Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
New Quote 50029741830.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmpD371.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\New Quote 50029741830.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\yqlOaUZZYhEp.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ovwtzm5.kok.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4i33nfam.oo3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ev5kicve.sg5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fk2kyu3e.mmv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jmovjg2h.lmt.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nt5gvfwt.si1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_un41lb2p.0a5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yoiqw0fr.vqx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpEA93.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\New Quote 50029741830.exe
|
"C:\Users\user\Desktop\New Quote 50029741830.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New Quote
50029741830.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\yqlOaUZZYhEp" /XML "C:\Users\user\AppData\Local\Temp\tmpD371.tmp"
|
|
|
|
C:\Users\user\Desktop\New Quote 50029741830.exe
|
"C:\Users\user\Desktop\New Quote 50029741830.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\yqlOaUZZYhEp" /XML "C:\Users\user\AppData\Local\Temp\tmpEA93.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe
|
C:\Users\user\AppData\Roaming\yqlOaUZZYhEp.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7948 -s 12
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7200 -s 12
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 18 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
142E9000
|
trusted library allocation
|
page read and write
|
|
|
|
15C73000
|
trusted library allocation
|
page read and write
|
|
|
|
1D384000
|
heap
|
page read and write
|
|
|
|
1FC0E000
|
stack
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
1E160000
|
trusted library section
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D13D000
|
stack
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
131AD000
|
trusted library allocation
|
page read and write
|
||
|
1DF6F000
|
stack
|
page read and write
|
||
|
14011000
|
trusted library allocation
|
page read and write
|
||
|
1F00F000
|
stack
|
page read and write
|
||
|
14C23000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B956000
|
trusted library allocation
|
page read and write
|
||
|
3BA0000
|
trusted library section
|
page readonly
|
||
|
15EC000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC9F000
|
stack
|
page read and write
|
||
|
13233000
|
trusted library allocation
|
page read and write
|
||
|
A2A000
|
heap
|
page read and write
|
||
|
7FFD9B922000
|
trusted library allocation
|
page read and write
|
||
|
3BB0000
|
heap
|
page execute and read and write
|
||
|
1CBEC000
|
heap
|
page read and write
|
||
|
BFC000
|
stack
|
page read and write
|
||
|
14001000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
1BD45000
|
heap
|
page read and write
|
||
|
C42000
|
unkown
|
page readonly
|
||
|
1AD9A430000
|
heap
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
A31000
|
heap
|
page read and write
|
||
|
4486000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
1CD30000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
3441000
|
trusted library allocation
|
page read and write
|
||
|
1F80F000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD9A370000
|
heap
|
page read and write
|
||
|
1CD35000
|
heap
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
1EA2B000
|
heap
|
page read and write
|
||
|
1601000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
47B539F000
|
stack
|
page read and write
|
||
|
343D000
|
trusted library allocation
|
page read and write
|
||
|
1DB6D000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2000B000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
4001000
|
trusted library allocation
|
page read and write
|
||
|
1332C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD50000
|
heap
|
page read and write
|
||
|
15CC000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page execute and read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
1AFE0000
|
trusted library allocation
|
page read and write
|
||
|
133A2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1E140000
|
trusted library section
|
page read and write
|
||
|
1EB6B000
|
stack
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
4489000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
16429635000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF2000
|
unkown
|
page readonly
|
||
|
14113000
|
trusted library allocation
|
page read and write
|
||
|
1F36E000
|
stack
|
page read and write
|
||
|
9E6F279000
|
stack
|
page read and write
|
||
|
343F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1505000
|
heap
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C15D000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
1ABE000
|
stack
|
page read and write
|
||
|
13367000
|
trusted library allocation
|
page read and write
|
||
|
13F2000
|
stack
|
page read and write
|
||
|
1D260000
|
heap
|
page read and write
|
||
|
162F000
|
heap
|
page read and write
|
||
|
341C000
|
trusted library allocation
|
page read and write
|
||
|
1F40E000
|
stack
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
162D000
|
heap
|
page read and write
|
||
|
16429668000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
30C2000
|
trusted library allocation
|
page read and write
|
||
|
1604000
|
heap
|
page read and write
|
||
|
1AD9A390000
|
heap
|
page read and write
|
||
|
141FD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
AAF000
|
heap
|
page read and write
|
||
|
16429630000
|
heap
|
page read and write
|
||
|
1BD53000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
12FB8000
|
trusted library allocation
|
page read and write
|
||
|
3B70000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
1E1C2000
|
trusted library allocation
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1BD40000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FD9000
|
trusted library allocation
|
page read and write
|
||
|
1E970000
|
trusted library section
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
2FB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1C77C000
|
stack
|
page read and write
|
||
|
9E6F37F000
|
stack
|
page read and write
|
||
|
47B5299000
|
stack
|
page read and write
|
||
|
1563000
|
heap
|
page read and write
|
||
|
1E5A0000
|
heap
|
page read and write
|
||
|
3420000
|
trusted library allocation
|
page read and write
|
||
|
1B83C000
|
stack
|
page read and write
|
||
|
3BF0000
|
heap
|
page read and write
|
||
|
1E5B1000
|
heap
|
page read and write
|
||
|
14008000
|
trusted library allocation
|
page read and write
|
||
|
47B531F000
|
unkown
|
page read and write
|
||
|
7FFD9B95E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1C030000
|
trusted library allocation
|
page read and write
|
||
|
13299000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
9A4000
|
trusted library section
|
page readonly
|
||
|
16429610000
|
heap
|
page read and write
|
||
|
3445000
|
trusted library allocation
|
page read and write
|
||
|
1D360000
|
heap
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD9A6F0000
|
heap
|
page read and write
|
||
|
1F88B000
|
stack
|
page read and write
|
||
|
3443000
|
trusted library allocation
|
page read and write
|
||
|
12FB1000
|
trusted library allocation
|
page read and write
|
||
|
2080D000
|
stack
|
page read and write
|
||
|
1E36F000
|
stack
|
page read and write
|
||
|
3BC0000
|
heap
|
page read and write
|
||
|
1EA20000
|
heap
|
page read and write
|
||
|
9E6F2FF000
|
unkown
|
page read and write
|
||
|
A2C000
|
heap
|
page read and write
|
||
|
7FFD9B922000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
heap
|
page execute and read and write
|
||
|
130C3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FF441DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8D0000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
9A0000
|
trusted library section
|
page readonly
|
||
|
343B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page read and write
|
||
|
3436000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
409B000
|
trusted library allocation
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page execute and read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
164295F0000
|
heap
|
page read and write
|
||
|
1CBB0000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
1AD9A6F5000
|
heap
|
page read and write
|
||
|
1AD9A360000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD9A438000
|
heap
|
page read and write
|
||
|
8F0000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
20CBF000
|
stack
|
page read and write
|
||
|
132B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
412B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B946000
|
trusted library allocation
|
page read and write
|
||
|
13FC000
|
stack
|
page read and write
|
||
|
16429660000
|
heap
|
page read and write
|
||
|
1E9F0000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
13423000
|
trusted library allocation
|
page read and write
|
||
|
12FC1000
|
trusted library allocation
|
page read and write
|
||
|
1EF6E000
|
stack
|
page read and write
|
||
|
1E170000
|
trusted library allocation
|
page read and write
|
||
|
44E9000
|
trusted library allocation
|
page read and write
|
||
|
1C160000
|
heap
|
page read and write
|
||
|
2040E000
|
stack
|
page read and write
|
||
|
3499000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1EBE000
|
stack
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7F2000
|
stack
|
page read and write
|
||
|
133A7000
|
trusted library allocation
|
page read and write
|
||
|
210BB000
|
stack
|
page read and write
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C170000
|
heap
|
page read and write
|
||
|
1E76E000
|
stack
|
page read and write
|
||
|
1E1A0000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
16429510000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
15C6000
|
heap
|
page read and write
|
||
|
1CBC0000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1CBDB000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
1EA15000
|
heap
|
page read and write
|
There are 232 hidden memdumps, click here to show them.