Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
07lwzQoOuP.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gjoqykhp.xg4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jj1wyxh0.ijo.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\07lwzQoOuP.exe
|
"C:\Users\user\Desktop\07lwzQoOuP.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1BE56000
|
heap
|
page read and write
|
||
|
7FFD9B798000
|
trusted library allocation
|
page read and write
|
||
|
1C11E000
|
stack
|
page read and write
|
||
|
1BEB4000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
17A5000
|
heap
|
page read and write
|
||
|
1BEB8000
|
heap
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
FA4000
|
unkown
|
page readonly
|
||
|
30C4000
|
heap
|
page read and write
|
||
|
7FFD9B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
3290000
|
heap
|
page execute and read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C21E000
|
stack
|
page read and write
|
||
|
1C31E000
|
stack
|
page read and write
|
||
|
13E3000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
3824000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
3796000
|
trusted library allocation
|
page read and write
|
||
|
1BE20000
|
heap
|
page read and write
|
||
|
1BEB2000
|
heap
|
page read and write
|
||
|
7FFD9B939000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page execute and read and write
|
||
|
331C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
13AC000
|
heap
|
page read and write
|
||
|
1BEC0000
|
heap
|
page read and write
|
||
|
1416000
|
heap
|
page read and write
|
||
|
1B71C000
|
stack
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
1C41B000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
142C000
|
heap
|
page read and write
|
||
|
1BE93000
|
heap
|
page read and write
|
||
|
364E000
|
trusted library allocation
|
page read and write
|
||
|
13A6000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1BC1E000
|
stack
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
35FB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1313000
|
stack
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
7FFD9B967000
|
trusted library allocation
|
page read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
13317000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B782000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
FA2000
|
unkown
|
page readonly
|
||
|
1BE5B000
|
heap
|
page read and write
|
||
|
30B0000
|
heap
|
page read and write
|
||
|
1BEC9000
|
heap
|
page read and write
|
||
|
31D3000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
7FFD9B7AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
1BD40000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
13CA000
|
heap
|
page read and write
|
||
|
7FFD9B928000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B936000
|
trusted library allocation
|
page read and write
|
||
|
7FF4F7980000
|
trusted library allocation
|
page execute and read and write
|
||
|
132A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
1BB10000
|
heap
|
page execute and read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
34E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
FAF000
|
unkown
|
page readonly
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1CDA8000
|
stack
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page read and write
|
||
|
166F000
|
stack
|
page read and write
|
||
|
1B2D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
FA8000
|
unkown
|
page readonly
|
||
|
132AF000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page execute and read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
F90000
|
unkown
|
page readonly
|
There are 108 hidden memdumps, click here to show them.