Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO234400.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO234400.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5m1c2nii.nam.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a05r2hnr.pls.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fp35rzaj.cbr.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hdyvhbvf.dsv.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO234400.exe
|
C:\Users\user\Desktop\PO234400.exe
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO234400.exe
|
|
|
|
C:\Users\user\Desktop\PO234400.exe
|
C:\Users\user\Desktop\PO234400.exe
|
|
|
|
C:\Users\user\Desktop\PO234400.exe
|
C:\Users\user\Desktop\PO234400.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mbarieservicesltd.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
||
|
http://mail.mbarieservicesltd.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mbarieservicesltd.com
|
199.79.62.115
|
|
|
|
mail.mbarieservicesltd.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.79.62.115
|
mbarieservicesltd.com
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31D1000
|
trusted library allocation
|
page read and write
|
|
|
|
322A000
|
trusted library allocation
|
page read and write
|
|
|
|
40EE000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
18D0000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
55BB000
|
stack
|
page read and write
|
||
|
15C0000
|
trusted library allocation
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
2F57000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
A2FE000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
6810000
|
heap
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
2EF0000
|
trusted library allocation
|
page read and write
|
||
|
5C5F000
|
stack
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
14DD000
|
heap
|
page read and write
|
||
|
100D000
|
trusted library allocation
|
page execute and read and write
|
||
|
101A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A62000
|
unkown
|
page readonly
|
||
|
5FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1047000
|
heap
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
129C000
|
stack
|
page read and write
|
||
|
5E00000
|
trusted library allocation
|
page read and write
|
||
|
500C000
|
stack
|
page read and write
|
||
|
A6FE000
|
stack
|
page read and write
|
||
|
F8A000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
A83E000
|
stack
|
page read and write
|
||
|
56B6000
|
trusted library allocation
|
page read and write
|
||
|
3FB5000
|
trusted library allocation
|
page read and write
|
||
|
1016000
|
trusted library allocation
|
page execute and read and write
|
||
|
6010000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
2E9E000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
15B2000
|
trusted library allocation
|
page read and write
|
||
|
56BB000
|
trusted library allocation
|
page read and write
|
||
|
6B5C000
|
trusted library allocation
|
page read and write
|
||
|
75C0000
|
trusted library section
|
page read and write
|
||
|
A60000
|
unkown
|
page readonly
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
681E000
|
heap
|
page read and write
|
||
|
1012000
|
trusted library allocation
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
58CD000
|
stack
|
page read and write
|
||
|
56BE000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
51D8000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF7000
|
stack
|
page read and write
|
||
|
102E000
|
heap
|
page read and write
|
||
|
1028000
|
heap
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
2FBC000
|
stack
|
page read and write
|
||
|
2EB2000
|
trusted library allocation
|
page read and write
|
||
|
ACCE000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
6829000
|
heap
|
page read and write
|
||
|
1593000
|
trusted library allocation
|
page execute and read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
15C2000
|
trusted library allocation
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
7F850000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
6817000
|
heap
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
5DE0000
|
trusted library allocation
|
page read and write
|
||
|
15C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
11FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
172F000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
10D9000
|
heap
|
page read and write
|
||
|
41D9000
|
trusted library allocation
|
page read and write
|
||
|
5853000
|
heap
|
page read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
ABC2000
|
trusted library allocation
|
page read and write
|
||
|
56D6000
|
trusted library allocation
|
page read and write
|
||
|
56E2000
|
trusted library allocation
|
page read and write
|
||
|
6937000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
13EE000
|
stack
|
page read and write
|
||
|
11F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
42C000
|
remote allocation
|
page execute and read and write
|
||
|
7330000
|
trusted library allocation
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
3238000
|
trusted library allocation
|
page read and write
|
||
|
5A5F000
|
stack
|
page read and write
|
||
|
55D0000
|
trusted library section
|
page readonly
|
||
|
7732000
|
trusted library allocation
|
page read and write
|
||
|
15AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
6B68000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page execute and read and write
|
||
|
15BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FEE000
|
stack
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
7236000
|
heap
|
page read and write
|
||
|
55C0000
|
heap
|
page execute and read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
3F19000
|
trusted library allocation
|
page read and write
|
||
|
8B37000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
5EB0000
|
heap
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
6990000
|
heap
|
page read and write
|
||
|
A33E000
|
stack
|
page read and write
|
||
|
1590000
|
trusted library allocation
|
page read and write
|
||
|
6B6B000
|
trusted library allocation
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
7254000
|
heap
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
6B84000
|
trusted library allocation
|
page read and write
|
||
|
56D1000
|
trusted library allocation
|
page read and write
|
||
|
A97E000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
6985000
|
trusted library allocation
|
page read and write
|
||
|
2FC0000
|
heap
|
page execute and read and write
|
||
|
6C50000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
A6BF000
|
stack
|
page read and write
|
||
|
2EE3000
|
heap
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9A000
|
stack
|
page read and write
|
||
|
584D000
|
stack
|
page read and write
|
||
|
2F11000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
A100000
|
heap
|
page read and write
|
||
|
5392000
|
trusted library allocation
|
page read and write
|
||
|
7262000
|
heap
|
page read and write
|
||
|
18D4000
|
trusted library allocation
|
page read and write
|
||
|
2E65000
|
trusted library allocation
|
page read and write
|
||
|
11F2000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
6020000
|
heap
|
page read and write
|
||
|
A93F000
|
stack
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
580E000
|
stack
|
page read and write
|
||
|
8DBF000
|
stack
|
page read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
2EA1000
|
trusted library allocation
|
page read and write
|
||
|
56CA000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
3F67000
|
trusted library allocation
|
page read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
41D1000
|
trusted library allocation
|
page read and write
|
||
|
6930000
|
trusted library allocation
|
page read and write
|
||
|
7230000
|
heap
|
page read and write
|
||
|
6980000
|
trusted library allocation
|
page read and write
|
||
|
574C000
|
stack
|
page read and write
|
||
|
723B000
|
heap
|
page read and write
|
||
|
56CE000
|
trusted library allocation
|
page read and write
|
||
|
2F7A000
|
trusted library allocation
|
page read and write
|
||
|
AABB000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
595C000
|
stack
|
page read and write
|
||
|
1458000
|
heap
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page execute and read and write
|
||
|
159D000
|
trusted library allocation
|
page execute and read and write
|
||
|
15CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
105F000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
14EF000
|
heap
|
page read and write
|
||
|
1594000
|
trusted library allocation
|
page read and write
|
||
|
A5BE000
|
stack
|
page read and write
|
||
|
FE5000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
A43E000
|
stack
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
1486000
|
heap
|
page read and write
|
||
|
5B5F000
|
stack
|
page read and write
|
||
|
56DD000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
14D9000
|
heap
|
page read and write
|
||
|
103F000
|
heap
|
page read and write
|
||
|
2E8B000
|
trusted library allocation
|
page read and write
|
||
|
6C3D000
|
stack
|
page read and write
|
||
|
6B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA7F000
|
stack
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
2EA6000
|
trusted library allocation
|
page read and write
|
||
|
A7FF000
|
stack
|
page read and write
|
||
|
15B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C2000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F11000
|
trusted library allocation
|
page read and write
|
||
|
ABBC000
|
stack
|
page read and write
|
||
|
ABC0000
|
trusted library allocation
|
page read and write
|
||
|
6B66000
|
trusted library allocation
|
page read and write
|
||
|
1062000
|
heap
|
page read and write
|
||
|
2F7C000
|
trusted library allocation
|
page read and write
|
||
|
6025000
|
heap
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
2E84000
|
trusted library allocation
|
page read and write
|
||
|
FF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
heap
|
page execute and read and write
|
||
|
7B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EC0000
|
heap
|
page read and write
|
||
|
58E0000
|
trusted library section
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
18C0000
|
trusted library allocation
|
page read and write
|
||
|
4003000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
14C9000
|
heap
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
FF4000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
536D000
|
stack
|
page read and write
|
||
|
2EAD000
|
trusted library allocation
|
page read and write
|
||
|
6000000
|
trusted library section
|
page read and write
|
There are 238 hidden memdumps, click here to show them.