Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QUOTATION_MARQTRA031244#U00faPDF.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION_MARQTRA031244#U00faPDF.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe
|
"C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://github.com/mgravell/protobuf-net
|
unknown
|
||
|
http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
|
unknown
|
||
|
https://github.com/mgravell/protobuf-neti
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://github.com/mgravell/protobuf-netJ
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\aspnet_compiler_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5690000
|
trusted library section
|
page read and write
|
|
|
|
40A5000
|
trusted library allocation
|
page read and write
|
|
|
|
5280000
|
trusted library section
|
page read and write
|
|
|
|
65C1000
|
trusted library allocation
|
page read and write
|
|
|
|
2CC7000
|
trusted library allocation
|
page read and write
|
|
|
|
46F6000
|
trusted library allocation
|
page read and write
|
|
|
|
552000
|
remote allocation
|
page execute and read and write
|
|
|
|
28C1000
|
trusted library allocation
|
page read and write
|
|
|
|
2A43000
|
trusted library allocation
|
page read and write
|
|
|
|
26CE000
|
stack
|
page read and write
|
||
|
2630000
|
trusted library allocation
|
page read and write
|
||
|
550000
|
remote allocation
|
page execute and read and write
|
||
|
2CA7000
|
trusted library allocation
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
2C8C000
|
trusted library allocation
|
page read and write
|
||
|
5C47000
|
trusted library allocation
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
2CA5000
|
trusted library allocation
|
page read and write
|
||
|
2C76000
|
trusted library allocation
|
page read and write
|
||
|
876000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
25F4000
|
trusted library allocation
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
2C88000
|
trusted library allocation
|
page read and write
|
||
|
5CC0000
|
heap
|
page read and write
|
||
|
558C000
|
heap
|
page read and write
|
||
|
49AD000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
5558000
|
heap
|
page read and write
|
||
|
5552000
|
heap
|
page read and write
|
||
|
5B82000
|
heap
|
page read and write
|
||
|
88B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B2E000
|
trusted library allocation
|
page read and write
|
||
|
2B28000
|
trusted library allocation
|
page read and write
|
||
|
764000
|
heap
|
page read and write
|
||
|
86D000
|
trusted library allocation
|
page execute and read and write
|
||
|
38C1000
|
trusted library allocation
|
page read and write
|
||
|
3CA2000
|
trusted library allocation
|
page read and write
|
||
|
5A3E000
|
stack
|
page read and write
|
||
|
263E000
|
trusted library allocation
|
page read and write
|
||
|
262C000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
trusted library allocation
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
49F0000
|
heap
|
page execute and read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
AC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
5C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
49C4000
|
trusted library allocation
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
2B2A000
|
trusted library allocation
|
page read and write
|
||
|
2B34000
|
trusted library allocation
|
page read and write
|
||
|
5905000
|
trusted library allocation
|
page read and write
|
||
|
58E000
|
remote allocation
|
page execute and read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
4E90000
|
heap
|
page execute and read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
49A1000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2531000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
A43000
|
trusted library allocation
|
page execute and read and write
|
||
|
5760000
|
trusted library allocation
|
page execute and read and write
|
||
|
B61000
|
heap
|
page read and write
|
||
|
312000
|
unkown
|
page readonly
|
||
|
624E000
|
stack
|
page read and write
|
||
|
ABA000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
A44000
|
trusted library allocation
|
page read and write
|
||
|
2C6F000
|
trusted library allocation
|
page read and write
|
||
|
4C9C000
|
stack
|
page read and write
|
||
|
937000
|
stack
|
page read and write
|
||
|
2C84000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page read and write
|
||
|
2CA9000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
6571000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
2C4C000
|
trusted library allocation
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
85D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FB20000
|
trusted library allocation
|
page execute and read and write
|
||
|
3531000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
54BF000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
5C6B000
|
trusted library allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2644000
|
trusted library allocation
|
page read and write
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
AB2000
|
trusted library allocation
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
5B4C000
|
heap
|
page read and write
|
||
|
5C40000
|
trusted library allocation
|
page read and write
|
||
|
498B000
|
trusted library allocation
|
page read and write
|
||
|
AA8000
|
trusted library allocation
|
page read and write
|
||
|
56FF000
|
stack
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
2CA1000
|
trusted library allocation
|
page read and write
|
||
|
4DDF000
|
stack
|
page read and write
|
||
|
5B40000
|
heap
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
610F000
|
stack
|
page read and write
|
||
|
2B2C000
|
trusted library allocation
|
page read and write
|
||
|
4E1E000
|
stack
|
page read and write
|
||
|
49B2000
|
trusted library allocation
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
BF6000
|
heap
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
43A000
|
stack
|
page read and write
|
||
|
5570000
|
heap
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
498E000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
539000
|
stack
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
2C54000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
2C56000
|
trusted library allocation
|
page read and write
|
||
|
ACB000
|
trusted library allocation
|
page execute and read and write
|
||
|
260E000
|
trusted library allocation
|
page read and write
|
||
|
49A6000
|
trusted library allocation
|
page read and write
|
||
|
462D000
|
stack
|
page read and write
|
||
|
AAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5047000
|
trusted library allocation
|
page read and write
|
||
|
268F000
|
stack
|
page read and write
|
||
|
55B2000
|
heap
|
page read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
5920000
|
trusted library allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CA3000
|
trusted library allocation
|
page read and write
|
||
|
2CAB000
|
trusted library allocation
|
page read and write
|
||
|
AA3000
|
trusted library allocation
|
page read and write
|
||
|
26D2000
|
trusted library allocation
|
page read and write
|
||
|
4EDE000
|
stack
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
5916000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C8E000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
2565000
|
trusted library allocation
|
page read and write
|
||
|
4FDD000
|
stack
|
page read and write
|
||
|
B9D000
|
heap
|
page read and write
|
||
|
4AA0000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
261E000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
25EE000
|
trusted library allocation
|
page read and write
|
||
|
2C8A000
|
trusted library allocation
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2C69000
|
trusted library allocation
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
49D0000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
4A94000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
5CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
B2E000
|
heap
|
page read and write
|
||
|
4992000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page execute and read and write
|
||
|
2218000
|
trusted library allocation
|
page read and write
|
||
|
4FDE000
|
stack
|
page read and write
|
||
|
5930000
|
trusted library allocation
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
54C2000
|
trusted library allocation
|
page read and write
|
||
|
47D6000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B30000
|
trusted library allocation
|
page read and write
|
||
|
853000
|
trusted library allocation
|
page execute and read and write
|
||
|
A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
54B2000
|
trusted library allocation
|
page read and write
|
||
|
2420000
|
heap
|
page execute and read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
499E000
|
trusted library allocation
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
AB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
261C000
|
trusted library allocation
|
page read and write
|
||
|
2618000
|
trusted library allocation
|
page read and write
|
||
|
2C6D000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
trusted library section
|
page read and write
|
||
|
2C6B000
|
trusted library allocation
|
page read and write
|
||
|
3539000
|
trusted library allocation
|
page read and write
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
5D5D000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page execute and read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page read and write
|
||
|
AC2000
|
trusted library allocation
|
page read and write
|
||
|
887000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2C5A000
|
trusted library allocation
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
310000
|
unkown
|
page readonly
|
||
|
57E000
|
unkown
|
page readonly
|
||
|
23FC000
|
stack
|
page read and write
|
||
|
2608000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
3AF3000
|
trusted library allocation
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
77F000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
3559000
|
trusted library allocation
|
page read and write
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
854000
|
trusted library allocation
|
page read and write
|
||
|
2C52000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
trusted library section
|
page read and write
|
||
|
5700000
|
trusted library section
|
page read and write
|
||
|
54DF000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A66000
|
heap
|
page read and write
|
||
|
2C58000
|
trusted library allocation
|
page read and write
|
||
|
2C9D000
|
trusted library allocation
|
page read and write
|
||
|
B47000
|
heap
|
page read and write
|
||
|
54B8000
|
trusted library allocation
|
page read and write
|
||
|
882000
|
trusted library allocation
|
page read and write
|
||
|
2C4E000
|
trusted library allocation
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
78F000
|
heap
|
page read and write
|
There are 244 hidden memdumps, click here to show them.