Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
download.ps1
|
ASCII text, with very long lines (10697), with CRLF line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b3ezhu2r.0ho.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nmnal32n.t51.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tara4a3d.2pf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yjrg43zi.yqe.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VO66TS5XF6Y6TQY4DATI.temp
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://gajaechkfhfghal.top
|
unknown
|
||
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gif
|
unknown
|
||
https://photos.google.com/?tab=wq&pageId=none
|
unknown
|
||
http://www.google.com/preferences?hl=enX
|
unknown
|
||
https://csp.withgoogle.com/csp/gws/other-hp
|
unknown
|
||
https://contoso.com/License
|
unknown
|
||
https://news.google.com/?tab=wn
|
unknown
|
||
https://www.google.com/logos/doodles/2024/seasonal-holidays-202
|
unknown
|
||
https://docs.google.com/document/?usp=docs_alc
|
unknown
|
||
http://schema.org/WebPage
|
unknown
|
||
https://0.google.com/
|
unknown
|
||
https://www.google.com/webhp?tab=ww
|
unknown
|
||
http://schema.org/WebPageX
|
unknown
|
||
https://contoso.com/
|
unknown
|
||
https://nuget.org/nuget.exe
|
unknown
|
||
https://www.google.com/finance?tab=we
|
unknown
|
||
http://gajaechkfhfghal.top/aoe6m40s3hhtr.php?id=user-PC&key=85684789732&s=527
|
45.61.136.138
|
||
http://maps.google.com/maps?hl=en&tab=wl
|
unknown
|
||
http://www.google.com
|
unknown
|
||
https://apis.google.com
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://www.blogger.com/?tab=wj
|
unknown
|
||
http://$ckda40xjnqlemz6/$jqly5pcaxf6vo3g.php?id=$env:computername&key=$dhvyekza&s=527
|
unknown
|
||
http://www.google.com/mobile/?hl=en&tab=wD
|
unknown
|
||
https://play.google.com/?hl=en&tab=w8
|
unknown
|
||
http://nuget.org/NuGet.exe
|
unknown
|
||
https://www.google.com/imghp?hl=en&tab=wi
|
unknown
|
||
https://www.google.com/shopping?hl=en&source=og&tab=wf
|
unknown
|
||
https://lh3.googleusercontent.com/ogw/default-user=s96
|
unknown
|
||
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
https://drive.google.com/?tab=wo
|
unknown
|
||
https://contoso.com/Icon
|
unknown
|
||
https://0.google
|
unknown
|
||
https://mail.google.com/mail/?tab=wm
|
unknown
|
||
https://github.com/Pester/Pester
|
unknown
|
||
https://www.youtube.com/?tab=w1
|
unknown
|
||
http://0.google.
|
unknown
|
||
https://lh3.googleusercontent.com/ogw/default-user=s96X
|
unknown
|
||
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-2xa.gifX
|
unknown
|
||
http://crl.m
|
unknown
|
||
http://0.google.com/
|
unknown
|
||
https://lh3.googleusercontent.com/ogw/default-user=s24
|
unknown
|
||
http://www.google.com/history/optout?hl=en
|
unknown
|
||
https://books.google.com/?hl=en&tab=wp
|
unknown
|
||
https://translate.google.com/?hl=en&tab=wT
|
unknown
|
||
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
https://www.google.com/intl/en/about/products?tab=whX
|
unknown
|
||
https://calendar.google.com/calendar?tab=wc
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
https://lh3.googleusercontent.com/ogw/default-user=s24X
|
unknown
|
||
http://www.google.com/
|
172.217.21.36
|
There are 43 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
www.google.com
|
172.217.21.36
|
||
gajaechkfhfghal.top
|
45.61.136.138
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
45.61.136.138
|
gajaechkfhfghal.top
|
United States
|
||
172.217.21.36
|
www.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1E2F6BA0000
|
heap
|
page read and write
|
||
41515CB000
|
stack
|
page read and write
|
||
1E282685000
|
trusted library allocation
|
page read and write
|
||
1E2F6CB5000
|
heap
|
page read and write
|
||
1E2F8CD0000
|
heap
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
415063C000
|
stack
|
page read and write
|
||
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
1E282664000
|
trusted library allocation
|
page read and write
|
||
1E2F8670000
|
heap
|
page execute and read and write
|
||
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BBF0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD70000
|
trusted library allocation
|
page read and write
|
||
415017F000
|
stack
|
page read and write
|
||
1E282340000
|
trusted library allocation
|
page read and write
|
||
1E2817AF000
|
trusted library allocation
|
page read and write
|
||
41505BF000
|
stack
|
page read and write
|
||
1E2F6B95000
|
heap
|
page read and write
|
||
414FF7E000
|
stack
|
page read and write
|
||
7FFD9BA0C000
|
trusted library allocation
|
page execute and read and write
|
||
1E290318000
|
trusted library allocation
|
page read and write
|
||
1E2F90EB000
|
heap
|
page read and write
|
||
1E2F6CB1000
|
heap
|
page read and write
|
||
1E2F8D5F000
|
heap
|
page read and write
|
||
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
1E2F90EF000
|
heap
|
page read and write
|
||
41506BC000
|
stack
|
page read and write
|
||
1E28265A000
|
trusted library allocation
|
page read and write
|
||
1E2F86A5000
|
heap
|
page read and write
|
||
7FFD9BE80000
|
trusted library allocation
|
page execute and read and write
|
||
1E28173F000
|
trusted library allocation
|
page read and write
|
||
415128B000
|
stack
|
page read and write
|
||
1E281E7A000
|
trusted library allocation
|
page read and write
|
||
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
41503B6000
|
stack
|
page read and write
|
||
7FFD9BB80000
|
trusted library allocation
|
page execute and read and write
|
||
1E2F87E0000
|
heap
|
page read and write
|
||
1E290228000
|
trusted library allocation
|
page read and write
|
||
1E282695000
|
trusted library allocation
|
page read and write
|
||
1E2F9023000
|
heap
|
page read and write
|
||
7FFD9BD68000
|
trusted library allocation
|
page read and write
|
||
7FFD9BDB0000
|
trusted library allocation
|
page read and write
|
||
1E2F8F52000
|
heap
|
page read and write
|
||
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BE70000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
1E282339000
|
trusted library allocation
|
page read and write
|
||
7FFD9BE50000
|
trusted library allocation
|
page read and write
|
||
1E281863000
|
trusted library allocation
|
page read and write
|
||
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
415120D000
|
stack
|
page read and write
|
||
1E28175B000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB6A000
|
trusted library allocation
|
page read and write
|
||
1E280C28000
|
trusted library allocation
|
page read and write
|
||
7FFD9BDB9000
|
trusted library allocation
|
page read and write
|
||
7DF433720000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BE60000
|
trusted library allocation
|
page read and write
|
||
414FE75000
|
stack
|
page read and write
|
||
1E2902E8000
|
trusted library allocation
|
page read and write
|
||
1E2F9063000
|
heap
|
page read and write
|
||
1E2F9034000
|
heap
|
page read and write
|
||
1E281795000
|
trusted library allocation
|
page read and write
|
||
1E2F6CB3000
|
heap
|
page read and write
|
||
7FFD9BD50000
|
trusted library allocation
|
page execute and read and write
|
||
415130B000
|
stack
|
page read and write
|
||
7FFD9BB92000
|
trusted library allocation
|
page read and write
|
||
1E2824B1000
|
trusted library allocation
|
page read and write
|
||
1E282670000
|
trusted library allocation
|
page read and write
|
||
414FFFD000
|
stack
|
page read and write
|
||
1E2F8F71000
|
heap
|
page read and write
|
||
41514CE000
|
stack
|
page read and write
|
||
1E2F8C50000
|
heap
|
page execute and read and write
|
||
41507BC000
|
stack
|
page read and write
|
||
7FFD9BDD0000
|
trusted library allocation
|
page read and write
|
||
415027A000
|
stack
|
page read and write
|
||
1E2F8630000
|
trusted library allocation
|
page read and write
|
||
1E2F86AD000
|
heap
|
page read and write
|
||
1E2F6BD0000
|
heap
|
page read and write
|
||
1E290001000
|
trusted library allocation
|
page read and write
|
||
1E2F8F1C000
|
heap
|
page read and write
|
||
415007A000
|
stack
|
page read and write
|
||
1E2F6D01000
|
heap
|
page read and write
|
||
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD20000
|
trusted library allocation
|
page execute and read and write
|
||
1E280001000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
1E2F8F07000
|
heap
|
page execute and read and write
|
||
1E2F8D21000
|
heap
|
page read and write
|
||
1E2F9330000
|
heap
|
page read and write
|
||
1E28263C000
|
trusted library allocation
|
page read and write
|
||
1E2F8F14000
|
heap
|
page read and write
|
||
7DF433740000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BA66000
|
trusted library allocation
|
page read and write
|
||
7DF433730000
|
trusted library allocation
|
page execute and read and write
|
||
1E2F6B50000
|
heap
|
page read and write
|
||
1E2F8D28000
|
heap
|
page read and write
|
||
1E2F85E0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
1E282323000
|
trusted library allocation
|
page read and write
|
||
1E282326000
|
trusted library allocation
|
page read and write
|
||
1E282649000
|
trusted library allocation
|
page read and write
|
||
1E2F8F00000
|
heap
|
page execute and read and write
|
||
1E2F9026000
|
heap
|
page read and write
|
||
1E2814B5000
|
trusted library allocation
|
page read and write
|
||
1E282677000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
1E2F6CFC000
|
heap
|
page read and write
|
||
1E2F6B60000
|
heap
|
page read and write
|
||
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
1E2F8F20000
|
heap
|
page read and write
|
||
1E2F90F3000
|
heap
|
page read and write
|
||
7FFD9BDC0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
4150438000
|
stack
|
page read and write
|
||
415154E000
|
stack
|
page read and write
|
||
415053E000
|
stack
|
page read and write
|
||
7FFD9BD30000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB70000
|
trusted library allocation
|
page execute and read and write
|
||
1E28265D000
|
trusted library allocation
|
page read and write
|
||
41500FB000
|
stack
|
page read and write
|
||
1E280D5B000
|
trusted library allocation
|
page read and write
|
||
1E2F6C22000
|
heap
|
page read and write
|
||
1E2F8D1A000
|
heap
|
page read and write
|
||
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
1E2F6CBF000
|
heap
|
page read and write
|
||
415140E000
|
stack
|
page read and write
|
||
414FEFE000
|
stack
|
page read and write
|
||
41504B9000
|
stack
|
page read and write
|
||
7FFD9BE00000
|
trusted library allocation
|
page read and write
|
||
415073B000
|
stack
|
page read and write
|
||
415114E000
|
stack
|
page read and write
|
||
7FFD9B9CB000
|
trusted library allocation
|
page read and write
|
||
1E2F910C000
|
heap
|
page read and write
|
||
1E280087000
|
trusted library allocation
|
page read and write
|
||
7FFD9BE90000
|
trusted library allocation
|
page read and write
|
||
1E28235A000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
415118F000
|
stack
|
page read and write
|
||
1E2F6CB7000
|
heap
|
page read and write
|
||
41502F8000
|
stack
|
page read and write
|
||
1E28234D000
|
trusted library allocation
|
page read and write
|
||
1E28266A000
|
trusted library allocation
|
page read and write
|
||
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
1E2F6CBB000
|
heap
|
page read and write
|
||
7FFD9BDC8000
|
trusted library allocation
|
page read and write
|
||
1E29006F000
|
trusted library allocation
|
page read and write
|
||
1E282319000
|
trusted library allocation
|
page read and write
|
||
1E282656000
|
trusted library allocation
|
page read and write
|
||
1E28232D000
|
trusted library allocation
|
page read and write
|
||
1E2F6C18000
|
heap
|
page read and write
|
||
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
1E2F6CD1000
|
heap
|
page read and write
|
||
1E282320000
|
trusted library allocation
|
page read and write
|
||
1E2F90C6000
|
heap
|
page read and write
|
||
1E282313000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD60000
|
trusted library allocation
|
page read and write
|
||
1E28194A000
|
trusted library allocation
|
page read and write
|
||
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
415148D000
|
stack
|
page read and write
|
||
1E2F86E0000
|
trusted library allocation
|
page read and write
|
||
1E2F8DD0000
|
heap
|
page read and write
|
||
1E280228000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
1E2F6CBD000
|
heap
|
page read and write
|
||
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB61000
|
trusted library allocation
|
page read and write
|
||
1E2F8620000
|
heap
|
page readonly
|
||
7FFD9BD80000
|
trusted library allocation
|
page execute and read and write
|
||
415138E000
|
stack
|
page read and write
|
||
1E2F6C10000
|
heap
|
page read and write
|
||
1E2F8D23000
|
heap
|
page read and write
|
||
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BDF0000
|
trusted library allocation
|
page read and write
|
||
1E2F8B3F000
|
heap
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
1E2F8D61000
|
heap
|
page read and write
|
||
1E282643000
|
trusted library allocation
|
page read and write
|
||
1E2F8F10000
|
heap
|
page read and write
|
||
415033E000
|
stack
|
page read and write
|
||
7FFD9BD93000
|
trusted library allocation
|
page read and write
|
||
1E2F86A0000
|
heap
|
page read and write
|
||
7FFD9BDE0000
|
trusted library allocation
|
page read and write
|
||
1E2F8F24000
|
heap
|
page read and write
|
||
1E2F86B0000
|
trusted library allocation
|
page read and write
|
||
1E2F901C000
|
heap
|
page read and write
|
||
7FFD9BB98000
|
trusted library allocation
|
page read and write
|
||
1E2F8F18000
|
heap
|
page read and write
|
||
1E282333000
|
trusted library allocation
|
page read and write
|
||
1E282650000
|
trusted library allocation
|
page read and write
|
||
7FFD9BDCC000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
1E2F9338000
|
heap
|
page read and write
|
||
7FFD9BEA0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
1E2F90ED000
|
heap
|
page read and write
|
||
41507BE000
|
stack
|
page read and write
|
||
7FFD9BBA0000
|
trusted library allocation
|
page execute and read and write
|
||
1E2F8CE0000
|
heap
|
page read and write
|
||
1E2F8E00000
|
heap
|
page read and write
|
||
41501FE000
|
stack
|
page read and write
|
||
1E2F8CB0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BDB4000
|
trusted library allocation
|
page read and write
|
||
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD90000
|
trusted library allocation
|
page read and write
|
||
7FFD9BD40000
|
trusted library allocation
|
page read and write
|
||
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB94000
|
trusted library allocation
|
page read and write
|
||
1E2F907F000
|
heap
|
page read and write
|
||
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
1E2F8F28000
|
heap
|
page read and write
|
||
1E2F6B90000
|
heap
|
page read and write
|
||
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
1E282347000
|
trusted library allocation
|
page read and write
|
||
1E2F8610000
|
trusted library allocation
|
page read and write
|
There are 209 hidden memdumps, click here to show them.