Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
bTfYKNPa3a.ps1
|
data
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dac2ajwv.zla.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mqvvpfvy.ct4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DIA1993LA91ST5XE6YBZ.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\bTfYKNPa3a.ps1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
17E1F7E000
|
stack
|
page read and write
|
||
17B7E4F8000
|
heap
|
page read and write
|
||
7FFB167B2000
|
unkown
|
page readonly
|
||
17B7DE95000
|
heap
|
page read and write
|
||
17B7E2F0000
|
heap
|
page read and write
|
||
17B7DDE7000
|
heap
|
page execute and read and write
|
||
7FFAAC3D0000
|
trusted library allocation
|
page read and write
|
||
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
17B7C2E4000
|
heap
|
page read and write
|
||
17B00001000
|
trusted library allocation
|
page read and write
|
||
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
17B7C2CC000
|
heap
|
page read and write
|
||
17B7C291000
|
heap
|
page read and write
|
||
7FFAAC47C000
|
trusted library allocation
|
page execute and read and write
|
||
17E22FD000
|
stack
|
page read and write
|
||
17B7E4F0000
|
heap
|
page read and write
|
||
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
17E253A000
|
stack
|
page read and write
|
||
7FFAAC5B0000
|
trusted library allocation
|
page execute and read and write
|
||
17B7C190000
|
heap
|
page read and write
|
||
17B0008B000
|
trusted library allocation
|
page read and write
|
||
17B01B8F000
|
trusted library allocation
|
page read and write
|
||
17B10001000
|
trusted library allocation
|
page read and write
|
||
17B10169000
|
trusted library allocation
|
page read and write
|
||
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
7FFAAC3C2000
|
trusted library allocation
|
page read and write
|
||
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
17E207E000
|
stack
|
page read and write
|
||
17B01EC7000
|
trusted library allocation
|
page read and write
|
||
17B7E37C000
|
heap
|
page read and write
|
||
17E1EFE000
|
stack
|
page read and write
|
||
17B7E552000
|
heap
|
page read and write
|
||
17B7C232000
|
heap
|
page read and write
|
||
17B7DDE0000
|
heap
|
page execute and read and write
|
||
17E26BE000
|
stack
|
page read and write
|
||
17B01BF5000
|
trusted library allocation
|
page read and write
|
||
17B7E410000
|
heap
|
page read and write
|
||
17E273E000
|
stack
|
page read and write
|
||
7FFAAC4A6000
|
trusted library allocation
|
page execute and read and write
|
||
17B01E06000
|
trusted library allocation
|
page read and write
|
||
17B7C4A0000
|
trusted library allocation
|
page read and write
|
||
17B10010000
|
trusted library allocation
|
page read and write
|
||
17B7C4C0000
|
heap
|
page read and write
|
||
17B01B93000
|
trusted library allocation
|
page read and write
|
||
7FFAAC590000
|
trusted library allocation
|
page execute and read and write
|
||
17E227E000
|
stack
|
page read and write
|
||
7FFAAC571000
|
trusted library allocation
|
page read and write
|
||
7FFAAC620000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
7FFAAC3C3000
|
trusted library allocation
|
page execute and read and write
|
||
17B7E6F0000
|
heap
|
page read and write
|
||
17B7DD00000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
7FFAAC3C4000
|
trusted library allocation
|
page read and write
|
||
7FFAAC41C000
|
trusted library allocation
|
page execute and read and write
|
||
7FFAAC3E0000
|
trusted library allocation
|
page read and write
|
||
17E20FF000
|
stack
|
page read and write
|
||
7FFAAC480000
|
trusted library allocation
|
page execute and read and write
|
||
7FFAAC5A2000
|
trusted library allocation
|
page read and write
|
||
7FFAAC560000
|
trusted library allocation
|
page read and write
|
||
17E23BE000
|
stack
|
page read and write
|
||
17B7DE00000
|
heap
|
page execute and read and write
|
||
17B7DE30000
|
heap
|
page execute and read and write
|
||
17B7C160000
|
heap
|
page read and write
|
||
17B00232000
|
trusted library allocation
|
page read and write
|
||
17B7C2CA000
|
heap
|
page read and write
|
||
17B7C520000
|
heap
|
page read and write
|
||
17B10074000
|
trusted library allocation
|
page read and write
|
||
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
17B7E487000
|
heap
|
page read and write
|
||
7FFAAC476000
|
trusted library allocation
|
page read and write
|
||
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
17B7E3E1000
|
heap
|
page read and write
|
||
7FFAAC580000
|
trusted library allocation
|
page execute and read and write
|
||
17B7C297000
|
heap
|
page read and write
|
||
17E24B9000
|
stack
|
page read and write
|
||
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
7FFAAC57A000
|
trusted library allocation
|
page read and write
|
||
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
17E217B000
|
stack
|
page read and write
|
||
7FFAAC4E0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
17B7C30D000
|
heap
|
page read and write
|
||
17B7E1ED000
|
heap
|
page read and write
|
||
17B7C317000
|
heap
|
page read and write
|
||
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
7DF456090000
|
trusted library allocation
|
page execute and read and write
|
||
17B7C525000
|
heap
|
page read and write
|
||
17B7E3EB000
|
heap
|
page read and write
|
||
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
17B7C470000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
17B7C2C6000
|
heap
|
page read and write
|
||
17B7E500000
|
heap
|
page read and write
|
||
7FFAAC5D0000
|
trusted library allocation
|
page read and write
|
||
17E21FF000
|
stack
|
page read and write
|
||
17B7C490000
|
heap
|
page readonly
|
||
17E25BF000
|
stack
|
page read and write
|
||
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
17B7E555000
|
heap
|
page read and write
|
||
17E27BB000
|
stack
|
page read and write
|
||
17B7C31D000
|
heap
|
page read and write
|
||
17B006A5000
|
trusted library allocation
|
page read and write
|
||
17E263E000
|
stack
|
page read and write
|
||
17B7C228000
|
heap
|
page read and write
|
||
17E243E000
|
stack
|
page read and write
|
||
7FFB16790000
|
unkown
|
page readonly
|
||
17E2378000
|
stack
|
page read and write
|
||
17B10080000
|
trusted library allocation
|
page read and write
|
||
17B7C170000
|
heap
|
page read and write
|
||
17B7C1D0000
|
heap
|
page read and write
|
||
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
17B7C2C4000
|
heap
|
page read and write
|
||
17B7E32D000
|
heap
|
page read and write
|
||
17E1E75000
|
stack
|
page read and write
|
||
17B7E3C6000
|
heap
|
page read and write
|
||
17B7E536000
|
heap
|
page read and write
|
||
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
7FFB167A6000
|
unkown
|
page readonly
|
||
17B7C480000
|
heap
|
page read and write
|
||
17B01EDA000
|
trusted library allocation
|
page read and write
|
||
17B7E336000
|
heap
|
page read and write
|
||
17E2437000
|
stack
|
page read and write
|
||
17B7C220000
|
heap
|
page read and write
|
||
17B7C440000
|
trusted library allocation
|
page read and write
|
||
17B7C30B000
|
heap
|
page read and write
|
||
17E1FFE000
|
stack
|
page read and write
|
||
17B013E4000
|
trusted library allocation
|
page read and write
|
||
7FFAAC3CD000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB167B5000
|
unkown
|
page readonly
|
||
17B7E3F0000
|
heap
|
page read and write
|
||
7FFB16791000
|
unkown
|
page execute read
|
||
17B7E544000
|
heap
|
page read and write
|
||
17B7DE90000
|
heap
|
page read and write
|
||
7FFB167B0000
|
unkown
|
page read and write
|
||
17B010A5000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
17B7E560000
|
heap
|
page read and write
|
There are 130 hidden memdumps, click here to show them.