Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ud.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_445rbmny.5h0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_apmabcek.eax.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uunydedk.hq1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmrnui1n.thv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\YAFOA8YT1Y1SL9DCJLYD.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ud.bat" "
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -WindowStyle Hidden -Command "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\\Users\\Public\\Document\\python
C:\\Users\\Public\\Document\\Lib\\sim.py"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1C5667B0000
|
trusted library allocation
|
page read and write
|
||
1C568186000
|
heap
|
page read and write
|
||
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
1C568184000
|
heap
|
page read and write
|
||
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
1C5666D0000
|
heap
|
page read and write
|
||
1ABBBE000
|
stack
|
page read and write
|
||
1C5688C8000
|
heap
|
page read and write
|
||
1C5002A5000
|
trusted library allocation
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
1C566713000
|
heap
|
page read and write
|
||
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
1ABE3E000
|
stack
|
page read and write
|
||
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
1C568752000
|
heap
|
page read and write
|
||
1C5686F3000
|
heap
|
page read and write
|
||
1C5686B0000
|
heap
|
page read and write
|
||
1C500502000
|
trusted library allocation
|
page read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
1C500486000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
1C566860000
|
heap
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
1C566790000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
1AB5FF000
|
unkown
|
page read and write
|
||
1ABB79000
|
stack
|
page read and write
|
||
1C510074000
|
trusted library allocation
|
page read and write
|
||
1C5667C0000
|
heap
|
page readonly
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
7FFD9B942000
|
trusted library allocation
|
page read and write
|
||
1C5667F0000
|
heap
|
page read and write
|
||
1C5687E0000
|
heap
|
page read and write
|
||
1AB573000
|
stack
|
page read and write
|
||
1C5665F0000
|
heap
|
page read and write
|
||
1C568C10000
|
heap
|
page read and write
|
||
1C566719000
|
heap
|
page read and write
|
||
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
1ABCB8000
|
stack
|
page read and write
|
||
1AB87F000
|
stack
|
page read and write
|
||
1C500108000
|
trusted library allocation
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
1C566690000
|
heap
|
page read and write
|
||
7DF447BE0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
1AB9FE000
|
stack
|
page read and write
|
||
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
1ABDBE000
|
stack
|
page read and write
|
||
1C50010C000
|
trusted library allocation
|
page read and write
|
||
1C5666CC000
|
heap
|
page read and write
|
||
1C500151000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
1C50001D000
|
trusted library allocation
|
page read and write
|
||
1C500105000
|
trusted library allocation
|
page read and write
|
||
1C50086A000
|
trusted library allocation
|
page read and write
|
||
1ABFBC000
|
stack
|
page read and write
|
||
1ABD39000
|
stack
|
page read and write
|
||
1C510011000
|
trusted library allocation
|
page read and write
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
1C5000FA000
|
trusted library allocation
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
1C566610000
|
heap
|
page read and write
|
||
1C500110000
|
trusted library allocation
|
page read and write
|
||
1ABEBE000
|
stack
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
1C500084000
|
trusted library allocation
|
page read and write
|
||
1C5667D0000
|
trusted library allocation
|
page read and write
|
||
1C5666D6000
|
heap
|
page read and write
|
||
1C568360000
|
heap
|
page execute and read and write
|
||
1C500112000
|
trusted library allocation
|
page read and write
|
||
1C510001000
|
trusted library allocation
|
page read and write
|
||
1C566650000
|
heap
|
page read and write
|
||
1C5687B6000
|
heap
|
page execute and read and write
|
||
1C5004A8000
|
trusted library allocation
|
page read and write
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
1C5687B0000
|
heap
|
page execute and read and write
|
||
1C5666EC000
|
heap
|
page read and write
|
||
1C568785000
|
heap
|
page read and write
|
||
1C568180000
|
heap
|
page read and write
|
||
1C5004D0000
|
trusted library allocation
|
page read and write
|
||
1C50014B000
|
trusted library allocation
|
page read and write
|
||
1C566777000
|
heap
|
page read and write
|
||
1C568721000
|
heap
|
page read and write
|
||
1C50005D000
|
trusted library allocation
|
page read and write
|
||
1C566864000
|
heap
|
page read and write
|
||
1ABA7E000
|
stack
|
page read and write
|
||
1ABAFF000
|
stack
|
page read and write
|
||
7FFD9B911000
|
trusted library allocation
|
page read and write
|
||
1AB8FF000
|
stack
|
page read and write
|
||
1C568140000
|
heap
|
page execute and read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
1C56878C000
|
heap
|
page read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
1C568789000
|
heap
|
page read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
1C5688C0000
|
heap
|
page read and write
|
||
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
7FFD9B91A000
|
trusted library allocation
|
page read and write
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
1C50086E000
|
trusted library allocation
|
page read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
1ABF3E000
|
stack
|
page read and write
|
||
1ABC37000
|
stack
|
page read and write
|
||
1C5666CE000
|
heap
|
page read and write
|
||
1C500115000
|
trusted library allocation
|
page read and write
|
||
1AB97D000
|
stack
|
page read and write
|
||
1C500017000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
1C566510000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
1C568754000
|
heap
|
page read and write
|
||
1C500001000
|
trusted library allocation
|
page read and write
|
There are 113 hidden memdumps, click here to show them.