Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
install[1].ps1
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3datf0m3.ahy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_avqeql2d.cox.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1J7WQ43L2S93MVAX3ZAT.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\install[1].ps1"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://raw.githubusercontent.com/spicetify/spicetify-marketplace/main/resources/install.ps1
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://github.com/spicetify/cli/releases/download/v
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://go.m
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://github.com/spicetify/cli/releases/download/v$targetVersion/spicetify-$targetVersion-windows-
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
https://api.github.com/repos/spicetify/cli/releases/latest
|
unknown
|
There are 9 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E8CBA20000
|
heap
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8CB9A0000
|
heap
|
page read and write
|
||
|
1E8CBAFA000
|
trusted library allocation
|
page read and write
|
||
|
CA818BE000
|
stack
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
CA814FE000
|
stack
|
page read and write
|
||
|
1E8C9CE3000
|
heap
|
page read and write
|
||
|
7FF848DFB000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9C3E000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3C7B000
|
heap
|
page read and write
|
||
|
1E8CB500000
|
trusted library allocation
|
page read and write
|
||
|
1E8CD26B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9A40000
|
heap
|
page read and write
|
||
|
CA80EE5000
|
stack
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3E02000
|
heap
|
page read and write
|
||
|
1E8C9B20000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9C03000
|
heap
|
page read and write
|
||
|
7FF848DE4000
|
trusted library allocation
|
page read and write
|
||
|
1E8CB5C0000
|
heap
|
page read and write
|
||
|
1E8E3D80000
|
heap
|
page execute and read and write
|
||
|
1E8C9CB9000
|
heap
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
1E8CCCC4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DE2000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3D90000
|
heap
|
page read and write
|
||
|
1E8C9CA5000
|
heap
|
page read and write
|
||
|
1E8CD475000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3CA0000
|
heap
|
page read and write
|
||
|
CA8240F000
|
stack
|
page read and write
|
||
|
1E8CC6A2000
|
trusted library allocation
|
page read and write
|
||
|
1E8CD7C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F91000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1E8DBA80000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3D87000
|
heap
|
page execute and read and write
|
||
|
CA8157E000
|
stack
|
page read and write
|
||
|
CA823C3000
|
stack
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA81A3C000
|
stack
|
page read and write
|
||
|
1E8CCEAD000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9BA0000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8CBA71000
|
trusted library allocation
|
page read and write
|
||
|
1E8CB5A0000
|
trusted library allocation
|
page read and write
|
||
|
1E8CBA60000
|
heap
|
page execute and read and write
|
||
|
7FF848DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8DBAE3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8CB550000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3A75000
|
heap
|
page read and write
|
||
|
1E8DBC25000
|
trusted library allocation
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
1E8CB4E0000
|
trusted library section
|
page read and write
|
||
|
1E8C9CE7000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3E4B000
|
heap
|
page read and write
|
||
|
1E8CB510000
|
heap
|
page readonly
|
||
|
CA80F6E000
|
stack
|
page read and write
|
||
|
1E8CB4D0000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3DB8000
|
heap
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3DF3000
|
heap
|
page read and write
|
||
|
7DF4C8E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8C9BF0000
|
heap
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3C10000
|
heap
|
page read and write
|
||
|
1E8E3E0B000
|
heap
|
page read and write
|
||
|
1E8E3E2E000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
1E8DBA71000
|
trusted library allocation
|
page read and write
|
||
|
1E8CBA40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8C9BF8000
|
heap
|
page read and write
|
||
|
1E8CB553000
|
trusted library allocation
|
page read and write
|
||
|
CA819BF000
|
stack
|
page read and write
|
||
|
1E8E3BFE000
|
heap
|
page read and write
|
||
|
7FF848FC2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
1E8CBA43000
|
trusted library allocation
|
page read and write
|
||
|
1E8CD564000
|
trusted library allocation
|
page read and write
|
||
|
1E8CD7BC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F9A000
|
trusted library allocation
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9C9F000
|
heap
|
page read and write
|
||
|
1E8C9C99000
|
heap
|
page read and write
|
||
|
1E8DBAEF000
|
trusted library allocation
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9C83000
|
heap
|
page read and write
|
||
|
1E8C9B40000
|
heap
|
page read and write
|
||
|
1E8E3DEE000
|
heap
|
page read and write
|
||
|
1E8CD6F6000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9C6A000
|
heap
|
page read and write
|
||
|
1E8E3BBD000
|
heap
|
page read and write
|
||
|
1E8CBCA2000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
1E8CD41A000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3B80000
|
heap
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E8CB5C5000
|
heap
|
page read and write
|
||
|
1E8CB590000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3C12000
|
heap
|
page read and write
|
||
|
1E8E3BC9000
|
heap
|
page read and write
|
||
|
1E8CD26D000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9BA5000
|
heap
|
page read and write
|
||
|
1E8E3E5A000
|
heap
|
page read and write
|
||
|
1E8C9C81000
|
heap
|
page read and write
|
||
|
1E8CD3EF000
|
trusted library allocation
|
page read and write
|
||
|
1E8C9CE1000
|
heap
|
page read and write
|
||
|
1E8C9B80000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E96000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
1E8E3BBB000
|
heap
|
page read and write
|
||
|
1E8CB4F0000
|
trusted library section
|
page read and write
|
There are 122 hidden memdumps, click here to show them.