Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
f7f26fx0eq.ps1
|
ASCII text
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02hg0vci.ddd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rjtgbr3p.sxd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MEORLIR5E4UCQI45FDEQ.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\f7f26fx0eq.ps1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore6
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
2399BA20000
|
heap
|
page readonly
|
||
23999BF0000
|
heap
|
page read and write
|
||
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
239B3F92000
|
heap
|
page read and write
|
||
2399BC32000
|
trusted library allocation
|
page read and write
|
||
2399B690000
|
trusted library allocation
|
page read and write
|
||
EBD1E75000
|
stack
|
page read and write
|
||
EBD2376000
|
stack
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
2399BA80000
|
heap
|
page execute and read and write
|
||
239B3C80000
|
heap
|
page read and write
|
||
239B3F60000
|
heap
|
page execute and read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
EBD24FE000
|
stack
|
page read and write
|
||
EBD23F9000
|
stack
|
page read and write
|
||
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
23999D10000
|
heap
|
page read and write
|
||
EBD26FB000
|
stack
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
23999E02000
|
heap
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
239B3EF0000
|
heap
|
page execute and read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
EBD21FE000
|
stack
|
page read and write
|
||
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
EBD1F7E000
|
stack
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
2399BB1B000
|
trusted library allocation
|
page read and write
|
||
23999DC2000
|
heap
|
page read and write
|
||
2399C03C000
|
trusted library allocation
|
page read and write
|
||
239B3F67000
|
heap
|
page execute and read and write
|
||
2399BFE4000
|
trusted library allocation
|
page read and write
|
||
239B3DF0000
|
heap
|
page read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
23999CD0000
|
heap
|
page read and write
|
||
2399C3B2000
|
trusted library allocation
|
page read and write
|
||
23999D22000
|
heap
|
page read and write
|
||
EBD257E000
|
stack
|
page read and write
|
||
239B3F70000
|
heap
|
page read and write
|
||
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
239B3D36000
|
heap
|
page read and write
|
||
EBD227D000
|
stack
|
page read and write
|
||
2399BFF5000
|
trusted library allocation
|
page read and write
|
||
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
EBD1EFE000
|
stack
|
page read and write
|
||
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
2399BC21000
|
trusted library allocation
|
page read and write
|
||
EBD207E000
|
stack
|
page read and write
|
||
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
2399BB23000
|
trusted library allocation
|
page read and write
|
||
239ABB01000
|
trusted library allocation
|
page read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
239ABB74000
|
trusted library allocation
|
page read and write
|
||
23999FE0000
|
heap
|
page read and write
|
||
239B3E10000
|
heap
|
page read and write
|
||
239B3F90000
|
heap
|
page read and write
|
||
2399BC1E000
|
trusted library allocation
|
page read and write
|
||
23999DBC000
|
heap
|
page read and write
|
||
2399C0EC000
|
trusted library allocation
|
page read and write
|
||
EBD2479000
|
stack
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
2399BB6A000
|
trusted library allocation
|
page read and write
|
||
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
2399BCF8000
|
trusted library allocation
|
page read and write
|
||
239B3CC2000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
2399BC18000
|
trusted library allocation
|
page read and write
|
||
EBD22FE000
|
stack
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
2399BB9E000
|
trusted library allocation
|
page read and write
|
||
2399B6B0000
|
heap
|
page read and write
|
||
23999D97000
|
heap
|
page read and write
|
||
EBD20FC000
|
stack
|
page read and write
|
||
2399BFB3000
|
trusted library allocation
|
page read and write
|
||
2399B655000
|
heap
|
page read and write
|
||
2399B650000
|
heap
|
page read and write
|
||
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
239ABB10000
|
trusted library allocation
|
page read and write
|
||
23999DD6000
|
heap
|
page read and write
|
||
2399BC2F000
|
trusted library allocation
|
page read and write
|
||
2399BFEC000
|
trusted library allocation
|
page read and write
|
||
EBD217F000
|
stack
|
page read and write
|
||
23999FE5000
|
heap
|
page read and write
|
||
EBD22F8000
|
stack
|
page read and write
|
||
2399BB70000
|
trusted library allocation
|
page read and write
|
||
2399BA10000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
2399BAF0000
|
heap
|
page read and write
|
||
23999FC0000
|
heap
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
2399BC1B000
|
trusted library allocation
|
page read and write
|
||
2399C164000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
2399BB01000
|
trusted library allocation
|
page read and write
|
||
23999DBE000
|
heap
|
page read and write
|
||
7DF43D260000
|
trusted library allocation
|
page execute and read and write
|
||
239B3CF8000
|
heap
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
EBD1FFD000
|
stack
|
page read and write
|
||
2399C1CD000
|
trusted library allocation
|
page read and write
|
||
2399BA30000
|
trusted library allocation
|
page read and write
|
||
23999DFD000
|
heap
|
page read and write
|
||
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
239B3D69000
|
heap
|
page read and write
|
||
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
23999CF0000
|
heap
|
page read and write
|
||
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
23999DB5000
|
heap
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
2399BC6B000
|
trusted library allocation
|
page read and write
|
||
23999D18000
|
heap
|
page read and write
|
||
EBD267E000
|
stack
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
EBD1BCE000
|
stack
|
page read and write
|
||
2399BC35000
|
trusted library allocation
|
page read and write
|
There are 117 hidden memdumps, click here to show them.