Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
leBwMi0fhZ.ps1
|
data
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnro52ii.arp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yxmnuhwr.vow.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\G6WENG5ORBTPMTRMD743.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\leBwMi0fhZ.ps1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FF848A30000
|
trusted library allocation
|
page read and write
|
||
7FF8488E2000
|
trusted library allocation
|
page read and write
|
||
7FF8488BA000
|
trusted library allocation
|
page read and write
|
||
14DF5A51000
|
trusted library allocation
|
page read and write
|
||
14DF5BB8000
|
trusted library allocation
|
page read and write
|
||
7FF848820000
|
trusted library allocation
|
page execute and read and write
|
||
14DE3A28000
|
heap
|
page read and write
|
||
7FF8488F0000
|
trusted library allocation
|
page execute and read and write
|
||
14DE39A8000
|
heap
|
page read and write
|
||
14DE5A51000
|
trusted library allocation
|
page read and write
|
||
14DFDADF000
|
heap
|
page read and write
|
||
14DFDBE0000
|
heap
|
page read and write
|
||
14DF5AC3000
|
trusted library allocation
|
page read and write
|
||
7FF848702000
|
trusted library allocation
|
page read and write
|
||
14DFE095000
|
heap
|
page read and write
|
||
2FD2B45000
|
stack
|
page read and write
|
||
2FD363E000
|
stack
|
page read and write
|
||
7FF848A20000
|
trusted library allocation
|
page read and write
|
||
14DE3A6F000
|
heap
|
page read and write
|
||
2FD2BCE000
|
stack
|
page read and write
|
||
14DE3BA0000
|
heap
|
page read and write
|
||
14DE7777000
|
trusted library allocation
|
page read and write
|
||
14DE5C82000
|
trusted library allocation
|
page read and write
|
||
14DE6E7D000
|
trusted library allocation
|
page read and write
|
||
2FD3338000
|
stack
|
page read and write
|
||
14DFE050000
|
heap
|
page read and write
|
||
14DE5A20000
|
heap
|
page execute and read and write
|
||
2FD36BB000
|
stack
|
page read and write
|
||
14DFDCD0000
|
heap
|
page execute and read and write
|
||
7FF848720000
|
trusted library allocation
|
page read and write
|
||
2FD2F7E000
|
stack
|
page read and write
|
||
2FD32BE000
|
stack
|
page read and write
|
||
14DFDB25000
|
heap
|
page read and write
|
||
7FF848960000
|
trusted library allocation
|
page read and write
|
||
7FF8489D0000
|
trusted library allocation
|
page read and write
|
||
7FF8487BC000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848990000
|
trusted library allocation
|
page read and write
|
||
7FF8488C0000
|
trusted library allocation
|
page execute and read and write
|
||
14DE3A98000
|
heap
|
page read and write
|
||
14DE3A51000
|
heap
|
page read and write
|
||
14DE7984000
|
trusted library allocation
|
page read and write
|
||
7FF8489F0000
|
trusted library allocation
|
page read and write
|
||
14DE798A000
|
trusted library allocation
|
page read and write
|
||
2FD2FFE000
|
stack
|
page read and write
|
||
14DFDA50000
|
heap
|
page read and write
|
||
14DE5A40000
|
heap
|
page read and write
|
||
14DE3A9A000
|
heap
|
page read and write
|
||
7FF848950000
|
trusted library allocation
|
page read and write
|
||
7FF848980000
|
trusted library allocation
|
page read and write
|
||
7FF8487B6000
|
trusted library allocation
|
page read and write
|
||
7FF8488B5000
|
trusted library allocation
|
page read and write
|
||
7FF848920000
|
trusted library allocation
|
page read and write
|
||
2FD34BE000
|
stack
|
page read and write
|
||
2FD3276000
|
stack
|
page read and write
|
||
7FF84875C000
|
trusted library allocation
|
page execute and read and write
|
||
7FF8488D0000
|
trusted library allocation
|
page execute and read and write
|
||
14DFDDC9000
|
heap
|
page read and write
|
||
7FF848900000
|
trusted library allocation
|
page read and write
|
||
14DE3AA0000
|
heap
|
page read and write
|
||
7FF8487C0000
|
trusted library allocation
|
page execute and read and write
|
||
14DFE0A5000
|
heap
|
page read and write
|
||
14DE3A4D000
|
heap
|
page read and write
|
||
14DF5A60000
|
trusted library allocation
|
page read and write
|
||
14DE3A1B000
|
heap
|
page read and write
|
||
14DE6AEE000
|
trusted library allocation
|
page read and write
|
||
14DE3C30000
|
heap
|
page read and write
|
||
14DFDCE0000
|
heap
|
page read and write
|
||
7FF848A00000
|
trusted library allocation
|
page read and write
|
||
7FF848910000
|
trusted library allocation
|
page read and write
|
||
14DE39A0000
|
heap
|
page read and write
|
||
14DFE079000
|
heap
|
page read and write
|
||
14DFE06C000
|
heap
|
page read and write
|
||
14DE3BE0000
|
heap
|
page read and write
|
||
2FD3439000
|
stack
|
page read and write
|
||
7FF8489E0000
|
trusted library allocation
|
page read and write
|
||
2FD317E000
|
stack
|
page read and write
|
||
14DE60EE000
|
trusted library allocation
|
page read and write
|
||
14DFDAA5000
|
heap
|
page read and write
|
||
7FF84871C000
|
trusted library allocation
|
page read and write
|
||
14DE54A0000
|
heap
|
page read and write
|
||
14DE5555000
|
heap
|
page read and write
|
||
14DE5ADA000
|
trusted library allocation
|
page read and write
|
||
14DFDC55000
|
heap
|
page read and write
|
||
7FF848A40000
|
trusted library allocation
|
page read and write
|
||
7FF848970000
|
trusted library allocation
|
page read and write
|
||
7FF8488A0000
|
trusted library allocation
|
page read and write
|
||
7FF8487B0000
|
trusted library allocation
|
page read and write
|
||
2FD2E7E000
|
stack
|
page read and write
|
||
7FF848703000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848930000
|
trusted library allocation
|
page read and write
|
||
14DE5550000
|
heap
|
page read and write
|
||
14DE5430000
|
trusted library allocation
|
page read and write
|
||
7FF8489A0000
|
trusted library allocation
|
page read and write
|
||
7FF848940000
|
trusted library allocation
|
page read and write
|
||
7FF848A50000
|
trusted library allocation
|
page read and write
|
||
14DE54E0000
|
trusted library allocation
|
page read and write
|
||
14DE5460000
|
trusted library allocation
|
page read and write
|
||
14DE7976000
|
trusted library allocation
|
page read and write
|
||
2FD353F000
|
stack
|
page read and write
|
||
14DE7699000
|
trusted library allocation
|
page read and write
|
||
14DE59B0000
|
heap
|
page execute and read and write
|
||
14DFDB1D000
|
heap
|
page read and write
|
||
14DE3A55000
|
heap
|
page read and write
|
||
7FF848710000
|
trusted library allocation
|
page read and write
|
||
7FF8487E6000
|
trusted library allocation
|
page execute and read and write
|
||
2FD2EFE000
|
stack
|
page read and write
|
||
7FF8489B0000
|
trusted library allocation
|
page read and write
|
||
14DFDCD7000
|
heap
|
page execute and read and write
|
||
2FD30FE000
|
stack
|
page read and write
|
||
14DFDA9C000
|
heap
|
page read and write
|
||
2FD31FD000
|
stack
|
page read and write
|
||
7FF848A10000
|
trusted library allocation
|
page read and write
|
||
14DE3A36000
|
heap
|
page read and write
|
||
14DF5ACF000
|
trusted library allocation
|
page read and write
|
||
7FF84870D000
|
trusted library allocation
|
page execute and read and write
|
||
2FD307B000
|
stack
|
page read and write
|
||
14DE5480000
|
trusted library allocation
|
page read and write
|
||
7DF49E1C0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848704000
|
trusted library allocation
|
page read and write
|
||
14DE3C35000
|
heap
|
page read and write
|
||
7FF8489C0000
|
trusted library allocation
|
page read and write
|
||
2FD33B8000
|
stack
|
page read and write
|
||
14DE5470000
|
heap
|
page readonly
|
||
14DE58A8000
|
heap
|
page read and write
|
||
14DE3A57000
|
heap
|
page read and write
|
||
14DE3B80000
|
heap
|
page read and write
|
||
7FF8488B1000
|
trusted library allocation
|
page read and write
|
There are 117 hidden memdumps, click here to show them.