Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
install.ps1
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ef2svtu.1tc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gt3a331p.4sm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XIPZWM184Y6WNNYL0X9W.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\install.ps1"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
There are 1 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
241885C3000
|
trusted library allocation
|
page read and write
|
||
|
24186985000
|
heap
|
page read and write
|
||
|
24189F62000
|
trusted library allocation
|
page read and write
|
||
|
241868C4000
|
heap
|
page read and write
|
||
|
7FFB4AE90000
|
trusted library allocation
|
page read and write
|
||
|
24188754000
|
heap
|
page read and write
|
||
|
63C234E000
|
stack
|
page read and write
|
||
|
24198931000
|
trusted library allocation
|
page read and write
|
||
|
241887E7000
|
heap
|
page read and write
|
||
|
24186950000
|
heap
|
page read and write
|
||
|
24188818000
|
heap
|
page read and write
|
||
|
63C28FE000
|
stack
|
page read and write
|
||
|
63C2C3F000
|
stack
|
page read and write
|
||
|
2418877E000
|
heap
|
page read and write
|
||
|
63C287E000
|
stack
|
page read and write
|
||
|
241A0930000
|
heap
|
page read and write
|
||
|
7FFB4B130000
|
trusted library allocation
|
page read and write
|
||
|
2418A4C6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
63C277B000
|
stack
|
page read and write
|
||
|
24186710000
|
heap
|
page read and write
|
||
|
24188931000
|
trusted library allocation
|
page read and write
|
||
|
24186AA0000
|
heap
|
page read and write
|
||
|
24188602000
|
heap
|
page read and write
|
||
|
24188720000
|
heap
|
page read and write
|
||
|
24186980000
|
heap
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2419899F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
||
|
63C2A37000
|
stack
|
page read and write
|
||
|
7FFB4ADF0000
|
trusted library allocation
|
page read and write
|
||
|
2418877B000
|
heap
|
page read and write
|
||
|
24188730000
|
heap
|
page read and write
|
||
|
241868D7000
|
heap
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
2418A268000
|
trusted library allocation
|
page read and write
|
||
|
63C22C5000
|
stack
|
page read and write
|
||
|
7FFB4ADFB000
|
trusted library allocation
|
page read and write
|
||
|
24186808000
|
heap
|
page read and write
|
||
|
7FFB4AF91000
|
trusted library allocation
|
page read and write
|
||
|
241889BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
|
24186A40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
24186A10000
|
trusted library allocation
|
page read and write
|
||
|
2418A590000
|
trusted library allocation
|
page read and write
|
||
|
63C29BE000
|
stack
|
page read and write
|
||
|
241A0950000
|
heap
|
page read and write
|
||
|
24189562000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADE2000
|
trusted library allocation
|
page read and write
|
||
|
24186920000
|
heap
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
63C2B39000
|
stack
|
page read and write
|
||
|
7FFB4AE3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
24186A60000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADED000
|
trusted library allocation
|
page execute and read and write
|
||
|
24186900000
|
heap
|
page read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AE9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page read and write
|
||
|
241888A7000
|
heap
|
page execute and read and write
|
||
|
241868C6000
|
heap
|
page read and write
|
||
|
7FFB4B0A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF9A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
24186A50000
|
heap
|
page readonly
|
||
|
7FFB4B090000
|
trusted library allocation
|
page read and write
|
||
|
24186847000
|
heap
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
241868B7000
|
heap
|
page read and write
|
||
|
241A0A30000
|
heap
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFC2000
|
trusted library allocation
|
page read and write
|
||
|
241A0AA6000
|
heap
|
page read and write
|
||
|
63C378F000
|
stack
|
page read and write
|
||
|
241A0C30000
|
heap
|
page execute and read and write
|
||
|
24198940000
|
trusted library allocation
|
page read and write
|
||
|
241A0A60000
|
heap
|
page read and write
|
||
|
7FFB4B120000
|
trusted library allocation
|
page read and write
|
||
|
24186AA5000
|
heap
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
241868BE000
|
heap
|
page read and write
|
||
|
241888A0000
|
heap
|
page execute and read and write
|
||
|
241887BA000
|
heap
|
page read and write
|
||
|
63C2ABE000
|
stack
|
page read and write
|
||
|
241887B8000
|
heap
|
page read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
241885C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADE4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AE96000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0E0000
|
trusted library allocation
|
page read and write
|
||
|
241A0A82000
|
heap
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
24198AE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
241868C2000
|
heap
|
page read and write
|
||
|
63C26FE000
|
stack
|
page read and write
|
||
|
24188920000
|
heap
|
page execute and read and write
|
||
|
2418684B000
|
heap
|
page read and write
|
||
|
241A0A4C000
|
heap
|
page read and write
|
||
|
7FFB4B080000
|
trusted library allocation
|
page read and write
|
||
|
63C2AB7000
|
stack
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
63C2D3E000
|
stack
|
page read and write
|
||
|
7FFB4ADE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AE00000
|
trusted library allocation
|
page read and write
|
||
|
63C23CE000
|
stack
|
page read and write
|
||
|
24186892000
|
heap
|
page read and write
|
||
|
241869F0000
|
heap
|
page read and write
|
||
|
63C267D000
|
stack
|
page read and write
|
||
|
24188B62000
|
trusted library allocation
|
page read and write
|
||
|
63C2979000
|
stack
|
page read and write
|
||
|
2418A58B000
|
trusted library allocation
|
page read and write
|
||
|
63C2BBE000
|
stack
|
page read and write
|
||
|
24186812000
|
heap
|
page read and write
|
||
|
63C2DBC000
|
stack
|
page read and write
|
||
|
2418689F000
|
heap
|
page read and write
|
||
|
7DF467B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
241A0A52000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
63C27FF000
|
stack
|
page read and write
|
||
|
24186800000
|
heap
|
page read and write
|
There are 118 hidden memdumps, click here to show them.