Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
5j2OMdx64J.ps1
|
ASCII text
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3os2v5tg.4ff.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2nc44v2.epa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I8SYJP66JIC44BOUQGXK.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\5j2OMdx64J.ps1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://aka.ms/pscore6
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1F56E87D000
|
heap
|
page read and write
|
||
7FF849120000
|
trusted library allocation
|
page read and write
|
||
1F556360000
|
heap
|
page execute and read and write
|
||
1F55680B000
|
trusted library allocation
|
page read and write
|
||
1F554923000
|
heap
|
page read and write
|
||
1F55491F000
|
heap
|
page read and write
|
||
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
1F55491D000
|
heap
|
page read and write
|
||
1F5667F1000
|
trusted library allocation
|
page read and write
|
||
1F556866000
|
trusted library allocation
|
page read and write
|
||
1DBE677000
|
stack
|
page read and write
|
||
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
1F554890000
|
heap
|
page read and write
|
||
1DBE57D000
|
stack
|
page read and write
|
||
1F556914000
|
trusted library allocation
|
page read and write
|
||
7FF849130000
|
trusted library allocation
|
page read and write
|
||
1F554A80000
|
heap
|
page read and write
|
||
7FF848FF2000
|
trusted library allocation
|
page read and write
|
||
1DBE8FE000
|
stack
|
page read and write
|
||
1F5564A0000
|
heap
|
page read and write
|
||
1DBE5F9000
|
stack
|
page read and write
|
||
1F5549D0000
|
trusted library allocation
|
page read and write
|
||
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
1F556922000
|
trusted library allocation
|
page read and write
|
||
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
1DBE47E000
|
stack
|
page read and write
|
||
1DBDF9E000
|
stack
|
page read and write
|
||
1F554981000
|
heap
|
page read and write
|
||
1F554B10000
|
heap
|
page read and write
|
||
1F5549A0000
|
trusted library allocation
|
page read and write
|
||
1F554A70000
|
trusted library allocation
|
page read and write
|
||
1F556C82000
|
trusted library allocation
|
page read and write
|
||
1F554800000
|
heap
|
page read and write
|
||
1F55691F000
|
trusted library allocation
|
page read and write
|
||
1F556911000
|
trusted library allocation
|
page read and write
|
||
1F55690B000
|
trusted library allocation
|
page read and write
|
||
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
1F55695A000
|
trusted library allocation
|
page read and write
|
||
1F556D2C000
|
trusted library allocation
|
page read and write
|
||
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
7FF849030000
|
trusted library allocation
|
page read and write
|
||
1DBE777000
|
stack
|
page read and write
|
||
1F5570A0000
|
trusted library allocation
|
page read and write
|
||
7FF849110000
|
trusted library allocation
|
page read and write
|
||
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
1F55688D000
|
trusted library allocation
|
page read and write
|
||
7FF849090000
|
trusted library allocation
|
page read and write
|
||
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
1F556B1A000
|
trusted library allocation
|
page read and write
|
||
1F56E7F0000
|
heap
|
page read and write
|
||
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
1F5549F0000
|
heap
|
page readonly
|
||
7FF849050000
|
trusted library allocation
|
page read and write
|
||
1F556CDD000
|
trusted library allocation
|
page read and write
|
||
1DBE2FE000
|
stack
|
page read and write
|
||
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
1F5549E0000
|
heap
|
page read and write
|
||
1DBE77E000
|
stack
|
page read and write
|
||
1F554941000
|
heap
|
page read and write
|
||
1F56E83F000
|
heap
|
page read and write
|
||
1F556961000
|
trusted library allocation
|
page read and write
|
||
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
1F56E910000
|
heap
|
page read and write
|
||
1F556815000
|
trusted library allocation
|
page read and write
|
||
1F56EA1F000
|
heap
|
page read and write
|
||
7FF849040000
|
trusted library allocation
|
page read and write
|
||
1F556DDE000
|
trusted library allocation
|
page read and write
|
||
1F56EA1C000
|
heap
|
page read and write
|
||
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
7FF849020000
|
trusted library allocation
|
page read and write
|
||
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
1F5546C0000
|
heap
|
page read and write
|
||
1F554987000
|
heap
|
page read and write
|
||
1F554898000
|
heap
|
page read and write
|
||
1F5567F1000
|
trusted library allocation
|
page read and write
|
||
1F556CD4000
|
trusted library allocation
|
page read and write
|
||
1F5564A5000
|
heap
|
page read and write
|
||
1F55493D000
|
heap
|
page read and write
|
||
7FF849080000
|
trusted library allocation
|
page read and write
|
||
1F5548A2000
|
heap
|
page read and write
|
||
1F556B50000
|
trusted library allocation
|
page read and write
|
||
1DBDF15000
|
stack
|
page read and write
|
||
1F56E8EC000
|
heap
|
page read and write
|
||
1F56E9F7000
|
heap
|
page execute and read and write
|
||
1F56EA00000
|
heap
|
page read and write
|
||
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
1DBE4FF000
|
stack
|
page read and write
|
||
1F554B15000
|
heap
|
page read and write
|
||
1F5547C0000
|
heap
|
page read and write
|
||
1F55683A000
|
trusted library allocation
|
page read and write
|
||
1DBDFDE000
|
stack
|
page read and write
|
||
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
7FF849070000
|
trusted library allocation
|
page read and write
|
||
1F554939000
|
heap
|
page read and write
|
||
1F55683D000
|
trusted library allocation
|
page read and write
|
||
1F554947000
|
heap
|
page read and write
|
||
1F56E834000
|
heap
|
page read and write
|
||
1DBE97E000
|
stack
|
page read and write
|
||
1F556925000
|
trusted library allocation
|
page read and write
|
||
1F56E8C0000
|
heap
|
page read and write
|
||
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
1F554983000
|
heap
|
page read and write
|
||
7FF849100000
|
trusted library allocation
|
page read and write
|
||
1F56E9F0000
|
heap
|
page execute and read and write
|
||
7FF849150000
|
trusted library allocation
|
page read and write
|
||
1F56685F000
|
trusted library allocation
|
page read and write
|
||
1F554959000
|
heap
|
page read and write
|
||
1F566800000
|
trusted library allocation
|
page read and write
|
||
1F556CE5000
|
trusted library allocation
|
page read and write
|
||
1F55709C000
|
trusted library allocation
|
page read and write
|
||
1F5547A0000
|
heap
|
page read and write
|
||
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
7FF849140000
|
trusted library allocation
|
page read and write
|
||
1DBE37E000
|
stack
|
page read and write
|
||
1F556CA4000
|
trusted library allocation
|
page read and write
|
||
1F55690E000
|
trusted library allocation
|
page read and write
|
||
1F5548DB000
|
heap
|
page read and write
|
||
1DBE6FB000
|
stack
|
page read and write
|
||
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
1DBE7FE000
|
stack
|
page read and write
|
||
1F56EA26000
|
heap
|
page read and write
|
||
7FF849010000
|
trusted library allocation
|
page read and write
|
||
1F5548D9000
|
heap
|
page read and write
|
||
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF849060000
|
trusted library allocation
|
page read and write
|
||
1DBE9FB000
|
stack
|
page read and write
|
||
1F556BDE000
|
trusted library allocation
|
page read and write
|
||
1F556480000
|
heap
|
page execute and read and write
|
||
1DBE3FB000
|
stack
|
page read and write
|
||
1F55689C000
|
trusted library allocation
|
page read and write
|
||
1DBE27E000
|
stack
|
page read and write
|
||
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
7DF48D930000
|
trusted library allocation
|
page execute and read and write
|
||
1DBE87F000
|
stack
|
page read and write
|
||
1F554945000
|
heap
|
page read and write
|
There are 130 hidden memdumps, click here to show them.