Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZcgffemBWp.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZcgffemBWp.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hrz0jqyx.tt4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ht4ac3mz.fdu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inlw30hs.clv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zti15d4i.hxc.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ZcgffemBWp.exe
|
"C:\Users\user\Desktop\ZcgffemBWp.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ZcgffemBWp.exe"
|
|
|
|
C:\Users\user\Desktop\ZcgffemBWp.exe
|
"C:\Users\user\Desktop\ZcgffemBWp.exe"
|
|
|
|
C:\Users\user\Desktop\ZcgffemBWp.exe
|
"C:\Users\user\Desktop\ZcgffemBWp.exe"
|
|
|
|
C:\Users\user\Desktop\ZcgffemBWp.exe
|
"C:\Users\user\Desktop\ZcgffemBWp.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
212.162.149.77:27667
|
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
https://api.ip.s
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
206.23.85.13.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
11C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
A55E000
|
stack
|
page read and write
|
||
|
726E000
|
stack
|
page read and write
|
||
|
538D000
|
trusted library allocation
|
page read and write
|
||
|
1157000
|
heap
|
page read and write
|
||
|
3F01000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
302A000
|
trusted library allocation
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
2EB0000
|
heap
|
page execute and read and write
|
||
|
3083000
|
trusted library allocation
|
page read and write
|
||
|
30B3000
|
trusted library allocation
|
page read and write
|
||
|
5343000
|
heap
|
page read and write
|
||
|
AA20000
|
heap
|
page read and write
|
||
|
F35000
|
heap
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
5440000
|
heap
|
page execute and read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
131C000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
30A2000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
5774000
|
heap
|
page read and write
|
||
|
5386000
|
trusted library allocation
|
page read and write
|
||
|
155C000
|
stack
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page execute and read and write
|
||
|
5392000
|
trusted library allocation
|
page read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3073000
|
trusted library allocation
|
page read and write
|
||
|
2F3F000
|
trusted library allocation
|
page read and write
|
||
|
1088000
|
heap
|
page read and write
|
||
|
130C000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page execute and read and write
|
||
|
738E000
|
stack
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
56D0000
|
heap
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
1497000
|
trusted library allocation
|
page execute and read and write
|
||
|
1147000
|
heap
|
page read and write
|
||
|
3047000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
heap
|
page read and write
|
||
|
AA0000
|
unkown
|
page readonly
|
||
|
5720000
|
heap
|
page read and write
|
||
|
303F000
|
trusted library allocation
|
page read and write
|
||
|
2E14000
|
trusted library allocation
|
page read and write
|
||
|
3062000
|
trusted library allocation
|
page read and write
|
||
|
5353000
|
heap
|
page read and write
|
||
|
1657000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
3005000
|
trusted library allocation
|
page read and write
|
||
|
569D000
|
stack
|
page read and write
|
||
|
10AA000
|
heap
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page execute and read and write
|
||
|
3011000
|
trusted library allocation
|
page read and write
|
||
|
5901000
|
trusted library allocation
|
page read and write
|
||
|
1193000
|
trusted library allocation
|
page execute and read and write
|
||
|
1463000
|
trusted library allocation
|
page execute and read and write
|
||
|
58E0000
|
trusted library section
|
page read and write
|
||
|
7FA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3028000
|
trusted library allocation
|
page read and write
|
||
|
3052000
|
trusted library allocation
|
page read and write
|
||
|
2E42000
|
trusted library allocation
|
page read and write
|
||
|
1121000
|
heap
|
page read and write
|
||
|
3094000
|
trusted library allocation
|
page read and write
|
||
|
1152000
|
heap
|
page read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
300F000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
heap
|
page execute and read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
10F7000
|
heap
|
page read and write
|
||
|
1141000
|
heap
|
page read and write
|
||
|
309E000
|
trusted library allocation
|
page read and write
|
||
|
30FA000
|
trusted library allocation
|
page read and write
|
||
|
307B000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
3081000
|
trusted library allocation
|
page read and write
|
||
|
119D000
|
trusted library allocation
|
page execute and read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
2E60000
|
trusted library allocation
|
page read and write
|
||
|
A65E000
|
stack
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
2F38000
|
trusted library allocation
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
11CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
A7DE000
|
stack
|
page read and write
|
||
|
1473000
|
trusted library allocation
|
page read and write
|
||
|
5459000
|
heap
|
page read and write
|
||
|
A8DE000
|
stack
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
3035000
|
trusted library allocation
|
page read and write
|
||
|
568D000
|
stack
|
page read and write
|
||
|
11B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
30AD000
|
trusted library allocation
|
page read and write
|
||
|
2FEB000
|
trusted library allocation
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
736E000
|
stack
|
page read and write
|
||
|
11BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
30B1000
|
trusted library allocation
|
page read and write
|
||
|
122A000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
70F0000
|
trusted library section
|
page read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
112C000
|
heap
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
A30E000
|
stack
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
131A000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
A400000
|
heap
|
page read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
56C4000
|
trusted library allocation
|
page read and write
|
||
|
5705000
|
heap
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
10F9000
|
heap
|
page read and write
|
||
|
307F000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
13FF000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2CF0000
|
trusted library allocation
|
page read and write
|
||
|
40BA000
|
trusted library allocation
|
page read and write
|
||
|
6ECE000
|
heap
|
page read and write
|
||
|
1482000
|
trusted library allocation
|
page read and write
|
||
|
2E1B000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E7000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
2E5F000
|
trusted library allocation
|
page read and write
|
||
|
30A0000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
7340000
|
trusted library allocation
|
page execute and read and write
|
||
|
5735000
|
heap
|
page read and write
|
||
|
30B7000
|
trusted library allocation
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
30B5000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
3F09000
|
trusted library allocation
|
page read and write
|
||
|
5461000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
3F42000
|
trusted library allocation
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
6FEE000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
536B000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
11C2000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
30F5000
|
trusted library allocation
|
page read and write
|
||
|
149B000
|
trusted library allocation
|
page execute and read and write
|
||
|
56A0000
|
heap
|
page read and write
|
||
|
1464000
|
trusted library allocation
|
page read and write
|
||
|
1138000
|
heap
|
page read and write
|
||
|
2E36000
|
trusted library allocation
|
page read and write
|
||
|
3043000
|
trusted library allocation
|
page read and write
|
||
|
304B000
|
trusted library allocation
|
page read and write
|
||
|
71CB000
|
trusted library allocation
|
page read and write
|
||
|
A20E000
|
stack
|
page read and write
|
||
|
5469000
|
heap
|
page read and write
|
||
|
146D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CDB000
|
stack
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
1254000
|
heap
|
page read and write
|
||
|
2CF4000
|
trusted library allocation
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
3066000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
300B000
|
trusted library allocation
|
page read and write
|
||
|
558B000
|
stack
|
page read and write
|
||
|
3068000
|
trusted library allocation
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
1263000
|
heap
|
page read and write
|
||
|
2F9D000
|
trusted library allocation
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
3086000
|
trusted library allocation
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
3032000
|
trusted library allocation
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
537E000
|
trusted library allocation
|
page read and write
|
||
|
2E3D000
|
trusted library allocation
|
page read and write
|
||
|
402000
|
remote allocation
|
page execute and read and write
|
||
|
309A000
|
trusted library allocation
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
F37000
|
stack
|
page read and write
|
||
|
114B000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
115B000
|
heap
|
page read and write
|
||
|
122E000
|
heap
|
page read and write
|
||
|
2E0C000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
3EC1000
|
trusted library allocation
|
page read and write
|
||
|
112F000
|
heap
|
page read and write
|
||
|
306B000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
trusted library section
|
page readonly
|
||
|
A10E000
|
stack
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
30AF000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
trusted library allocation
|
page read and write
|
||
|
147D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3013000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library section
|
page readonly
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
trusted library allocation
|
page read and write
|
||
|
53B5000
|
trusted library allocation
|
page read and write
|
||
|
3FAD000
|
trusted library allocation
|
page read and write
|
||
|
3045000
|
trusted library allocation
|
page read and write
|
||
|
2E31000
|
trusted library allocation
|
page read and write
|
||
|
109F000
|
heap
|
page read and write
|
||
|
2EF1000
|
trusted library allocation
|
page read and write
|
||
|
3079000
|
trusted library allocation
|
page read and write
|
||
|
300D000
|
trusted library allocation
|
page read and write
|
||
|
42E000
|
remote allocation
|
page execute and read and write
|
||
|
545D000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
1588000
|
trusted library allocation
|
page read and write
|
||
|
3017000
|
trusted library allocation
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
2E65000
|
trusted library allocation
|
page read and write
|
||
|
A69E000
|
stack
|
page read and write
|
||
|
71D0000
|
trusted library allocation
|
page read and write
|
||
|
1125000
|
heap
|
page read and write
|
||
|
A91C000
|
stack
|
page read and write
|
||
|
1570000
|
heap
|
page execute and read and write
|
||
|
76B2000
|
trusted library allocation
|
page read and write
|
||
|
309C000
|
trusted library allocation
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
AA2000
|
unkown
|
page readonly
|
||
|
751D000
|
stack
|
page read and write
|
||
|
3041000
|
trusted library allocation
|
page read and write
|
||
|
11B2000
|
trusted library allocation
|
page read and write
|
||
|
5381000
|
trusted library allocation
|
page read and write
|
||
|
3015000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
3EC5000
|
trusted library allocation
|
page read and write
|
||
|
3009000
|
trusted library allocation
|
page read and write
|
||
|
3096000
|
trusted library allocation
|
page read and write
|
||
|
2F41000
|
trusted library allocation
|
page read and write
|
||
|
5497000
|
heap
|
page read and write
|
||
|
11DF000
|
stack
|
page read and write
|
||
|
5350000
|
heap
|
page read and write
|
||
|
6EBE000
|
heap
|
page read and write
|
||
|
4FFD000
|
stack
|
page read and write
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
1492000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
1486000
|
trusted library allocation
|
page execute and read and write
|
||
|
5364000
|
trusted library allocation
|
page read and write
|
||
|
A79E000
|
stack
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
3049000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
AA1C000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
148A000
|
trusted library allocation
|
page execute and read and write
|
There are 294 hidden memdumps, click here to show them.