Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment_Advice.pdf.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp8A6E.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\FGZscboXVnu.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Payment_Advice.pdf.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1fodqf20.cem.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3f35qw1c.3wc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ct1uva0p.ri5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fyaik0a5.dpc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrwid0na.3qb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p0qyczo0.0fa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfuk5y4j.u5p.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zrusci0x.z0w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\FGZscboXVnu.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Payment_Advice.pdf.exe
|
"C:\Users\user\Desktop\Payment_Advice.pdf.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment_Advice.pdf.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\FGZscboXVnu.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\FGZscboXVnu" /XML "C:\Users\user\AppData\Local\Temp\tmp8A6E.tmp"
|
|
|
|
C:\Users\user\Desktop\Payment_Advice.pdf.exe
|
C:\Users\user\Desktop\Payment_Advice.pdf.exe
|
|
|
|
C:\Users\user\AppData\Roaming\FGZscboXVnu.exe
|
C:\Users\user\AppData\Roaming\FGZscboXVnu.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7304 -s 12
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
https://sempersim.su/c17/fre.php
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://go.microsoft.c
|
unknown
|
||
|
http://go.microsoft.ctain
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 24 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
314F000
|
trusted library allocation
|
page read and write
|
|
|
|
131AB000
|
trusted library allocation
|
page read and write
|
|
|
|
131C5000
|
trusted library allocation
|
page read and write
|
|
|
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
131DF000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1E9A4000
|
heap
|
page read and write
|
||
|
1E994000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
13501000
|
trusted library allocation
|
page read and write
|
||
|
D2000
|
unkown
|
page readonly
|
||
|
3178000
|
trusted library allocation
|
page read and write
|
||
|
853000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
1BE80000
|
heap
|
page read and write
|
||
|
7FFD9B788000
|
trusted library allocation
|
page read and write
|
||
|
12FB8000
|
trusted library allocation
|
page read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
3006000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
trusted library section
|
page readonly
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
1B83C000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
1E992000
|
heap
|
page read and write
|
||
|
7FFD9B933000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
DD3000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1D32E000
|
stack
|
page read and write
|
||
|
27100B90000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
27100D50000
|
heap
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FF4EE100000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AFE0000
|
trusted library allocation
|
page read and write
|
||
|
1C060000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1337C000
|
trusted library allocation
|
page read and write
|
||
|
1C46C000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCE3000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
1E430000
|
heap
|
page read and write
|
||
|
1030000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C09B000
|
heap
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
136EB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
27100C70000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C140000
|
heap
|
page execute and read and write
|
||
|
81D000
|
heap
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
trusted library section
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
DBB000
|
heap
|
page read and write
|
||
|
12FC1000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CF2E000
|
stack
|
page read and write
|
||
|
7F3000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1C030000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
1D06E000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1E4AC000
|
heap
|
page read and write
|
||
|
2297D000
|
stack
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
|
F59D969000
|
stack
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
886000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
13809000
|
trusted library allocation
|
page read and write
|
||
|
1C72D000
|
stack
|
page read and write
|
||
|
1BE70000
|
heap
|
page execute and read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
27100D58000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page execute and read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1C86F000
|
stack
|
page read and write
|
||
|
22D7E000
|
stack
|
page read and write
|
||
|
1ED8B000
|
stack
|
page read and write
|
||
|
1F26B000
|
stack
|
page read and write
|
||
|
27100C90000
|
heap
|
page read and write
|
||
|
27100D25000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
D05000
|
heap
|
page read and write
|
||
|
7FFD9B936000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
13864000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
134F1000
|
trusted library allocation
|
page read and write
|
||
|
1C010000
|
trusted library section
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
1BCE0000
|
heap
|
page read and write
|
||
|
1BCB0000
|
heap
|
page read and write
|
||
|
2317B000
|
stack
|
page read and write
|
||
|
87C000
|
heap
|
page read and write
|
||
|
1BB80000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C00E000
|
heap
|
page read and write
|
||
|
F59D9EE000
|
unkown
|
page read and write
|
||
|
7FFD9B943000
|
trusted library allocation
|
page read and write
|
||
|
1BBB0000
|
heap
|
page read and write
|
||
|
1CB2E000
|
stack
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCA0000
|
trusted library section
|
page readonly
|
||
|
3070000
|
heap
|
page read and write
|
||
|
1C230000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
13601000
|
trusted library allocation
|
page read and write
|
||
|
BF3000
|
stack
|
page read and write
|
||
|
1BBC8000
|
heap
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
E5C000
|
heap
|
page read and write
|
||
|
7FFD9B94C000
|
trusted library allocation
|
page read and write
|
||
|
1D330000
|
heap
|
page read and write
|
||
|
138BF000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
|
1CC6E000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
F59DC7F000
|
stack
|
page read and write
|
||
|
838000
|
heap
|
page read and write
|
||
|
34F1000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
1374D000
|
trusted library allocation
|
page read and write
|
||
|
1D340000
|
heap
|
page read and write
|
||
|
1BFB0000
|
heap
|
page read and write
|
||
|
1EA4A000
|
heap
|
page read and write
|
||
|
1BBCE000
|
heap
|
page read and write
|
||
|
137AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9C000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
12FB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page read and write
|
||
|
1E5D0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1EE6D000
|
stack
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1BE50000
|
heap
|
page read and write
|
||
|
134F8000
|
trusted library allocation
|
page read and write
|
||
|
816000
|
heap
|
page read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
1BBCA000
|
heap
|
page read and write
|
||
|
1E070000
|
trusted library allocation
|
page read and write
|
||
|
1BBA0000
|
heap
|
page read and write
|
||
|
3E5A000
|
trusted library allocation
|
page read and write
|
||
|
1E092000
|
trusted library allocation
|
page read and write
|
||
|
1326C000
|
trusted library allocation
|
page read and write
|
||
|
1E970000
|
heap
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
1E9B2000
|
heap
|
page read and write
|
||
|
1C066000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA7000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
1B520000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1BBF8000
|
heap
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F66E000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1C020000
|
trusted library section
|
page read and write
|
||
|
A80000
|
heap
|
page execute and read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
E02000
|
heap
|
page read and write
|
||
|
27100D20000
|
heap
|
page read and write
|
||
|
C83000
|
trusted library allocation
|
page read and write
|
||
|
DAF000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
3046000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
D14000
|
trusted library section
|
page readonly
|
||
|
1BC6D000
|
stack
|
page read and write
|
||
|
1EA34000
|
heap
|
page read and write
|
||
|
1BFF0000
|
trusted library section
|
page read and write
|
||
|
1E627000
|
trusted library section
|
page read and write
|
||
|
130C1000
|
trusted library allocation
|
page read and write
|
||
|
1E98F000
|
heap
|
page read and write
|
||
|
D0000
|
unkown
|
page readonly
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B91B000
|
trusted library allocation
|
page read and write
|
||
|
E1A000
|
heap
|
page read and write
|
||
|
21D80000
|
trusted library allocation
|
page read and write
|
There are 215 hidden memdumps, click here to show them.