Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
GvJxEfWyS1.ps1
|
ASCII text, with very long lines (65526), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aysyiml5.jvd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pgrbygw2.0sw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K8EWC842OA6SYY98URXL.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\GvJxEfWyS1.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
191.96.207.180
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
191.96.207.180
|
vecotr.viewdns.net
|
Chile
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
199C3A7D000
|
trusted library allocation
|
page read and write
|
|
|
|
2B41000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
199C1E47000
|
trusted library allocation
|
page read and write
|
|
|
|
199C16B0000
|
trusted library section
|
page read and write
|
|
|
|
199C3645000
|
trusted library allocation
|
page read and write
|
|
|
|
199C1565000
|
heap
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
199BFBA0000
|
heap
|
page read and write
|
||
|
5F00000
|
heap
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
63FA000
|
heap
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page read and write
|
||
|
130E6BE000
|
stack
|
page read and write
|
||
|
199D9E40000
|
heap
|
page read and write
|
||
|
596F000
|
stack
|
page read and write
|
||
|
199D1C30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
102D000
|
stack
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
5CAC000
|
stack
|
page read and write
|
||
|
5160000
|
heap
|
page execute and read and write
|
||
|
199BFBB3000
|
heap
|
page read and write
|
||
|
BE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
57D1000
|
trusted library allocation
|
page read and write
|
||
|
2948000
|
trusted library allocation
|
page read and write
|
||
|
199D1C90000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page execute and read and write
|
||
|
199C3AAC000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
130E1FE000
|
stack
|
page read and write
|
||
|
199C2245000
|
trusted library allocation
|
page read and write
|
||
|
130E2FF000
|
stack
|
page read and write
|
||
|
4FE3000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
199D9D13000
|
heap
|
page read and write
|
||
|
11C6000
|
heap
|
page read and write
|
||
|
5B2E000
|
stack
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
199C1C10000
|
heap
|
page execute and read and write
|
||
|
5DAE000
|
stack
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
130DDD5000
|
stack
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
130F30B000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
130E639000
|
stack
|
page read and write
|
||
|
BA6000
|
heap
|
page read and write
|
||
|
130E537000
|
stack
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
BC4000
|
trusted library allocation
|
page read and write
|
||
|
199C1640000
|
heap
|
page read and write
|
||
|
199BFAA0000
|
heap
|
page read and write
|
||
|
130F28F000
|
stack
|
page read and write
|
||
|
5B6C000
|
stack
|
page read and write
|
||
|
C68000
|
heap
|
page read and write
|
||
|
130E478000
|
stack
|
page read and write
|
||
|
199D9E48000
|
heap
|
page read and write
|
||
|
199D9EDD000
|
heap
|
page read and write
|
||
|
199D9EB6000
|
heap
|
page read and write
|
||
|
2E43000
|
trusted library allocation
|
page read and write
|
||
|
199BFC60000
|
heap
|
page read and write
|
||
|
63F5000
|
heap
|
page read and write
|
||
|
130E0FE000
|
stack
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
5EEE000
|
stack
|
page read and write
|
||
|
199D9C9D000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
199D9C50000
|
heap
|
page read and write
|
||
|
130E17D000
|
stack
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
199D9E8A000
|
heap
|
page read and write
|
||
|
130E27B000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
3B49000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
130E37E000
|
stack
|
page read and write
|
||
|
63E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
199BFC4C000
|
heap
|
page read and write
|
||
|
BF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
73B000
|
stack
|
page read and write
|
||
|
199C1490000
|
heap
|
page readonly
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
D55000
|
heap
|
page read and write
|
||
|
B3C000
|
stack
|
page read and write
|
||
|
130F38A000
|
stack
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
199C1CA7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
BE2000
|
trusted library allocation
|
page read and write
|
||
|
199C3938000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
199BFB00000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
199C220A000
|
trusted library allocation
|
page read and write
|
||
|
130E7BE000
|
stack
|
page read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
5A2E000
|
stack
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
C8B000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
199D9E30000
|
heap
|
page execute and read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD3000
|
trusted library allocation
|
page read and write
|
||
|
199BFB85000
|
heap
|
page read and write
|
||
|
199D211C000
|
trusted library allocation
|
page read and write
|
||
|
199D9CCD000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
63F0000
|
heap
|
page read and write
|
||
|
130E73E000
|
stack
|
page read and write
|
||
|
59EE000
|
stack
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
4EFC000
|
stack
|
page read and write
|
||
|
199D9D40000
|
heap
|
page read and write
|
||
|
199BFC48000
|
heap
|
page read and write
|
||
|
199BFB80000
|
heap
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FCF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
199BFC88000
|
heap
|
page read and write
|
||
|
7DF4A2000000
|
trusted library allocation
|
page execute and read and write
|
||
|
BFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
199D9C69000
|
heap
|
page read and write
|
||
|
63F2000
|
heap
|
page read and write
|
||
|
199BFC40000
|
heap
|
page read and write
|
||
|
50ED000
|
stack
|
page read and write
|
||
|
5EF9000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
199D1D88000
|
trusted library allocation
|
page read and write
|
||
|
130E3FD000
|
stack
|
page read and write
|
||
|
6190000
|
trusted library allocation
|
page read and write
|
||
|
130E83E000
|
stack
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
199C220F000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page execute and read and write
|
||
|
199D9EC0000
|
heap
|
page read and write
|
||
|
D17000
|
heap
|
page read and write
|
||
|
5269000
|
stack
|
page read and write
|
||
|
199D1D97000
|
trusted library allocation
|
page read and write
|
||
|
199D2371000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
5C6D000
|
stack
|
page read and write
|
||
|
130E07E000
|
stack
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
130E4BF000
|
stack
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
57BE000
|
stack
|
page read and write
|
||
|
199BFC50000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
5DEC000
|
stack
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
199D9EA9000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
199C1450000
|
trusted library allocation
|
page read and write
|
||
|
199D9C20000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
199C2239000
|
trusted library allocation
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
291C000
|
stack
|
page read and write
|
||
|
199C1650000
|
heap
|
page execute and read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
199C1510000
|
trusted library allocation
|
page read and write
|
||
|
199D9D0D000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
199C1700000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
54AF000
|
stack
|
page read and write
|
||
|
199D9C5C000
|
heap
|
page read and write
|
||
|
199C1A51000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
130E5B9000
|
stack
|
page read and write
|
||
|
6184000
|
trusted library allocation
|
page read and write
|
||
|
199D9E37000
|
heap
|
page execute and read and write
|
||
|
BCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
199DA040000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
130E8BB000
|
stack
|
page read and write
|
||
|
3B41000
|
trusted library allocation
|
page read and write
|
||
|
199C1560000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
F2D000
|
stack
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
199D9E51000
|
heap
|
page read and write
|
||
|
199C2C45000
|
trusted library allocation
|
page read and write
|
||
|
BEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
199BFAC0000
|
heap
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
199BFC8E000
|
heap
|
page read and write
|
||
|
199D259C000
|
trusted library allocation
|
page read and write
|
||
|
5EF6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
BC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
592D000
|
stack
|
page read and write
|
||
|
199C1C21000
|
trusted library allocation
|
page read and write
|
||
|
61B5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
199BF9C0000
|
heap
|
page read and write
|
||
|
199C14D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
199C1480000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
199D1C21000
|
trusted library allocation
|
page read and write
|
There are 229 hidden memdumps, click here to show them.