Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
7lFbTUxX9m.ps1
|
ASCII text, with very long lines (65526), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qitkjwak.5ze.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wscdnfu5.ycl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PE4PKYK3L29P2XP9WUHY.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\7lFbTUxX9m.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
191.96.207.180
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
191.96.207.180
|
vecotr.viewdns.net
|
Chile
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
247D12A7000
|
trusted library allocation
|
page read and write
|
|
|
|
247E93C0000
|
trusted library section
|
page read and write
|
|
|
|
247D310C000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
32E1000
|
trusted library allocation
|
page read and write
|
|
|
|
247D2AA5000
|
trusted library allocation
|
page read and write
|
|
|
|
247D0BB0000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
B9D433E000
|
stack
|
page read and write
|
||
|
7FFB4B04D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1860000
|
trusted library allocation
|
page read and write
|
||
|
14C6000
|
heap
|
page read and write
|
||
|
19B0000
|
heap
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D4239000
|
stack
|
page read and write
|
||
|
7FFB4B1E0000
|
trusted library allocation
|
page read and write
|
||
|
6CF5000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
B9D4078000
|
stack
|
page read and write
|
||
|
B9D43BA000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
6B50000
|
heap
|
page read and write
|
||
|
247E9224000
|
heap
|
page read and write
|
||
|
B9D41BB000
|
stack
|
page read and write
|
||
|
247E1939000
|
trusted library allocation
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
|
247E1863000
|
trusted library allocation
|
page read and write
|
||
|
247D1070000
|
heap
|
page read and write
|
||
|
14B2000
|
heap
|
page read and write
|
||
|
14C9000
|
heap
|
page read and write
|
||
|
1543000
|
heap
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
247E10ED000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
624F000
|
stack
|
page read and write
|
||
|
6A6D000
|
heap
|
page read and write
|
||
|
42E9000
|
trusted library allocation
|
page read and write
|
||
|
247E1090000
|
trusted library allocation
|
page read and write
|
||
|
6B70000
|
trusted library allocation
|
page read and write
|
||
|
247E97DC000
|
heap
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
247CF130000
|
heap
|
page read and write
|
||
|
247E92C0000
|
heap
|
page read and write
|
||
|
6D00000
|
trusted library allocation
|
page read and write
|
||
|
7F250000
|
trusted library allocation
|
page execute and read and write
|
||
|
247D0B20000
|
trusted library allocation
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
1874000
|
trusted library allocation
|
page read and write
|
||
|
247E9799000
|
heap
|
page read and write
|
||
|
7FFB4B044000
|
trusted library allocation
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
14AE000
|
heap
|
page read and write
|
||
|
247E92A0000
|
heap
|
page read and write
|
||
|
1896000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
59C0000
|
heap
|
page execute and read and write
|
||
|
6D11000
|
trusted library allocation
|
page read and write
|
||
|
628E000
|
stack
|
page read and write
|
||
|
247CF250000
|
heap
|
page read and write
|
||
|
1337000
|
stack
|
page read and write
|
||
|
247CF1C9000
|
heap
|
page read and write
|
||
|
247D0A90000
|
heap
|
page read and write
|
||
|
123B000
|
stack
|
page read and write
|
||
|
1883000
|
trusted library allocation
|
page read and write
|
||
|
247E93E0000
|
heap
|
page execute and read and write
|
||
|
668E000
|
stack
|
page read and write
|
||
|
189A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2C0000
|
trusted library allocation
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page execute and read and write
|
||
|
247E908F000
|
heap
|
page read and write
|
||
|
18AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
247D2FC4000
|
trusted library allocation
|
page read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
7FFB4B042000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
247CF415000
|
heap
|
page read and write
|
||
|
58F3000
|
heap
|
page read and write
|
||
|
247E11E5000
|
trusted library allocation
|
page read and write
|
||
|
5FC0000
|
heap
|
page read and write
|
||
|
18A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
247CF1D4000
|
heap
|
page read and write
|
||
|
18C0000
|
trusted library allocation
|
page read and write
|
||
|
247E9263000
|
heap
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0F6000
|
trusted library allocation
|
page read and write
|
||
|
247D1020000
|
heap
|
page execute and read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
247D0A40000
|
heap
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
58BE000
|
stack
|
page read and write
|
||
|
247D0B30000
|
heap
|
page readonly
|
||
|
5720000
|
heap
|
page read and write
|
||
|
B9D4F0A000
|
stack
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
329C000
|
stack
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
247D166A000
|
trusted library allocation
|
page read and write
|
||
|
187D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D443E000
|
stack
|
page read and write
|
||
|
247E979F000
|
heap
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2A0000
|
trusted library allocation
|
page read and write
|
||
|
680C000
|
stack
|
page read and write
|
||
|
B9D3C7E000
|
stack
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
||
|
247D0C25000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
247CF1F0000
|
heap
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
7FFB4B05C000
|
trusted library allocation
|
page read and write
|
||
|
6A50000
|
heap
|
page read and write
|
||
|
B9D3CFE000
|
stack
|
page read and write
|
||
|
B9D3DFB000
|
stack
|
page read and write
|
||
|
247CF150000
|
heap
|
page read and write
|
||
|
247E1081000
|
trusted library allocation
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
61CD000
|
stack
|
page read and write
|
||
|
247D16A5000
|
trusted library allocation
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
247E91A0000
|
heap
|
page read and write
|
||
|
6080000
|
trusted library allocation
|
page read and write
|
||
|
153F000
|
heap
|
page read and write
|
||
|
247D0AF0000
|
trusted library allocation
|
page read and write
|
||
|
247CF050000
|
heap
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32B0000
|
heap
|
page execute and read and write
|
||
|
62CF000
|
stack
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B222000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
247D1698000
|
trusted library allocation
|
page read and write
|
||
|
247E920D000
|
heap
|
page read and write
|
||
|
247E93F0000
|
heap
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
247E11F4000
|
trusted library allocation
|
page read and write
|
||
|
247CF210000
|
heap
|
page read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
247D2FBF000
|
trusted library allocation
|
page read and write
|
||
|
247D0C20000
|
heap
|
page read and write
|
||
|
58F0000
|
heap
|
page read and write
|
||
|
7FFB4B2D0000
|
trusted library allocation
|
page read and write
|
||
|
654D000
|
stack
|
page read and write
|
||
|
53DD000
|
stack
|
page read and write
|
||
|
658C000
|
stack
|
page read and write
|
||
|
B9D4E8E000
|
stack
|
page read and write
|
||
|
247E91E9000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
247E91DA000
|
heap
|
page read and write
|
||
|
644C000
|
stack
|
page read and write
|
||
|
247E977C000
|
heap
|
page read and write
|
||
|
B9D44BB000
|
stack
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
247CF1F4000
|
heap
|
page read and write
|
||
|
247D0B70000
|
trusted library allocation
|
page read and write
|
||
|
6B79000
|
trusted library allocation
|
page read and write
|
||
|
247CF162000
|
heap
|
page read and write
|
||
|
1873000
|
trusted library allocation
|
page execute and read and write
|
||
|
1892000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3A0000
|
trusted library allocation
|
page read and write
|
||
|
B9D3D7E000
|
stack
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
7FFB4B370000
|
trusted library allocation
|
page read and write
|
||
|
247E9296000
|
heap
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
66CC000
|
stack
|
page read and write
|
||
|
18A0000
|
trusted library allocation
|
page read and write
|
||
|
247CF238000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
620E000
|
stack
|
page read and write
|
||
|
247D1108000
|
trusted library allocation
|
page read and write
|
||
|
247E97E1000
|
heap
|
page read and write
|
||
|
5ACD000
|
stack
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
B9D3FFD000
|
stack
|
page read and write
|
||
|
247D20A5000
|
trusted library allocation
|
page read and write
|
||
|
6CC4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
1406000
|
heap
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page execute and read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
7DF4B5330000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D3F7E000
|
stack
|
page read and write
|
||
|
5BC9000
|
stack
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page execute and read and write
|
||
|
B9D4136000
|
stack
|
page read and write
|
||
|
247E91E2000
|
heap
|
page read and write
|
||
|
247CF158000
|
heap
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page read and write
|
||
|
247E9760000
|
heap
|
page read and write
|
||
|
247CF410000
|
heap
|
page read and write
|
||
|
7FFB4B126000
|
trusted library allocation
|
page execute and read and write
|
||
|
1918000
|
trusted library allocation
|
page read and write
|
||
|
247D1081000
|
trusted library allocation
|
page read and write
|
||
|
247D1060000
|
heap
|
page execute and read and write
|
||
|
13B7000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
B9D39DE000
|
stack
|
page read and write
|
||
|
247E97E6000
|
heap
|
page read and write
|
||
|
247D166F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
B9D42BE000
|
stack
|
page read and write
|
||
|
247E93E7000
|
heap
|
page execute and read and write
|
||
|
14BB000
|
heap
|
page read and write
|
||
|
B9D3955000
|
stack
|
page read and write
|
||
|
6A68000
|
heap
|
page read and write
|
||
|
247CF1F8000
|
heap
|
page read and write
|
||
|
B9D3EFE000
|
stack
|
page read and write
|
||
|
247E160E000
|
trusted library allocation
|
page read and write
|
||
|
247CF1FE000
|
heap
|
page read and write
|
||
|
B9D40BE000
|
stack
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
|
B9D3E7E000
|
stack
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
247E9226000
|
heap
|
page read and write
|
||
|
42E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B043000
|
trusted library allocation
|
page execute and read and write
|
||
|
247E91D1000
|
heap
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
247E91E7000
|
heap
|
page read and write
|
||
|
6A62000
|
heap
|
page read and write
|
||
|
57CC000
|
stack
|
page read and write
|
||
|
19B6000
|
heap
|
page read and write
|
||
|
6A6B000
|
heap
|
page read and write
|
There are 231 hidden memdumps, click here to show them.