Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Downloads\Unconfirmed 610443.crdownload
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\Downloads\sucklemydicknigger.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
Chrome Cache Entry: 49
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2yhrblrj.rxc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ckvnfmyb.uhl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjcz55c3.nyc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zcdlqbls.lzq.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Downloads\sucklemydicknigger.exe
|
"C:\Users\user\Downloads\sucklemydicknigger.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Downloads\sucklemydicknigger.exe'
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1976,i,9986206320547753570,420349288583730614,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://ser0xen.com/sucklemydicknigger.exe"
|
||
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US
--service-sandbox-type=icon_reader --mojo-platform-channel-handle=4872 --field-trial-handle=1976,i,9986206320547753570,420349288583730614,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ser0xen.com/sucklemydicknigger.exe
|
|
||
|
http://ser0xen.com/sucklemydicknigger.exe
|
18.224.107.108
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://crl.mic
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://ser0xen.com/sucklemydicknigger.exe
|
18.224.107.108
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ser0xen.com/pl.txt
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ser0xen.com
|
18.224.107.108
|
||
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
|
www.google.com
|
142.250.184.196
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
s-part-0032.t-0009.t-msedge.net
|
13.107.246.60
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.184.196
|
www.google.com
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
192.168.2.4
|
unknown
|
unknown
|
||
|
18.224.107.108
|
ser0xen.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F72000
|
unkown
|
page readonly
|
|
|
|
1B18296F000
|
trusted library allocation
|
page read and write
|
||
|
1B182CDB000
|
trusted library allocation
|
page read and write
|
||
|
1C114000
|
heap
|
page read and write
|
||
|
7FFD997E0000
|
trusted library allocation
|
page read and write
|
||
|
1B182955000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B00000
|
trusted library allocation
|
page read and write
|
||
|
35A863B000
|
stack
|
page read and write
|
||
|
1B1800F0000
|
heap
|
page read and write
|
||
|
35A84F9000
|
stack
|
page read and write
|
||
|
1B182CD7000
|
trusted library allocation
|
page read and write
|
||
|
1B180370000
|
trusted library section
|
page read and write
|
||
|
149D000
|
heap
|
page read and write
|
||
|
145E000
|
heap
|
page read and write
|
||
|
1B181BE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997E4000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
1B192077000
|
trusted library allocation
|
page read and write
|
||
|
1B180153000
|
heap
|
page read and write
|
||
|
1B191DEF000
|
trusted library allocation
|
page read and write
|
||
|
1B19A2C0000
|
heap
|
page read and write
|
||
|
1B182DA2000
|
trusted library allocation
|
page read and write
|
||
|
35A883C000
|
stack
|
page read and write
|
||
|
7FFD99A50000
|
trusted library allocation
|
page read and write
|
||
|
35A958E000
|
stack
|
page read and write
|
||
|
1B19A5D0000
|
trusted library allocation
|
page read and write
|
||
|
13181000
|
trusted library allocation
|
page read and write
|
||
|
35A948C000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
1B181E17000
|
trusted library allocation
|
page read and write
|
||
|
1B180197000
|
heap
|
page read and write
|
||
|
1B182FF2000
|
trusted library allocation
|
page read and write
|
||
|
35A930E000
|
stack
|
page read and write
|
||
|
1B19A4FB000
|
heap
|
page read and write
|
||
|
7FFD99BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD998C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
35A938E000
|
stack
|
page read and write
|
||
|
7DF41EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD99C10000
|
trusted library allocation
|
page read and write
|
||
|
35A958C000
|
stack
|
page read and write
|
||
|
7FFD999A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B183098000
|
trusted library allocation
|
page read and write
|
||
|
1BAF0000
|
heap
|
page execute and read and write
|
||
|
1945000
|
heap
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
7FFD99B40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B34000
|
trusted library allocation
|
page read and write
|
||
|
1B182959000
|
trusted library allocation
|
page read and write
|
||
|
1B192068000
|
trusted library allocation
|
page read and write
|
||
|
35A7FEE000
|
stack
|
page read and write
|
||
|
1B19206F000
|
trusted library allocation
|
page read and write
|
||
|
35A7F6E000
|
stack
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
7FFD99800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD998A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B181D80000
|
heap
|
page execute and read and write
|
||
|
1B183671000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9983C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD999E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997F0000
|
trusted library allocation
|
page read and write
|
||
|
1436000
|
heap
|
page read and write
|
||
|
1B18014D000
|
heap
|
page read and write
|
||
|
1B183691000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B10000
|
trusted library allocation
|
page read and write
|
||
|
7DF41EF90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD99AB0000
|
trusted library allocation
|
page read and write
|
||
|
179E000
|
stack
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
1B19A3FB000
|
heap
|
page read and write
|
||
|
1B1803B5000
|
heap
|
page read and write
|
||
|
1B182CEC000
|
trusted library allocation
|
page read and write
|
||
|
145C000
|
heap
|
page read and write
|
||
|
35A827E000
|
stack
|
page read and write
|
||
|
13188000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99A00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997E2000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
unkown
|
page readonly
|
||
|
1B19A15A000
|
heap
|
page read and write
|
||
|
1B19206D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99AA0000
|
trusted library allocation
|
page read and write
|
||
|
1B192088000
|
trusted library allocation
|
page read and write
|
||
|
1B181B60000
|
heap
|
page readonly
|
||
|
7FFD99A70000
|
trusted library allocation
|
page read and write
|
||
|
1BF0F000
|
stack
|
page read and write
|
||
|
35A83F7000
|
stack
|
page read and write
|
||
|
1B181C40000
|
heap
|
page read and write
|
||
|
1B19A503000
|
heap
|
page read and write
|
||
|
7FFD9983C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B191F29000
|
trusted library allocation
|
page read and write
|
||
|
1B19A3EA000
|
heap
|
page read and write
|
||
|
35A87BE000
|
stack
|
page read and write
|
||
|
7FFD99890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD999F0000
|
trusted library allocation
|
page read and write
|
||
|
1B182965000
|
trusted library allocation
|
page read and write
|
||
|
7FF4808E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B50000
|
trusted library allocation
|
page read and write
|
||
|
1B182CDF000
|
trusted library allocation
|
page read and write
|
||
|
35A9409000
|
stack
|
page read and write
|
||
|
35A837F000
|
stack
|
page read and write
|
||
|
1462000
|
heap
|
page read and write
|
||
|
1B181BA0000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
unkown
|
page readonly
|
||
|
7FFD99A10000
|
trusted library allocation
|
page read and write
|
||
|
1B181C55000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
1B19A50F000
|
heap
|
page read and write
|
||
|
1B18016D000
|
heap
|
page read and write
|
||
|
7FFD99C30000
|
trusted library allocation
|
page read and write
|
||
|
2F63000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B60000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
35A85B7000
|
stack
|
page read and write
|
||
|
7DF41EF80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B1827BC000
|
trusted library allocation
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
1B18019A000
|
heap
|
page read and write
|
||
|
7FFD99800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9989C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B1803A0000
|
trusted library allocation
|
page read and write
|
||
|
1B19A500000
|
heap
|
page read and write
|
||
|
1B19A120000
|
heap
|
page read and write
|
||
|
1B181FB7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9999A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD999D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3181000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD999C2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B180110000
|
heap
|
page read and write
|
||
|
1B180380000
|
trusted library allocation
|
page read and write
|
||
|
1B1803B0000
|
heap
|
page read and write
|
||
|
F7C000
|
unkown
|
page readonly
|
||
|
1C110000
|
heap
|
page read and write
|
||
|
1B1831BF000
|
trusted library allocation
|
page read and write
|
||
|
13183000
|
trusted library allocation
|
page read and write
|
||
|
35A847D000
|
stack
|
page read and write
|
||
|
7FFD99AE0000
|
trusted library allocation
|
page read and write
|
||
|
1B182CD2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B48000
|
trusted library allocation
|
page read and write
|
||
|
1B70D000
|
stack
|
page read and write
|
||
|
7FFD997FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B183696000
|
trusted library allocation
|
page read and write
|
||
|
35A893C000
|
stack
|
page read and write
|
||
|
1B180157000
|
heap
|
page read and write
|
||
|
7FFD997ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD99900000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD99A20000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1B180330000
|
trusted library section
|
page read and write
|
||
|
7FFD999B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD99C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B19A170000
|
heap
|
page read and write
|
||
|
1B19A4F0000
|
heap
|
page read and write
|
||
|
1B180350000
|
heap
|
page read and write
|
||
|
1B180195000
|
heap
|
page read and write
|
||
|
7FFD99A60000
|
trusted library allocation
|
page read and write
|
||
|
1BCFE000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
7FFD99C50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B70000
|
trusted library allocation
|
page read and write
|
||
|
1B182969000
|
trusted library allocation
|
page read and write
|
||
|
1B19A1B3000
|
heap
|
page read and write
|
||
|
149F000
|
heap
|
page read and write
|
||
|
1BE0F000
|
stack
|
page read and write
|
||
|
1B180118000
|
heap
|
page read and write
|
||
|
7FFD99B39000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997F2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99896000
|
trusted library allocation
|
page read and write
|
||
|
7FFD999C4000
|
trusted library allocation
|
page read and write
|
||
|
1B18364C000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
7FFD997E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD997FB000
|
trusted library allocation
|
page read and write
|
||
|
1B191D91000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99900000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B182CE3000
|
trusted library allocation
|
page read and write
|
||
|
1B19A5E0000
|
heap
|
page read and write
|
||
|
1C10B000
|
stack
|
page read and write
|
||
|
7FFD99AF0000
|
trusted library allocation
|
page read and write
|
||
|
1B19A226000
|
heap
|
page execute and read and write
|
||
|
143C000
|
heap
|
page read and write
|
||
|
1B19A3A0000
|
heap
|
page execute and read and write
|
||
|
7FFD99890000
|
trusted library allocation
|
page read and write
|
||
|
1C00E000
|
stack
|
page read and write
|
||
|
7FFD999C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99A30000
|
trusted library allocation
|
page read and write
|
||
|
35A82F9000
|
stack
|
page read and write
|
||
|
1B1830FE000
|
trusted library allocation
|
page read and write
|
||
|
1B181B70000
|
trusted library allocation
|
page read and write
|
||
|
12F1000
|
stack
|
page read and write
|
||
|
7FFD99C20000
|
trusted library allocation
|
page read and write
|
||
|
35A86BA000
|
stack
|
page read and write
|
||
|
7FFD99A90000
|
trusted library allocation
|
page read and write
|
||
|
1B1836AD000
|
trusted library allocation
|
page read and write
|
||
|
1B180340000
|
heap
|
page read and write
|
||
|
14A4000
|
heap
|
page read and write
|
||
|
7FFD99BE0000
|
trusted library allocation
|
page read and write
|
||
|
35A7EE3000
|
stack
|
page read and write
|
||
|
35A853E000
|
stack
|
page read and write
|
||
|
1B19A1FC000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99AC0000
|
trusted library allocation
|
page read and write
|
||
|
1B19A3D0000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
1B19A4D2000
|
heap
|
page read and write
|
||
|
7FFD997E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B181D91000
|
trusted library allocation
|
page read and write
|
||
|
7FFD99B4C000
|
trusted library allocation
|
page read and write
|
||
|
1B1802E0000
|
heap
|
page read and write
|
||
|
7FFD997E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B19A176000
|
heap
|
page read and write
|
||
|
1B19A220000
|
heap
|
page execute and read and write
|
||
|
1B180345000
|
heap
|
page read and write
|
||
|
7FFD99A80000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
145A000
|
heap
|
page read and write
|
||
|
7FFD99B13000
|
trusted library allocation
|
page read and write
|
||
|
1B19A1CA000
|
heap
|
page read and write
|
||
|
1695000
|
heap
|
page read and write
|
||
|
7FFD99BF0000
|
trusted library allocation
|
page read and write
|
||
|
1B180300000
|
heap
|
page read and write
|
||
|
7FFD99C40000
|
trusted library allocation
|
page read and write
|
||
|
1B1830D7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD998C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1473000
|
heap
|
page read and write
|
||
|
7FFD99980000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page execute and read and write
|
||
|
35A873F000
|
stack
|
page read and write
|
||
|
7FFD99AD0000
|
trusted library allocation
|
page read and write
|
||
|
1BBFD000
|
stack
|
page read and write
|
||
|
1B19A50C000
|
heap
|
page read and write
|
||
|
1B19A1FE000
|
heap
|
page read and write
|
||
|
7FFD99991000
|
trusted library allocation
|
page read and write
|
||
|
1B192097000
|
trusted library allocation
|
page read and write
|
||
|
35A88BE000
|
stack
|
page read and write
|
||
|
1508000
|
heap
|
page read and write
|
||
|
7FFD997F0000
|
trusted library allocation
|
page read and write
|
||
|
35A950C000
|
stack
|
page read and write
|
||
|
1B18297D000
|
trusted library allocation
|
page read and write
|
There are 234 hidden memdumps, click here to show them.