Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ud(1).bat
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dz5h2dmg.1fz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lzcxfrxc.q0v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olecitdf.e5s.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r1kcqocq.xxb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DMQUPFH29LI9EAL94N2L.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\ud(1).bat" "
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -WindowStyle Hidden -Command "C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe C:\\Users\\Public\\Document\\python
C:\\Users\\Public\\Document\\Lib\\sim.py"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" C:\\Users\\Public\\Document\\python C:\\Users\\Public\\Document\\Lib\\sim.py
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FF848D3D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
1A92B859000
|
trusted library allocation
|
page read and write
|
||
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
1A92B6F1000
|
trusted library allocation
|
page read and write
|
||
7FF848F12000
|
trusted library allocation
|
page read and write
|
||
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
1A92B806000
|
trusted library allocation
|
page read and write
|
||
1A92B707000
|
trusted library allocation
|
page read and write
|
||
1A943D70000
|
heap
|
page read and write
|
||
1A943CB1000
|
heap
|
page read and write
|
||
1A92B803000
|
trusted library allocation
|
page read and write
|
||
1A92B7FD000
|
trusted library allocation
|
page read and write
|
||
7DF49E8A0000
|
trusted library allocation
|
page execute and read and write
|
||
1A92B713000
|
trusted library allocation
|
page read and write
|
||
1A92B5F0000
|
heap
|
page readonly
|
||
7FF848DF0000
|
trusted library allocation
|
page execute and read and write
|
||
1A92B6E4000
|
heap
|
page read and write
|
||
1A93B6F1000
|
trusted library allocation
|
page read and write
|
||
1A929F84000
|
heap
|
page read and write
|
||
1A929C07000
|
heap
|
page read and write
|
||
7FF848DE6000
|
trusted library allocation
|
page read and write
|
||
1A943EA7000
|
heap
|
page read and write
|
||
1A92B814000
|
trusted library allocation
|
page read and write
|
||
1A929F60000
|
heap
|
page read and write
|
||
1A943E80000
|
heap
|
page execute and read and write
|
||
32954B6000
|
stack
|
page read and write
|
||
1A943C50000
|
heap
|
page read and write
|
||
1A92B5C0000
|
trusted library allocation
|
page read and write
|
||
1A92B5E0000
|
trusted library allocation
|
page read and write
|
||
1A92B811000
|
trusted library allocation
|
page read and write
|
||
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
7FF848DEC000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
1A92BBF4000
|
trusted library allocation
|
page read and write
|
||
1A92B737000
|
trusted library allocation
|
page read and write
|
||
329537E000
|
stack
|
page read and write
|
||
1A929B90000
|
heap
|
page read and write
|
||
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
1A929F80000
|
heap
|
page read and write
|
||
3295539000
|
stack
|
page read and write
|
||
1A943EAB000
|
heap
|
page read and write
|
||
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
7FF849060000
|
trusted library allocation
|
page read and write
|
||
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
7FF848EE1000
|
trusted library allocation
|
page read and write
|
||
7FF849040000
|
trusted library allocation
|
page read and write
|
||
1A92B739000
|
trusted library allocation
|
page read and write
|
||
1A92B8CE000
|
trusted library allocation
|
page read and write
|
||
1A929C83000
|
heap
|
page read and write
|
||
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
3294DF3000
|
stack
|
page read and write
|
||
1A93B762000
|
trusted library allocation
|
page read and write
|
||
1A92B773000
|
trusted library allocation
|
page read and write
|
||
1A92BF60000
|
trusted library allocation
|
page read and write
|
||
1A943EBA000
|
heap
|
page read and write
|
||
1A93B700000
|
trusted library allocation
|
page read and write
|
||
7FF848D34000
|
trusted library allocation
|
page read and write
|
||
1A929C00000
|
heap
|
page read and write
|
||
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
329527F000
|
stack
|
page read and write
|
||
7FF848D33000
|
trusted library allocation
|
page execute and read and write
|
||
1A929BC0000
|
heap
|
page read and write
|
||
1A92B6E0000
|
heap
|
page read and write
|
||
329583B000
|
stack
|
page read and write
|
||
1A943CAF000
|
heap
|
page read and write
|
||
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
7FF849050000
|
trusted library allocation
|
page read and write
|
||
1A92B74C000
|
trusted library allocation
|
page read and write
|
||
7FF849070000
|
trusted library allocation
|
page read and write
|
||
1A943D38000
|
heap
|
page read and write
|
||
329573E000
|
stack
|
page read and write
|
||
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
1A943D3A000
|
heap
|
page read and write
|
||
32955B9000
|
stack
|
page read and write
|
||
1A92B851000
|
trusted library allocation
|
page read and write
|
||
1A92B680000
|
trusted library allocation
|
page read and write
|
||
7FF848E50000
|
trusted library allocation
|
page execute and read and write
|
||
1A92BBC6000
|
trusted library allocation
|
page read and write
|
||
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
1A929C12000
|
heap
|
page read and write
|
||
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
7FF848D8C000
|
trusted library allocation
|
page execute and read and write
|
||
1A943CC4000
|
heap
|
page read and write
|
||
32956BE000
|
stack
|
page read and write
|
||
32950FE000
|
stack
|
page read and write
|
||
7FF848E16000
|
trusted library allocation
|
page execute and read and write
|
||
1A943C40000
|
heap
|
page execute and read and write
|
||
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
1A943EA0000
|
heap
|
page read and write
|
||
1A943EA9000
|
heap
|
page read and write
|
||
1A92B800000
|
trusted library allocation
|
page read and write
|
||
32953F8000
|
stack
|
page read and write
|
||
32951FD000
|
stack
|
page read and write
|
||
1A929C48000
|
heap
|
page read and write
|
||
329507E000
|
unkown
|
page read and write
|
||
1A943C46000
|
heap
|
page execute and read and write
|
||
1A92B600000
|
heap
|
page read and write
|
||
1A92BCFA000
|
trusted library allocation
|
page read and write
|
||
1A929BA0000
|
heap
|
page read and write
|
||
1A943E70000
|
heap
|
page read and write
|
||
1A92BB9A000
|
trusted library allocation
|
page read and write
|
||
1A943EA3000
|
heap
|
page read and write
|
||
32952FE000
|
stack
|
page read and write
|
||
7FF848D32000
|
trusted library allocation
|
page read and write
|
||
1A929C3C000
|
heap
|
page read and write
|
||
1A943CF7000
|
heap
|
page read and write
|
||
7FF849020000
|
trusted library allocation
|
page read and write
|
||
1A929C89000
|
heap
|
page read and write
|
||
1A929C3A000
|
heap
|
page read and write
|
||
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
7FF849010000
|
trusted library allocation
|
page read and write
|
||
329563E000
|
stack
|
page read and write
|
||
329543E000
|
stack
|
page read and write
|
||
1A929C5C000
|
heap
|
page read and write
|
||
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848EF0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848EEA000
|
trusted library allocation
|
page read and write
|
||
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
7FF849000000
|
trusted library allocation
|
page read and write
|
||
1A92B6B0000
|
heap
|
page execute and read and write
|
||
32957BE000
|
stack
|
page read and write
|
||
7FF849030000
|
trusted library allocation
|
page read and write
|
||
329517F000
|
stack
|
page read and write
|
||
1A943D1E000
|
heap
|
page read and write
|
||
1A92B817000
|
trusted library allocation
|
page read and write
|
There are 117 hidden memdumps, click here to show them.