Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
out.ps1
|
ASCII text, with CRLF line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e0cataul.khf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nmdfldxj.asq.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MLDESZF1PHYFYUMBZZX3.temp
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\out.ps1"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://tox.chat/
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://tox.chat/X
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D3039E0000
|
heap
|
page read and write
|
||
|
1D31DA57000
|
heap
|
page execute and read and write
|
||
|
1D3158F4000
|
trusted library allocation
|
page read and write
|
||
|
1D305E6F000
|
trusted library allocation
|
page read and write
|
||
|
1D31D965000
|
heap
|
page read and write
|
||
|
1D305D76000
|
trusted library allocation
|
page read and write
|
||
|
123ED7D000
|
stack
|
page read and write
|
||
|
1D31DB91000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1D3058A3000
|
trusted library allocation
|
page read and write
|
||
|
1D305D6E000
|
trusted library allocation
|
page read and write
|
||
|
1D305D35000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1D305F4F000
|
trusted library allocation
|
page read and write
|
||
|
123F3BE000
|
stack
|
page read and write
|
||
|
1D31D977000
|
heap
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
1D31DBAE000
|
heap
|
page read and write
|
||
|
1D303898000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1D30592C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D303931000
|
heap
|
page read and write
|
||
|
7FFD9B931000
|
trusted library allocation
|
page read and write
|
||
|
1D31D880000
|
heap
|
page read and write
|
||
|
1D303981000
|
heap
|
page read and write
|
||
|
1D3058CC000
|
trusted library allocation
|
page read and write
|
||
|
123EEFE000
|
stack
|
page read and write
|
||
|
123F0BE000
|
stack
|
page read and write
|
||
|
1D305DBB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1D31D8CF000
|
heap
|
page read and write
|
||
|
123F33E000
|
stack
|
page read and write
|
||
|
1D3059A6000
|
trusted library allocation
|
page read and write
|
||
|
123EE7B000
|
stack
|
page read and write
|
||
|
123EDFE000
|
stack
|
page read and write
|
||
|
123F1BC000
|
stack
|
page read and write
|
||
|
1D303957000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D31D8C9000
|
heap
|
page read and write
|
||
|
1D3059AD000
|
trusted library allocation
|
page read and write
|
||
|
1D31D968000
|
heap
|
page read and write
|
||
|
123EF7F000
|
stack
|
page read and write
|
||
|
1D306138000
|
trusted library allocation
|
page read and write
|
||
|
123F136000
|
stack
|
page read and write
|
||
|
123F4BB000
|
stack
|
page read and write
|
||
|
1D305220000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D303951000
|
heap
|
page read and write
|
||
|
1D315881000
|
trusted library allocation
|
page read and write
|
||
|
1D3039E5000
|
heap
|
page read and write
|
||
|
1D305C70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
123F239000
|
stack
|
page read and write
|
||
|
1D30591F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1D31DA50000
|
heap
|
page execute and read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1D31D940000
|
heap
|
page read and write
|
||
|
1D3059ED000
|
trusted library allocation
|
page read and write
|
||
|
1D305380000
|
heap
|
page read and write
|
||
|
1D303941000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
1D305210000
|
heap
|
page readonly
|
||
|
1D305881000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D305BA4000
|
trusted library allocation
|
page read and write
|
||
|
1D3038A2000
|
heap
|
page read and write
|
||
|
1D305999000
|
trusted library allocation
|
page read and write
|
||
|
1D31D8C4000
|
heap
|
page read and write
|
||
|
123F2BE000
|
stack
|
page read and write
|
||
|
1D3058CF000
|
trusted library allocation
|
page read and write
|
||
|
1D305360000
|
heap
|
page execute and read and write
|
||
|
123E9D5000
|
stack
|
page read and write
|
||
|
7DF4A34B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1D305870000
|
heap
|
page read and write
|
||
|
1D303840000
|
heap
|
page read and write
|
||
|
1D303740000
|
heap
|
page read and write
|
||
|
123F077000
|
stack
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
1D303820000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1D30393D000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1D3058ED000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1D31D8CC000
|
heap
|
page read and write
|
||
|
7FFD9B93A000
|
trusted library allocation
|
page read and write
|
||
|
1D305240000
|
heap
|
page read and write
|
||
|
1D31DB7C000
|
heap
|
page read and write
|
||
|
1D305E10000
|
trusted library allocation
|
page read and write
|
||
|
123ECFE000
|
stack
|
page read and write
|
||
|
1D31DB60000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1D306132000
|
trusted library allocation
|
page read and write
|
||
|
123F43E000
|
stack
|
page read and write
|
||
|
1D3038D8000
|
heap
|
page read and write
|
||
|
1D303890000
|
heap
|
page read and write
|
||
|
123EFFD000
|
stack
|
page read and write
|
||
|
1D30397B000
|
heap
|
page read and write
|
||
|
1D31D95D000
|
heap
|
page read and write
|
||
|
1D303990000
|
heap
|
page read and write
|
||
|
1D305D66000
|
trusted library allocation
|
page read and write
|
||
|
1D3059A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D31D971000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D305200000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D305245000
|
heap
|
page read and write
|
||
|
1D31D914000
|
heap
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D305A86000
|
trusted library allocation
|
page read and write
|
||
|
1D3051D0000
|
trusted library allocation
|
page read and write
|
||
|
1D30589B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B962000
|
trusted library allocation
|
page read and write
|
||
|
1D30391B000
|
heap
|
page read and write
|
||
|
1D31D916000
|
heap
|
page read and write
|
||
|
1D305290000
|
heap
|
page execute and read and write
|
||
|
123EC7E000
|
stack
|
page read and write
|
||
|
1D31DA80000
|
heap
|
page read and write
|
||
|
1D315890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
There are 128 hidden memdumps, click here to show them.