Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4i05ubpq.vs3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2zn5tjr.ay5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b35f5gue.kwz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pej3cim4.311.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe
|
"C:\Users\user\Desktop\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe"
|
|
|
|
C:\Users\user\Desktop\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe
|
"C:\Users\user\Desktop\GLOWINGSEA_RFQ_1105-12-24-3077-103-AUX.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://zqamcx.com
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://r11.o.lencr.org0#
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://r11.i.lencr.org/0#
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
zqamcx.com
|
78.110.166.82
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
78.110.166.82
|
zqamcx.com
|
United Kingdom
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F21000
|
trusted library allocation
|
page read and write
|
|
|
|
35B1000
|
trusted library allocation
|
page read and write
|
|
|
|
6820000
|
trusted library section
|
page read and write
|
|
|
|
2F98000
|
trusted library allocation
|
page read and write
|
|
|
|
2F6E000
|
trusted library allocation
|
page read and write
|
|
|
|
B2F000
|
stack
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
C9A000
|
stack
|
page read and write
|
||
|
11D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C78000
|
trusted library allocation
|
page read and write
|
||
|
4D3B000
|
stack
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
53D6000
|
trusted library allocation
|
page read and write
|
||
|
6D92000
|
trusted library allocation
|
page read and write
|
||
|
4AF0000
|
heap
|
page read and write
|
||
|
B5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5C000
|
stack
|
page read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
2F9000
|
stack
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
3195000
|
trusted library allocation
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
6CD0000
|
heap
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
319F000
|
trusted library allocation
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
12DD000
|
heap
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
B62000
|
trusted library allocation
|
page read and write
|
||
|
2E48000
|
trusted library allocation
|
page read and write
|
||
|
1B2000
|
unkown
|
page readonly
|
||
|
1202000
|
trusted library allocation
|
page read and write
|
||
|
1207000
|
trusted library allocation
|
page execute and read and write
|
||
|
53DD000
|
trusted library allocation
|
page read and write
|
||
|
B3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FC5000
|
heap
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
4A56000
|
trusted library allocation
|
page read and write
|
||
|
69EF000
|
stack
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A20000
|
trusted library allocation
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
667E000
|
heap
|
page read and write
|
||
|
B33000
|
trusted library allocation
|
page execute and read and write
|
||
|
1259000
|
heap
|
page read and write
|
||
|
B56000
|
trusted library allocation
|
page execute and read and write
|
||
|
63E0000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
317D000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
63E8000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
6A2E000
|
stack
|
page read and write
|
||
|
A45C000
|
stack
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
53BE000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
4A4E000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
5473000
|
heap
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
120B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CC0000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1304000
|
heap
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page read and write
|
||
|
9C1E000
|
stack
|
page read and write
|
||
|
12A7000
|
heap
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
B34000
|
trusted library allocation
|
page read and write
|
||
|
73F000
|
heap
|
page read and write
|
||
|
9D20000
|
heap
|
page read and write
|
||
|
741000
|
heap
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
3F7000
|
stack
|
page read and write
|
||
|
57BC000
|
stack
|
page read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
4AD0000
|
heap
|
page execute and read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1311000
|
heap
|
page read and write
|
||
|
53CA000
|
trusted library allocation
|
page read and write
|
||
|
124E000
|
heap
|
page read and write
|
||
|
4A75000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
45EC000
|
stack
|
page read and write
|
||
|
3179000
|
trusted library allocation
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
D99000
|
stack
|
page read and write
|
||
|
3F49000
|
trusted library allocation
|
page read and write
|
||
|
4A3B000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
24EF000
|
stack
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
264000
|
unkown
|
page readonly
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
A31F000
|
stack
|
page read and write
|
||
|
53D1000
|
trusted library allocation
|
page read and write
|
||
|
A470000
|
trusted library allocation
|
page execute and read and write
|
||
|
1205000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
4A62000
|
trusted library allocation
|
page read and write
|
||
|
6A26000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page execute and read and write
|
||
|
7F930000
|
trusted library allocation
|
page execute and read and write
|
||
|
B67000
|
trusted library allocation
|
page execute and read and write
|
||
|
6436000
|
trusted library allocation
|
page read and write
|
||
|
3F88000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
9B1E000
|
stack
|
page read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
1263000
|
heap
|
page read and write
|
||
|
4A34000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
trusted library allocation
|
page read and write
|
||
|
11DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
546C000
|
stack
|
page read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
69C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
A0DE000
|
stack
|
page read and write
|
||
|
11ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BF000
|
heap
|
page read and write
|
||
|
B30000
|
trusted library allocation
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
6440000
|
trusted library allocation
|
page execute and read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
7310000
|
heap
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
3F21000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
B6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
A09F000
|
stack
|
page read and write
|
||
|
69B0000
|
trusted library allocation
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
25B1000
|
trusted library allocation
|
page read and write
|
||
|
6C6E000
|
stack
|
page read and write
|
||
|
11FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
25F6000
|
trusted library allocation
|
page read and write
|
||
|
9D1E000
|
stack
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
6690000
|
heap
|
page read and write
|
||
|
652F000
|
stack
|
page read and write
|
||
|
3112000
|
trusted library allocation
|
page read and write
|
||
|
9F9E000
|
stack
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
2FA9000
|
trusted library allocation
|
page read and write
|
||
|
53CE000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
B4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C70000
|
trusted library allocation
|
page read and write
|
||
|
7280000
|
trusted library section
|
page read and write
|
||
|
7358000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
11F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D4000
|
trusted library allocation
|
page read and write
|
||
|
641C000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page execute and read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
53F4000
|
trusted library allocation
|
page read and write
|
||
|
6C0D000
|
stack
|
page read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
698F000
|
stack
|
page read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
A21E000
|
stack
|
page read and write
|
||
|
5410000
|
heap
|
page execute and read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
6630000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
53C2000
|
trusted library allocation
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
unkown
|
page readonly
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
53B6000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
40B5000
|
trusted library allocation
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
24F8000
|
trusted library allocation
|
page read and write
|
||
|
31A5000
|
trusted library allocation
|
page read and write
|
||
|
4A5D000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
696D000
|
stack
|
page read and write
|
||
|
53E2000
|
trusted library allocation
|
page read and write
|
||
|
6CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
46EC000
|
stack
|
page read and write
|
||
|
B52000
|
trusted library allocation
|
page read and write
|
||
|
4A51000
|
trusted library allocation
|
page read and write
|
||
|
1266000
|
heap
|
page read and write
|
||
|
2F85000
|
trusted library allocation
|
page read and write
|
||
|
53BB000
|
trusted library allocation
|
page read and write
|
||
|
2F76000
|
trusted library allocation
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
688E000
|
stack
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
6659000
|
heap
|
page read and write
|
||
|
2F94000
|
trusted library allocation
|
page read and write
|
||
|
4D40000
|
trusted library section
|
page readonly
|
||
|
6840000
|
trusted library allocation
|
page read and write
|
||
|
11F2000
|
trusted library allocation
|
page read and write
|
||
|
31A1000
|
trusted library allocation
|
page read and write
|
||
|
735E000
|
heap
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1DE000
|
stack
|
page read and write
|
||
|
313C000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
7F6D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A0000
|
heap
|
page execute and read and write
|
||
|
4F1D000
|
stack
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
2F88000
|
trusted library allocation
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
4CA2000
|
trusted library allocation
|
page read and write
|
||
|
A35C000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
C33000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
There are 249 hidden memdumps, click here to show them.