Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Get WiFi Passwords.ps1
|
Unicode text, UTF-8 (with BOM) text, with very long lines (1082), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0qsczyzh.bqi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wrkpi0yk.rnm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\25D3QA2IKJXEFDWDQJ51.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\Documents\20241125\PowerShell_transcript.066656.7bnHlJGN.20241125024616.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\Get
WiFi Passwords.ps1"
|
|
|
|
C:\Windows\System32\netsh.exe
|
"C:\Windows\system32\netsh.exe" wlan show profiles
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://webhook.site/ba0c7563-37b1-4960-bb3e-78e72c479043
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://webhook.site/ba0c7563-37(
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 6 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD34940000
|
trusted library allocation
|
page execute and read and write
|
||
|
200D7DF3000
|
heap
|
page read and write
|
||
|
1A159216000
|
heap
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
200D7FB0000
|
heap
|
page execute and read and write
|
||
|
200BDE53000
|
heap
|
page read and write
|
||
|
1A1594C4000
|
heap
|
page read and write
|
||
|
200BFD11000
|
trusted library allocation
|
page read and write
|
||
|
BD87838000
|
stack
|
page read and write
|
||
|
1A159216000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page execute and read and write
|
||
|
200D7FFB000
|
heap
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
BD879BF000
|
stack
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
200C0944000
|
trusted library allocation
|
page read and write
|
||
|
200BF735000
|
heap
|
page read and write
|
||
|
7FFD3477D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A15AC88000
|
heap
|
page read and write
|
||
|
1A15AC96000
|
heap
|
page read and write
|
||
|
200BFB80000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC8E000
|
heap
|
page read and write
|
||
|
BD878B9000
|
stack
|
page read and write
|
||
|
200BDE76000
|
heap
|
page read and write
|
||
|
200BDF20000
|
heap
|
page read and write
|
||
|
200BFF44000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
200D802B000
|
heap
|
page read and write
|
||
|
200BDE5E000
|
heap
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
200D7EB0000
|
heap
|
page read and write
|
||
|
200BFB83000
|
trusted library allocation
|
page read and write
|
||
|
200C13E9000
|
trusted library allocation
|
page read and write
|
||
|
381AFFE000
|
stack
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC9D000
|
heap
|
page read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A1590F0000
|
heap
|
page read and write
|
||
|
BD877B7000
|
stack
|
page read and write
|
||
|
1A15AC92000
|
heap
|
page read and write
|
||
|
1A15AC95000
|
heap
|
page read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
200C16E4000
|
trusted library allocation
|
page read and write
|
||
|
381B2FE000
|
stack
|
page read and write
|
||
|
200BDE5A000
|
heap
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC84000
|
heap
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
200BDDC2000
|
heap
|
page read and write
|
||
|
BD8747E000
|
stack
|
page read and write
|
||
|
381ACED000
|
stack
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
381ACFE000
|
stack
|
page read and write
|
||
|
1A159120000
|
heap
|
page read and write
|
||
|
1A159210000
|
heap
|
page read and write
|
||
|
200C17D4000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC83000
|
heap
|
page read and write
|
||
|
200D7F90000
|
heap
|
page execute and read and write
|
||
|
200C146E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3482C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3478B000
|
trusted library allocation
|
page read and write
|
||
|
7DF44FB40000
|
trusted library allocation
|
page execute and read and write
|
||
|
381B3FF000
|
stack
|
page read and write
|
||
|
200C139C000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC91000
|
heap
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
1A1591D5000
|
heap
|
page read and write
|
||
|
200BDE3B000
|
heap
|
page read and write
|
||
|
BD876F7000
|
stack
|
page read and write
|
||
|
200BDE9F000
|
heap
|
page read and write
|
||
|
1A1591E6000
|
heap
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
BD8767D000
|
stack
|
page read and write
|
||
|
BD8858E000
|
stack
|
page read and write
|
||
|
200BFAD0000
|
heap
|
page readonly
|
||
|
BD87275000
|
stack
|
page read and write
|
||
|
1A15AC9D000
|
heap
|
page read and write
|
||
|
BD872FE000
|
stack
|
page read and write
|
||
|
200BDEA2000
|
heap
|
page read and write
|
||
|
BD873FD000
|
stack
|
page read and write
|
||
|
7FFD34925000
|
trusted library allocation
|
page read and write
|
||
|
200BDCA0000
|
heap
|
page read and write
|
||
|
1A15AC80000
|
heap
|
page read and write
|
||
|
200C16AA000
|
trusted library allocation
|
page read and write
|
||
|
200D803F000
|
heap
|
page read and write
|
||
|
200BFBCB000
|
heap
|
page read and write
|
||
|
1A15AC95000
|
heap
|
page read and write
|
||
|
200BDF25000
|
heap
|
page read and write
|
||
|
200BDE38000
|
heap
|
page read and write
|
||
|
200BDD80000
|
heap
|
page read and write
|
||
|
200C1A30000
|
trusted library allocation
|
page read and write
|
||
|
200CFD8E000
|
trusted library allocation
|
page read and write
|
||
|
200C1A2C000
|
trusted library allocation
|
page read and write
|
||
|
200D8030000
|
heap
|
page read and write
|
||
|
1A1591C0000
|
heap
|
page read and write
|
||
|
200D7D3E000
|
heap
|
page read and write
|
||
|
200D7D10000
|
heap
|
page read and write
|
||
|
1A15AC8F000
|
heap
|
page read and write
|
||
|
200D7FD5000
|
heap
|
page read and write
|
||
|
7FFD34856000
|
trusted library allocation
|
page execute and read and write
|
||
|
200CFD11000
|
trusted library allocation
|
page read and write
|
||
|
BD874FB000
|
stack
|
page read and write
|
||
|
200BDDB8000
|
heap
|
page read and write
|
||
|
1A15AC82000
|
heap
|
page read and write
|
||
|
1A15AC94000
|
heap
|
page read and write
|
||
|
200BDEB0000
|
heap
|
page read and write
|
||
|
7FFD34773000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34952000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34826000
|
trusted library allocation
|
page read and write
|
||
|
BD875FE000
|
stack
|
page read and write
|
||
|
381ADFE000
|
unkown
|
page read and write
|
||
|
BD87B3B000
|
stack
|
page read and write
|
||
|
1A15AC92000
|
heap
|
page read and write
|
||
|
BD8773F000
|
stack
|
page read and write
|
||
|
200D7FB7000
|
heap
|
page execute and read and write
|
||
|
200CFD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
1A1591E6000
|
heap
|
page read and write
|
||
|
1A159100000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
BD8737E000
|
stack
|
page read and write
|
||
|
200BDE9D000
|
heap
|
page read and write
|
||
|
1A1591E6000
|
heap
|
page read and write
|
||
|
1A15AC8A000
|
heap
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
BD8793F000
|
stack
|
page read and write
|
||
|
200BFD9B000
|
trusted library allocation
|
page read and write
|
||
|
200BDF00000
|
heap
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page execute and read and write
|
||
|
BD8757F000
|
stack
|
page read and write
|
||
|
381AEFD000
|
stack
|
page read and write
|
||
|
7FFD3492A000
|
trusted library allocation
|
page read and write
|
||
|
200BF730000
|
heap
|
page read and write
|
||
|
7FFD34772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
200BFAC0000
|
trusted library allocation
|
page read and write
|
||
|
200BFD00000
|
heap
|
page execute and read and write
|
||
|
1A159209000
|
heap
|
page read and write
|
||
|
200BDE66000
|
heap
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
200D7FD0000
|
heap
|
page read and write
|
||
|
200BDE64000
|
heap
|
page read and write
|
||
|
BD87ABE000
|
stack
|
page read and write
|
||
|
200C165C000
|
trusted library allocation
|
page read and write
|
||
|
200CFD82000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
1A1591B0000
|
heap
|
page read and write
|
||
|
1A1591D9000
|
heap
|
page read and write
|
||
|
200BFAE0000
|
trusted library allocation
|
page read and write
|
||
|
BD8850F000
|
stack
|
page read and write
|
||
|
200C1967000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
381ACF4000
|
stack
|
page read and write
|
||
|
200C1688000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34774000
|
trusted library allocation
|
page read and write
|
||
|
200C1344000
|
trusted library allocation
|
page read and write
|
||
|
1A15AC8D000
|
heap
|
page read and write
|
||
|
200D7DE7000
|
heap
|
page read and write
|
||
|
1A15AC95000
|
heap
|
page read and write
|
||
|
200BFB40000
|
heap
|
page read and write
|
||
|
200BFA90000
|
trusted library allocation
|
page read and write
|
||
|
200D7D8F000
|
heap
|
page read and write
|
||
|
1A15AE50000
|
heap
|
page read and write
|
||
|
200BDEE0000
|
heap
|
page read and write
|
||
|
200D8036000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
200BDDB0000
|
heap
|
page read and write
|
||
|
1A1594C0000
|
heap
|
page read and write
|
||
|
200D7D48000
|
heap
|
page read and write
|
||
|
200CFEC5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AD0000
|
trusted library allocation
|
page read and write
|
There are 168 hidden memdumps, click here to show them.