Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
84Z63SyEQ7.ps1
|
ASCII text, with very long lines (65526), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kd2fd5ey.qiu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zxxvivap.sdx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UEK2DMRH2GD3AT5SXHI3.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\84Z63SyEQ7.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
191.96.207.180
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
191.96.207.180
|
vecotr.viewdns.net
|
Chile
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1A9821C7000
|
trusted library allocation
|
page read and write
|
|
|
|
1A998460000
|
trusted library section
|
page read and write
|
|
|
|
1A980368000
|
trusted library allocation
|
page read and write
|
|
|
|
28E1000
|
trusted library allocation
|
page read and write
|
|
|
|
1A981B65000
|
trusted library allocation
|
page read and write
|
|
|
|
5C7E000
|
stack
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
CBC000
|
heap
|
page read and write
|
||
|
1A9987D0000
|
heap
|
page read and write
|
||
|
25EA179000
|
stack
|
page read and write
|
||
|
1A9801C8000
|
trusted library allocation
|
page read and write
|
||
|
593D000
|
stack
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
5DBD000
|
stack
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
1A981165000
|
trusted library allocation
|
page read and write
|
||
|
5B7C000
|
stack
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
2915000
|
trusted library allocation
|
page read and write
|
||
|
BC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34736000
|
trusted library allocation
|
page execute and read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
59FF000
|
stack
|
page read and write
|
||
|
BD7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34654000
|
trusted library allocation
|
page read and write
|
||
|
1A99866A000
|
heap
|
page read and write
|
||
|
25EA2F7000
|
stack
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
515D000
|
stack
|
page read and write
|
||
|
4F5E000
|
stack
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
4A1D000
|
stack
|
page read and write
|
||
|
BB3000
|
trusted library allocation
|
page read and write
|
||
|
25E99DF000
|
stack
|
page read and write
|
||
|
25EA1F6000
|
stack
|
page read and write
|
||
|
7FFD34832000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
1A9901B2000
|
trusted library allocation
|
page read and write
|
||
|
1A998336000
|
heap
|
page read and write
|
||
|
1A9FF4A0000
|
heap
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
C0B000
|
heap
|
page read and write
|
||
|
1A99829C000
|
heap
|
page read and write
|
||
|
1A9FF4A5000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page execute and read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
5DFC000
|
stack
|
page read and write
|
||
|
BCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
1A9FDA40000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
1A9982A9000
|
heap
|
page read and write
|
||
|
7FFD3465D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9FDAC2000
|
heap
|
page read and write
|
||
|
25EA279000
|
stack
|
page read and write
|
||
|
25E9E7E000
|
stack
|
page read and write
|
||
|
BC0000
|
trusted library allocation
|
page read and write
|
||
|
1A98072F000
|
trusted library allocation
|
page read and write
|
||
|
62F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
1A9FDAB8000
|
heap
|
page read and write
|
||
|
1A990150000
|
trusted library allocation
|
page read and write
|
||
|
1A9FDAB0000
|
heap
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
25EA37E000
|
stack
|
page read and write
|
||
|
2A61000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
1A980141000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
6341000
|
trusted library allocation
|
page read and write
|
||
|
25E9D7F000
|
stack
|
page read and write
|
||
|
5B3E000
|
stack
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
1A9984F0000
|
heap
|
page read and write
|
||
|
25E9EFB000
|
stack
|
page read and write
|
||
|
1A998410000
|
heap
|
page execute and read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
BE8000
|
heap
|
page read and write
|
||
|
1A998145000
|
heap
|
page read and write
|
||
|
25EA4FE000
|
stack
|
page read and write
|
||
|
1A9821ED000
|
trusted library allocation
|
page read and write
|
||
|
1A9902AA000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FFD3480A000
|
trusted library allocation
|
page read and write
|
||
|
C57000
|
heap
|
page read and write
|
||
|
1A98072A000
|
trusted library allocation
|
page read and write
|
||
|
C4A000
|
heap
|
page read and write
|
||
|
38E1000
|
trusted library allocation
|
page read and write
|
||
|
6330000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
1A982082000
|
trusted library allocation
|
page read and write
|
||
|
2728000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348E0000
|
trusted library allocation
|
page read and write
|
||
|
1A998612000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
1A9800E0000
|
heap
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
25E9C75000
|
stack
|
page read and write
|
||
|
1A990141000
|
trusted library allocation
|
page read and write
|
||
|
25E9F7E000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
CC2000
|
heap
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
1A9800B0000
|
trusted library allocation
|
page read and write
|
||
|
1A980765000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34706000
|
trusted library allocation
|
page read and write
|
||
|
1A9FDB99000
|
heap
|
page read and write
|
||
|
1A980020000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
6180000
|
heap
|
page read and write
|
||
|
1A9FD9E0000
|
heap
|
page read and write
|
||
|
1A9906D2000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
4E13000
|
heap
|
page read and write
|
||
|
25EA47A000
|
stack
|
page read and write
|
||
|
25EAFCA000
|
stack
|
page read and write
|
||
|
1A9984C7000
|
heap
|
page execute and read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page execute and read and write
|
||
|
25EA07E000
|
stack
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34801000
|
trusted library allocation
|
page read and write
|
||
|
BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DF481330000
|
trusted library allocation
|
page execute and read and write
|
||
|
61A0000
|
trusted library allocation
|
page read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
5329000
|
stack
|
page read and write
|
||
|
1A998288000
|
heap
|
page read and write
|
||
|
38E9000
|
trusted library allocation
|
page read and write
|
||
|
25EA3FE000
|
stack
|
page read and write
|
||
|
1A9902B9000
|
trusted library allocation
|
page read and write
|
||
|
B66000
|
heap
|
page read and write
|
||
|
25E9DFD000
|
stack
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page read and write
|
||
|
25EA57B000
|
stack
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page execute and read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
25EA0FD000
|
stack
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page execute and read and write
|
||
|
6430000
|
trusted library allocation
|
page execute and read and write
|
||
|
86B000
|
stack
|
page read and write
|
||
|
7FFD3466B000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
5A3C000
|
stack
|
page read and write
|
||
|
C87000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
491C000
|
stack
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
1A9985D0000
|
heap
|
page read and write
|
||
|
1A998677000
|
heap
|
page read and write
|
||
|
1A9FDB58000
|
heap
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
1A9909FE000
|
trusted library allocation
|
page read and write
|
||
|
1A9FD900000
|
heap
|
page read and write
|
||
|
1A9FDB50000
|
heap
|
page read and write
|
||
|
5CBC000
|
stack
|
page read and write
|
||
|
1A99862A000
|
heap
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
1A9FDB9D000
|
heap
|
page read and write
|
||
|
BFF000
|
heap
|
page read and write
|
||
|
1A9FDA00000
|
heap
|
page read and write
|
||
|
1A9FDD80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
BA4000
|
trusted library allocation
|
page read and write
|
||
|
BC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F6000
|
heap
|
page read and write
|
||
|
7FFD34652000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34653000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
1A9984C0000
|
heap
|
page execute and read and write
|
||
|
6325000
|
trusted library allocation
|
page read and write
|
||
|
1A9FDDA0000
|
heap
|
page read and write
|
||
|
1A99834B000
|
heap
|
page read and write
|
||
|
25E9CFE000
|
stack
|
page read and write
|
||
|
1A9982D7000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
5EFE000
|
stack
|
page read and write
|
||
|
7FDA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
1A998250000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
1A9901BE000
|
trusted library allocation
|
page read and write
|
||
|
1A998285000
|
heap
|
page read and write
|
||
|
1A980070000
|
trusted library allocation
|
page read and write
|
||
|
4DBE000
|
stack
|
page read and write
|
||
|
BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9FDB97000
|
heap
|
page read and write
|
||
|
1A9FDDA5000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page execute and read and write
|
||
|
1A9FDA80000
|
heap
|
page read and write
|
||
|
1A990928000
|
trusted library allocation
|
page read and write
|
||
|
1A99829F000
|
heap
|
page read and write
|
||
|
1A980030000
|
heap
|
page readonly
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
25EAF4E000
|
stack
|
page read and write
|
||
|
1A982088000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348D0000
|
trusted library allocation
|
page read and write
|
||
|
1A980130000
|
heap
|
page read and write
|
||
|
7FFD3470C000
|
trusted library allocation
|
page execute and read and write
|
||
|
25E9FFF000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
1A9821FB000
|
trusted library allocation
|
page read and write
|
||
|
1A980759000
|
trusted library allocation
|
page read and write
|
||
|
C19000
|
heap
|
page read and write
|
||
|
4DFC000
|
stack
|
page read and write
|
||
|
BDB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9FDB70000
|
heap
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page read and write
|
||
|
1A9985E0000
|
heap
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
967000
|
stack
|
page read and write
|
||
|
61A9000
|
trusted library allocation
|
page read and write
|
||
|
1A9FDB30000
|
heap
|
page read and write
|
There are 227 hidden memdumps, click here to show them.