Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rslogixbuddy.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rslogixbuddy.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bpnaoii5.d1s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wr1liv1d.obg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rslogixbuddy.exe
|
C:\Users\user\Desktop\rslogixbuddy.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F1E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
1B760000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CAEF000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
F75000
|
heap
|
page read and write
|
||
|
2A11000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
7F3000
|
stack
|
page read and write
|
||
|
2B37000
|
trusted library allocation
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7FF4A6D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
29F1000
|
trusted library allocation
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
2890000
|
trusted library allocation
|
page read and write
|
||
|
1BD5B000
|
stack
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
129F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B784000
|
heap
|
page read and write
|
||
|
1B550000
|
heap
|
page execute and read and write
|
||
|
1B680000
|
heap
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B48E000
|
stack
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
12A65000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
2B6F000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B918000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
7FFD9B926000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
2B2D000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
1B7DF000
|
heap
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B957000
|
trusted library allocation
|
page read and write
|
||
|
A56000
|
heap
|
page read and write
|
||
|
2B3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1B79C000
|
heap
|
page read and write
|
||
|
A6F000
|
heap
|
page read and write
|
||
|
1B380000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
2B2A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B775000
|
heap
|
page read and write
|
||
|
7FFD9B929000
|
trusted library allocation
|
page read and write
|
||
|
2F0F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B2000
|
unkown
|
page readonly
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
2F18000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C4000
|
heap
|
page read and write
|
||
|
A93000
|
heap
|
page read and write
|
||
|
1C9EE000
|
stack
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
2B33000
|
trusted library allocation
|
page read and write
|
||
|
129FF000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
1BE5E000
|
stack
|
page read and write
|
||
|
1B7E3000
|
heap
|
page read and write
|
||
|
1B95E000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
28E0000
|
heap
|
page execute and read and write
|
||
|
6B0000
|
unkown
|
page readonly
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1C7E9000
|
stack
|
page read and write
|
||
|
1BA5F000
|
stack
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1B7D2000
|
heap
|
page read and write
|
||
|
7FFD9B788000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
1BC5F000
|
stack
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
2F57000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
29FF000
|
trusted library allocation
|
page read and write
|
||
|
1AF7B000
|
stack
|
page read and write
|
||
|
2F1C000
|
trusted library allocation
|
page read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
1C8ED000
|
stack
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABD000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
There are 114 hidden memdumps, click here to show them.