Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
lzsVg6vGuu.ps1
|
ASCII text, with very long lines (65529)
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kjux4bn4.0o0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uvq4xlyl.e44.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B5GHTFVJH0N36ICQZ8FQ.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\lzsVg6vGuu.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
191.96.207.180
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
191.96.207.180
|
vecotr.viewdns.net
|
Chile
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F51000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1EF4DE18000
|
trusted library allocation
|
page read and write
|
|
|
|
1EF4FCF4000
|
trusted library allocation
|
page read and write
|
|
|
|
1EF4F615000
|
trusted library allocation
|
page read and write
|
|
|
|
1EF66360000
|
trusted library section
|
page read and write
|
|
|
|
1EF65BF7000
|
heap
|
page read and write
|
||
|
1EF5E4B0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4D8A5000
|
heap
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
681A000
|
heap
|
page read and write
|
||
|
125C000
|
heap
|
page read and write
|
||
|
1EF4BF10000
|
heap
|
page readonly
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
1215000
|
heap
|
page read and write
|
||
|
1EF4BD00000
|
heap
|
page read and write
|
||
|
1EF4BC00000
|
heap
|
page read and write
|
||
|
7FF848BA2000
|
trusted library allocation
|
page read and write
|
||
|
66C0000
|
heap
|
page read and write
|
||
|
1EF4BC48000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
7F1E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
1EF5DBF1000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BF20000
|
trusted library allocation
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
6579000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
124C000
|
heap
|
page read and write
|
||
|
1EF65FA2000
|
heap
|
page read and write
|
||
|
11A1000
|
heap
|
page read and write
|
||
|
1EF4BBF0000
|
heap
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
5BD0000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
2CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF65F57000
|
heap
|
page execute and read and write
|
||
|
12ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF4BCEA000
|
heap
|
page read and write
|
||
|
2F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DA1D5000
|
stack
|
page read and write
|
||
|
6DA879000
|
stack
|
page read and write
|
||
|
7FF848D5A000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BC52000
|
heap
|
page read and write
|
||
|
2F2C000
|
stack
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
trusted library allocation
|
page read and write
|
||
|
5390000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BED0000
|
trusted library allocation
|
page read and write
|
||
|
61EC000
|
stack
|
page read and write
|
||
|
12E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
D98000
|
stack
|
page read and write
|
||
|
1EF4BF00000
|
trusted library allocation
|
page read and write
|
||
|
6DB70A000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C56000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1EF4E1DF000
|
trusted library allocation
|
page read and write
|
||
|
C9B000
|
stack
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
1EF4D7F0000
|
heap
|
page read and write
|
||
|
2CC2000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF4BCAC000
|
heap
|
page read and write
|
||
|
118D000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
7FF848D82000
|
trusted library allocation
|
page read and write
|
||
|
1EF65D00000
|
heap
|
page read and write
|
||
|
7FF848D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF5DC70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848C60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5453000
|
heap
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
7DF4D5550000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DA6FF000
|
stack
|
page read and write
|
||
|
1EF4BCDF000
|
heap
|
page read and write
|
||
|
6817000
|
heap
|
page read and write
|
||
|
1EF4FBAF000
|
trusted library allocation
|
page read and write
|
||
|
5F6C000
|
stack
|
page read and write
|
||
|
57E9000
|
stack
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BF85000
|
heap
|
page read and write
|
||
|
3F51000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4FCEB000
|
trusted library allocation
|
page read and write
|
||
|
6DABBA000
|
stack
|
page read and write
|
||
|
6DAABE000
|
stack
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
7FF848CC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF5DC00000
|
trusted library allocation
|
page read and write
|
||
|
66D4000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
heap
|
page read and write
|
||
|
1EF65F60000
|
heap
|
page read and write
|
||
|
1EF4BE30000
|
heap
|
page read and write
|
||
|
6DA77E000
|
stack
|
page read and write
|
||
|
61AD000
|
stack
|
page read and write
|
||
|
7FF848DD0000
|
trusted library allocation
|
page read and write
|
||
|
1EF5E185000
|
trusted library allocation
|
page read and write
|
||
|
123B000
|
heap
|
page read and write
|
||
|
2D48000
|
trusted library allocation
|
page read and write
|
||
|
2CDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF4DBF1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF4BC20000
|
heap
|
page read and write
|
||
|
5AEE000
|
stack
|
page read and write
|
||
|
7FF848BB0000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
heap
|
page read and write
|
||
|
1EF4E1DA000
|
trusted library allocation
|
page read and write
|
||
|
1EF65F00000
|
heap
|
page execute and read and write
|
||
|
1EF65D41000
|
heap
|
page read and write
|
||
|
7FF848C86000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EF4BF70000
|
heap
|
page execute and read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
1EF5DD6B000
|
trusted library allocation
|
page read and write
|
||
|
1EF4D760000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BA4000
|
trusted library allocation
|
page read and write
|
||
|
1EF4FD20000
|
trusted library allocation
|
page read and write
|
||
|
12E4000
|
trusted library allocation
|
page read and write
|
||
|
2CD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6705000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
7FF848C5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E60000
|
trusted library allocation
|
page read and write
|
||
|
6DAC3E000
|
stack
|
page read and write
|
||
|
1EF4BD27000
|
heap
|
page read and write
|
||
|
1EF65D89000
|
heap
|
page read and write
|
||
|
1EF65D38000
|
heap
|
page read and write
|
||
|
58EF000
|
stack
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
56ED000
|
stack
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
6DA5FE000
|
stack
|
page read and write
|
||
|
119D000
|
heap
|
page read and write
|
||
|
1EF5DC64000
|
trusted library allocation
|
page read and write
|
||
|
1168000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4E215000
|
trusted library allocation
|
page read and write
|
||
|
6DAA39000
|
stack
|
page read and write
|
||
|
5CEE000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
1317000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BA0000
|
trusted library allocation
|
page read and write
|
||
|
606D000
|
stack
|
page read and write
|
||
|
7FF848BBB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page read and write
|
||
|
6DA937000
|
stack
|
page read and write
|
||
|
7FF848DB0000
|
trusted library allocation
|
page read and write
|
||
|
62EE000
|
stack
|
page read and write
|
||
|
1EF4EC15000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
6DA67B000
|
stack
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
6DA47E000
|
stack
|
page read and write
|
||
|
60AC000
|
stack
|
page read and write
|
||
|
7FF848D51000
|
trusted library allocation
|
page read and write
|
||
|
642D000
|
stack
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
1EF65F50000
|
heap
|
page execute and read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
504D000
|
stack
|
page read and write
|
||
|
112C000
|
stack
|
page read and write
|
||
|
5F2F000
|
stack
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
2CC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
6815000
|
heap
|
page read and write
|
||
|
7FF848C50000
|
trusted library allocation
|
page read and write
|
||
|
1EF65FBC000
|
heap
|
page read and write
|
||
|
6DA4FE000
|
stack
|
page read and write
|
||
|
6DA9B7000
|
stack
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
1EF4FBB5000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BD2D000
|
heap
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BC40000
|
heap
|
page read and write
|
||
|
1EF5DD5C000
|
trusted library allocation
|
page read and write
|
||
|
1EF65E20000
|
heap
|
page read and write
|
||
|
119A000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page execute and read and write
|
||
|
6DA7FD000
|
stack
|
page read and write
|
||
|
7FF848DA0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BF80000
|
heap
|
page read and write
|
||
|
542C000
|
stack
|
page read and write
|
||
|
7FF848BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DA57D000
|
stack
|
page read and write
|
||
|
1EF65DFB000
|
heap
|
page read and write
|
||
|
1EF65D87000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4DC78000
|
trusted library allocation
|
page read and write
|
||
|
7FF848BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
6DB68F000
|
stack
|
page read and write
|
||
|
6576000
|
trusted library allocation
|
page read and write
|
||
|
123D000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
5EAF000
|
stack
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
12F3000
|
trusted library allocation
|
page read and write
|
||
|
1EF4D890000
|
heap
|
page read and write
|
||
|
1197000
|
heap
|
page read and write
|
||
|
1EF65D44000
|
heap
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BD29000
|
heap
|
page read and write
|
||
|
55E0000
|
heap
|
page execute and read and write
|
||
|
5EEE000
|
stack
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BCC9000
|
heap
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page read and write
|
||
|
1EF5E3DA000
|
trusted library allocation
|
page read and write
|
||
|
5E6D000
|
stack
|
page read and write
|
||
|
1306000
|
heap
|
page read and write
|
||
|
1EF4D8A0000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
1EF4FD16000
|
trusted library allocation
|
page read and write
|
||
|
1EF4BCE2000
|
heap
|
page read and write
|
||
|
6DAB3E000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
6DA8BF000
|
stack
|
page read and write
|
||
|
6DACBC000
|
stack
|
page read and write
|
||
|
DF6000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
1EF4FD26000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1EF66160000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
There are 233 hidden memdumps, click here to show them.