IOC Report
download.ps1

loading gif

Files

File Path
Type
Category
Malicious
download.ps1
ASCII text, with very long lines (10697), with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b3ezhu2r.0ho.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nmnal32n.t51.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tara4a3d.2pf.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yjrg43zi.yqe.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VO66TS5XF6Y6TQY4DATI.temp
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://gajaechkfhfghal.top
unknown
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gif
unknown
https://photos.google.com/?tab=wq&pageId=none
unknown
http://www.google.com/preferences?hl=enX
unknown
https://csp.withgoogle.com/csp/gws/other-hp
unknown
https://contoso.com/License
unknown
https://news.google.com/?tab=wn
unknown
https://www.google.com/logos/doodles/2024/seasonal-holidays-202
unknown
https://docs.google.com/document/?usp=docs_alc
unknown
http://schema.org/WebPage
unknown
https://0.google.com/
unknown
https://www.google.com/webhp?tab=ww
unknown
http://schema.org/WebPageX
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://www.google.com/finance?tab=we
unknown
http://gajaechkfhfghal.top/aoe6m40s3hhtr.php?id=user-PC&key=85684789732&s=527
45.61.136.138
http://maps.google.com/maps?hl=en&tab=wl
unknown
http://www.google.com
unknown
https://apis.google.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.blogger.com/?tab=wj
unknown
http://$ckda40xjnqlemz6/$jqly5pcaxf6vo3g.php?id=$env:computername&key=$dhvyekza&s=527
unknown
http://www.google.com/mobile/?hl=en&tab=wD
unknown
https://play.google.com/?hl=en&tab=w8
unknown
http://nuget.org/NuGet.exe
unknown
https://www.google.com/imghp?hl=en&tab=wi
unknown
https://www.google.com/shopping?hl=en&source=og&tab=wf
unknown
https://lh3.googleusercontent.com/ogw/default-user=s96
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://drive.google.com/?tab=wo
unknown
https://contoso.com/Icon
unknown
https://0.google
unknown
https://mail.google.com/mail/?tab=wm
unknown
https://github.com/Pester/Pester
unknown
https://www.youtube.com/?tab=w1
unknown
http://0.google.
unknown
https://lh3.googleusercontent.com/ogw/default-user=s96X
unknown
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gifX
unknown
http://crl.m
unknown
http://0.google.com/
unknown
https://lh3.googleusercontent.com/ogw/default-user=s24
unknown
http://www.google.com/history/optout?hl=en
unknown
https://books.google.com/?hl=en&tab=wp
unknown
https://translate.google.com/?hl=en&tab=wT
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://www.google.com/intl/en/about/products?tab=whX
unknown
https://calendar.google.com/calendar?tab=wc
unknown
https://aka.ms/pscore68
unknown
https://lh3.googleusercontent.com/ogw/default-user=s24X
unknown
http://www.google.com/
172.217.21.36
There are 43 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
172.217.21.36
gajaechkfhfghal.top
45.61.136.138

IPs

IP
Domain
Country
Malicious
45.61.136.138
gajaechkfhfghal.top
United States
172.217.21.36
www.google.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1E2F6BA0000
heap
page read and write
41515CB000
stack
page read and write
1E282685000
trusted library allocation
page read and write
1E2F6CB5000
heap
page read and write
1E2F8CD0000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
415063C000
stack
page read and write
7FFD9BA6C000
trusted library allocation
page execute and read and write
1E282664000
trusted library allocation
page read and write
1E2F8670000
heap
page execute and read and write
7FFD9BBB0000
trusted library allocation
page read and write
7FFD9BBE0000
trusted library allocation
page read and write
7FFD9BBF0000
trusted library allocation
page read and write
7FFD9BD70000
trusted library allocation
page read and write
415017F000
stack
page read and write
1E282340000
trusted library allocation
page read and write
1E2817AF000
trusted library allocation
page read and write
41505BF000
stack
page read and write
1E2F6B95000
heap
page read and write
414FF7E000
stack
page read and write
7FFD9BA0C000
trusted library allocation
page execute and read and write
1E290318000
trusted library allocation
page read and write
1E2F90EB000
heap
page read and write
1E2F6CB1000
heap
page read and write
1E2F8D5F000
heap
page read and write
7FFD9BC40000
trusted library allocation
page read and write
1E2F90EF000
heap
page read and write
41506BC000
stack
page read and write
1E28265A000
trusted library allocation
page read and write
1E2F86A5000
heap
page read and write
7FFD9BE80000
trusted library allocation
page execute and read and write
1E28173F000
trusted library allocation
page read and write
415128B000
stack
page read and write
1E281E7A000
trusted library allocation
page read and write
7FFD9BCA0000
trusted library allocation
page read and write
7FFD9BC80000
trusted library allocation
page read and write
41503B6000
stack
page read and write
7FFD9BB80000
trusted library allocation
page execute and read and write
1E2F87E0000
heap
page read and write
1E290228000
trusted library allocation
page read and write
1E282695000
trusted library allocation
page read and write
1E2F9023000
heap
page read and write
7FFD9BD68000
trusted library allocation
page read and write
7FFD9BDB0000
trusted library allocation
page read and write
1E2F8F52000
heap
page read and write
7FFD9B9B3000
trusted library allocation
page execute and read and write
7FFD9BE70000
trusted library allocation
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
1E282339000
trusted library allocation
page read and write
7FFD9BE50000
trusted library allocation
page read and write
1E281863000
trusted library allocation
page read and write
7FFD9BCC0000
trusted library allocation
page read and write
415120D000
stack
page read and write
1E28175B000
trusted library allocation
page read and write
7FFD9BB6A000
trusted library allocation
page read and write
1E280C28000
trusted library allocation
page read and write
7FFD9BDB9000
trusted library allocation
page read and write
7DF433720000
trusted library allocation
page execute and read and write
7FFD9BE60000
trusted library allocation
page read and write
414FE75000
stack
page read and write
1E2902E8000
trusted library allocation
page read and write
1E2F9063000
heap
page read and write
1E2F9034000
heap
page read and write
1E281795000
trusted library allocation
page read and write
1E2F6CB3000
heap
page read and write
7FFD9BD50000
trusted library allocation
page execute and read and write
415130B000
stack
page read and write
7FFD9BB92000
trusted library allocation
page read and write
1E2824B1000
trusted library allocation
page read and write
1E282670000
trusted library allocation
page read and write
414FFFD000
stack
page read and write
1E2F8F71000
heap
page read and write
41514CE000
stack
page read and write
1E2F8C50000
heap
page execute and read and write
41507BC000
stack
page read and write
7FFD9BDD0000
trusted library allocation
page read and write
415027A000
stack
page read and write
1E2F8630000
trusted library allocation
page read and write
1E2F86AD000
heap
page read and write
1E2F6BD0000
heap
page read and write
1E290001000
trusted library allocation
page read and write
1E2F8F1C000
heap
page read and write
415007A000
stack
page read and write
1E2F6D01000
heap
page read and write
7FFD9BC90000
trusted library allocation
page read and write
7FFD9BD20000
trusted library allocation
page execute and read and write
1E280001000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
1E2F8F07000
heap
page execute and read and write
1E2F8D21000
heap
page read and write
1E2F9330000
heap
page read and write
1E28263C000
trusted library allocation
page read and write
1E2F8F14000
heap
page read and write
7DF433740000
trusted library allocation
page execute and read and write
7FFD9BA66000
trusted library allocation
page read and write
7DF433730000
trusted library allocation
page execute and read and write
1E2F6B50000
heap
page read and write
1E2F8D28000
heap
page read and write
1E2F85E0000
trusted library allocation
page read and write
7FFD9BBC0000
trusted library allocation
page read and write
1E282323000
trusted library allocation
page read and write
1E282326000
trusted library allocation
page read and write
1E282649000
trusted library allocation
page read and write
1E2F8F00000
heap
page execute and read and write
1E2F9026000
heap
page read and write
1E2814B5000
trusted library allocation
page read and write
1E282677000
trusted library allocation
page read and write
7FFD9BA96000
trusted library allocation
page execute and read and write
1E2F6CFC000
heap
page read and write
1E2F6B60000
heap
page read and write
7FFD9BC20000
trusted library allocation
page read and write
1E2F8F20000
heap
page read and write
1E2F90F3000
heap
page read and write
7FFD9BDC0000
trusted library allocation
page read and write
7FFD9BC60000
trusted library allocation
page read and write
4150438000
stack
page read and write
415154E000
stack
page read and write
415053E000
stack
page read and write
7FFD9BD30000
trusted library allocation
page read and write
7FFD9BB70000
trusted library allocation
page execute and read and write
1E28265D000
trusted library allocation
page read and write
41500FB000
stack
page read and write
1E280D5B000
trusted library allocation
page read and write
1E2F6C22000
heap
page read and write
1E2F8D1A000
heap
page read and write
7FFD9BC00000
trusted library allocation
page read and write
1E2F6CBF000
heap
page read and write
415140E000
stack
page read and write
414FEFE000
stack
page read and write
41504B9000
stack
page read and write
7FFD9BE00000
trusted library allocation
page read and write
415073B000
stack
page read and write
415114E000
stack
page read and write
7FFD9B9CB000
trusted library allocation
page read and write
1E2F910C000
heap
page read and write
1E280087000
trusted library allocation
page read and write
7FFD9BE90000
trusted library allocation
page read and write
1E28235A000
trusted library allocation
page read and write
7FFD9BD10000
trusted library allocation
page read and write
415118F000
stack
page read and write
1E2F6CB7000
heap
page read and write
41502F8000
stack
page read and write
1E28234D000
trusted library allocation
page read and write
1E28266A000
trusted library allocation
page read and write
7FFD9BCE0000
trusted library allocation
page read and write
1E2F6CBB000
heap
page read and write
7FFD9BDC8000
trusted library allocation
page read and write
1E29006F000
trusted library allocation
page read and write
1E282319000
trusted library allocation
page read and write
1E282656000
trusted library allocation
page read and write
1E28232D000
trusted library allocation
page read and write
1E2F6C18000
heap
page read and write
7FFD9B9B4000
trusted library allocation
page read and write
1E2F6CD1000
heap
page read and write
1E282320000
trusted library allocation
page read and write
1E2F90C6000
heap
page read and write
1E282313000
trusted library allocation
page read and write
7FFD9BD60000
trusted library allocation
page read and write
1E28194A000
trusted library allocation
page read and write
7FFD9BC10000
trusted library allocation
page read and write
415148D000
stack
page read and write
1E2F86E0000
trusted library allocation
page read and write
1E2F8DD0000
heap
page read and write
1E280228000
trusted library allocation
page read and write
7FFD9B9BD000
trusted library allocation
page execute and read and write
1E2F6CBD000
heap
page read and write
7FFD9BB50000
trusted library allocation
page read and write
7FFD9BB61000
trusted library allocation
page read and write
1E2F8620000
heap
page readonly
7FFD9BD80000
trusted library allocation
page execute and read and write
415138E000
stack
page read and write
1E2F6C10000
heap
page read and write
1E2F8D23000
heap
page read and write
7FFD9B9B2000
trusted library allocation
page read and write
7FFD9BCD0000
trusted library allocation
page read and write
7FFD9BDF0000
trusted library allocation
page read and write
1E2F8B3F000
heap
page read and write
7FFD9B9D0000
trusted library allocation
page read and write
1E2F8D61000
heap
page read and write
1E282643000
trusted library allocation
page read and write
1E2F8F10000
heap
page read and write
415033E000
stack
page read and write
7FFD9BD93000
trusted library allocation
page read and write
1E2F86A0000
heap
page read and write
7FFD9BDE0000
trusted library allocation
page read and write
1E2F8F24000
heap
page read and write
1E2F86B0000
trusted library allocation
page read and write
1E2F901C000
heap
page read and write
7FFD9BB98000
trusted library allocation
page read and write
1E2F8F18000
heap
page read and write
1E282333000
trusted library allocation
page read and write
1E282650000
trusted library allocation
page read and write
7FFD9BDCC000
trusted library allocation
page read and write
7FFD9BD00000
trusted library allocation
page read and write
1E2F9338000
heap
page read and write
7FFD9BEA0000
trusted library allocation
page read and write
7FFD9BC50000
trusted library allocation
page read and write
1E2F90ED000
heap
page read and write
41507BE000
stack
page read and write
7FFD9BBA0000
trusted library allocation
page execute and read and write
1E2F8CE0000
heap
page read and write
1E2F8E00000
heap
page read and write
41501FE000
stack
page read and write
1E2F8CB0000
trusted library allocation
page read and write
7FFD9BDB4000
trusted library allocation
page read and write
7FFD9BBD0000
trusted library allocation
page read and write
7FFD9BAD0000
trusted library allocation
page execute and read and write
7FFD9BC70000
trusted library allocation
page read and write
7FFD9BD90000
trusted library allocation
page read and write
7FFD9BD40000
trusted library allocation
page read and write
7FFD9BC30000
trusted library allocation
page read and write
7FFD9BB94000
trusted library allocation
page read and write
1E2F907F000
heap
page read and write
7FFD9BCF0000
trusted library allocation
page read and write
1E2F8F28000
heap
page read and write
1E2F6B90000
heap
page read and write
7FFD9BCB0000
trusted library allocation
page read and write
1E282347000
trusted library allocation
page read and write
1E2F8610000
trusted library allocation
page read and write
There are 209 hidden memdumps, click here to show them.