Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
oEFrY6Xcyl.ps1
|
ASCII text, with very long lines (63904), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iz4awws3.543.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u31gyipb.z3t.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G9P8OZBN16ZF2GF28T7C.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\oEFrY6Xcyl.ps1"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
20.25.126.96
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://20.25.126.96/
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://20.25.126.96/cmW
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://20.25.126.96/j
|
unknown
|
||
|
https://20.25.126.96/cm=
|
unknown
|
||
|
https://20.25.126.96/m
|
unknown
|
||
|
https://20.25.126.96/cm;
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://20.25.126.96/ngs
|
unknown
|
||
|
https://20.25.126.96/cm5.126.96/cm
|
unknown
|
||
|
https://20.25.126.96/cmv
|
unknown
|
||
|
https://20.25.126.96/ms2
|
unknown
|
||
|
https://20.25.126.96/cmw
|
unknown
|
||
|
https://20.25.126.96/cmq
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://20.25.126.96/cms
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://20.25.126.96/ms
|
unknown
|
||
|
https://20.25.126.96/cmf
|
unknown
|
||
|
http://127.0.0.1:%u/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://20.25.126.96/cm
|
unknown
|
||
|
https://20.25.126.96/?
|
unknown
|
||
|
https://20.25.126.96/cmd
|
unknown
|
There are 21 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
20.25.126.96
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A6ED0B0000
|
heap
|
page read and write
|
|
|
|
1A6E4B7C000
|
trusted library allocation
|
page read and write
|
|
|
|
1A6E4C51000
|
trusted library allocation
|
page read and write
|
|
|
|
1A6ED2E0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1A6D5739000
|
trusted library allocation
|
page read and write
|
|
|
|
1A6ED330000
|
direct allocation
|
page execute and read and write
|
|
|
|
1A6ECF82000
|
heap
|
page read and write
|
||
|
1A6ECFBB000
|
heap
|
page read and write
|
||
|
1A6E4B11000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2C50000
|
heap
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
1A6D624E000
|
trusted library allocation
|
page read and write
|
||
|
1A6D6184000
|
trusted library allocation
|
page read and write
|
||
|
7E8BBCF000
|
stack
|
page read and write
|
||
|
1A6ED37E000
|
direct allocation
|
page execute and read and write
|
||
|
1A6D4A50000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECC4B000
|
heap
|
page read and write
|
||
|
1A6D4B00000
|
heap
|
page read and write
|
||
|
1A6D4AF0000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECF58000
|
heap
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34726000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34672000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2DFA000
|
heap
|
page read and write
|
||
|
1A6ECFB7000
|
heap
|
page read and write
|
||
|
7E8AD7E000
|
stack
|
page read and write
|
||
|
1A6ED37B000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECF5C000
|
heap
|
page read and write
|
||
|
1A6D2DFC000
|
heap
|
page read and write
|
||
|
1A6ECDB0000
|
heap
|
page read and write
|
||
|
1A6D2CB0000
|
heap
|
page read and write
|
||
|
1A6D2D18000
|
heap
|
page read and write
|
||
|
1A6D2E70000
|
trusted library section
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECF54000
|
heap
|
page read and write
|
||
|
7FFD3467D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E8BC4D000
|
stack
|
page read and write
|
||
|
7E8ACFE000
|
stack
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34674000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECC20000
|
heap
|
page read and write
|
||
|
1A6ECCFB000
|
heap
|
page read and write
|
||
|
1A6D2C70000
|
heap
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3468B000
|
trusted library allocation
|
page read and write
|
||
|
7E8BCCB000
|
stack
|
page read and write
|
||
|
7FFD3482A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
1A6ED383000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34673000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6D2DB3000
|
heap
|
page read and write
|
||
|
7DF49F5A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6D2CF0000
|
heap
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2E60000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECE90000
|
heap
|
page execute and read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34854000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECB1C000
|
heap
|
page read and write
|
||
|
1A6ECF86000
|
heap
|
page read and write
|
||
|
1A6D2DBD000
|
heap
|
page read and write
|
||
|
7FFD34756000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2D10000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2CF5000
|
heap
|
page read and write
|
||
|
1A6D2DB7000
|
heap
|
page read and write
|
||
|
1A6D2B70000
|
heap
|
page read and write
|
||
|
1A6ED378000
|
direct allocation
|
page execute and read and write
|
||
|
7FFD34821000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECD1A000
|
heap
|
page read and write
|
||
|
1A6ECEFD000
|
heap
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2ED5000
|
heap
|
page read and write
|
||
|
1A6D2D96000
|
heap
|
page read and write
|
||
|
1A6D6139000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6D4A07000
|
heap
|
page execute and read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E8B0FE000
|
stack
|
page read and write
|
||
|
1A6D2D93000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECF44000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECC91000
|
heap
|
page read and write
|
||
|
1A6D4B11000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
1A6D4A20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
1A6D4D39000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6D2EB0000
|
heap
|
page readonly
|
||
|
1A6ECF9B000
|
heap
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2E80000
|
heap
|
page read and write
|
||
|
1A6D4A00000
|
heap
|
page execute and read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECFB9000
|
heap
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
7E8A715000
|
stack
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
7E8B07E000
|
stack
|
page read and write
|
||
|
1A6D4B98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
1A6D624A000
|
trusted library allocation
|
page read and write
|
||
|
1A6ECEB0000
|
heap
|
page read and write
|
||
|
1A6E4B3A000
|
trusted library allocation
|
page read and write
|
||
|
1A6E4B20000
|
trusted library allocation
|
page read and write
|
||
|
1A6D4A10000
|
heap
|
page execute and read and write
|
||
|
7E8BB83000
|
stack
|
page read and write
|
||
|
7E8B1FB000
|
stack
|
page read and write
|
||
|
7FFD34852000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2EA0000
|
trusted library allocation
|
page read and write
|
||
|
1A6D6C4E000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2E90000
|
trusted library section
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
1A6ED381000
|
direct allocation
|
page execute and read and write
|
||
|
1A6D2DD3000
|
heap
|
page read and write
|
||
|
1A6D4AF3000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2ED0000
|
heap
|
page read and write
|
||
|
7FFD3472C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A6ECC55000
|
heap
|
page read and write
|
||
|
7FFD34670000
|
trusted library allocation
|
page read and write
|
||
|
1A6D2E01000
|
heap
|
page read and write
|
||
|
7E8B17E000
|
stack
|
page read and write
|
||
|
7FFD34857000
|
trusted library allocation
|
page read and write
|
There are 127 hidden memdumps, click here to show them.