusted library allocation
|
page execute and read and write
|
||
|
249B000
|
trusted library allocation
|
page read and write
|
||
|
703000
|
trusted library allocation
|
page read and write
|
||
|
72B000
|
trusted library allocation
|
page execute and read and write
|
||
|
617D000
|
stack
|
page read and write
|
||
|
522E000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
2D56000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
6FDE000
|
stack
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
24E0000
|
trusted library allocation
|
page read and write
|
||
|
1035000
|
heap
|
page read and write
|
||
|
718F000
|
heap
|
page read and write
|
||
|
5231000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
7C8000
|
heap
|
page read and write
|
||
|
6F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B23000
|
heap
|
page read and write
|
||
|
A06E000
|
stack
|
page read and write
|
||
|
1039000
|
heap
|
page read and write
|
||
|
4B1B000
|
stack
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
24B1000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
AB8000
|
trusted library allocation
|
page read and write
|
||
|
F8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
24AE000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
4F9E000
|
heap
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
A1AC000
|
stack
|
page read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
68A0000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
4CE8000
|
trusted library allocation
|
page read and write
|
||
|
4A20000
|
trusted library section
|
page readonly
|
||
|
700000
|
trusted library allocation
|
page read and write
|
||
|
7CF000
|
heap
|
page read and write
|
||
|
24F0000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
heap
|
page read and write
|
||
|
2CE1000
|
trusted library allocation
|
page read and write
|
||
|
2D5A000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
heap
|
page execute and read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
5254000
|
trusted library allocation
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
9CEE000
|
stack
|
page read and write
|
||
|
69F0000
|
trusted library allocation
|
page read and write
|
||
|
6880000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
heap
|
page read and write
|
||
|
710000
|
trusted library allocation
|
page read and write
|
||
|
8A5000
|
heap
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F0000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page execute and read and write
|
||
|
1265000
|
trusted library allocation
|
page execute and read and write
|
||
|
25BA000
|
trusted library allocation
|
page read and write
|
||
|
126B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
7FCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
F63000
|
trusted library allocation
|
page execute and read and write
|
||
|
49F0000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
BE7000
|
heap
|
page read and write
|
||
|
6F4000
|
trusted library allocation
|
page read and write
|
||
|
5236000
|
trusted library allocation
|
page read and write
|
||
|
689D000
|
trusted library allocation
|
page read and write
|
||
|
6888000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page read and write
|
||
|
248E000
|
stack
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
9B6E000
|
stack
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
AFA000
|
stack
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
6ED0000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
2510000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
heap
|
page execute and read and write
|
||
|
627E000
|
stack
|
page read and write
|
||
|
2D1F000
|
trusted library allocation
|
page read and write
|
||
|
71A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E8D000
|
stack
|
page read and write
|
||
|
6F5E000
|
stack
|
page read and write
|
There are 251 hidden memdumps, click here to show them.