IOC Report
rZqmN4mRco.ps1

loading gifFilesProcessesURLsIPsMemdumps54321010010Label

Files

File Path
Type
Category
Malicious
Download
rZqmN4mRco.ps1
ASCII text, with very long lines (65481), with CRLF line terminators
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3iobw3hb.4zt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n1wqhwie.s1e.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\116NTVJK21II7G37JF8C.temp
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\rZqmN4mRco.ps1"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
176.113.115.225
malicious
http://nuget.org/NuGet.exe
unknown
https://aka.ms/pscore68
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
https://github.com/Pester/Pester
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
There are 2 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
176.113.115.225
unknown
Russian Federation
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
19B0A8A8000
trusted library allocation
page read and write
malicious
3051000
trusted library allocation
page read and write
malicious
19B0AADA000
trusted library allocation
page read and write
malicious
19B0B50D000
trusted library allocation
page read and write
malicious
402000
remote allocation
page execute and read and write
malicious
5AEE000
stack
page read and write
1180000
heap
page read and write
55C3000
heap
page read and write
19B08802000
heap
page read and write
D9B000
stack
page read and write
19B229A0000
heap
page execute and read and write
19B22834000
heap
page read and write
13B0000
heap
page read and write
19B089A0000
heap
page read and write
58E9000
stack
page read and write
1420000
trusted library allocation
page read and write
13E0000
trusted library allocation
page read and write
19B0B966000
trusted library allocation
page read and write
1188000
heap
page read and write
19B0A225000
heap
page read and write
5D09000
trusted library allocation
page read and write
19B2283D000
heap
page read and write
5E4E000
stack
page read and write
7FFB4B440000
trusted library allocation
page execute and read and write
19B227F0000
heap
page read and write
61CC000
stack
page read and write
3040000
heap
page read and write
19B22910000
trusted library section
page read and write
114E000
stack
page read and write
7FFB4B280000
trusted library allocation
page read and write
5CD0000
trusted library allocation
page read and write
600E000
stack
page read and write
7FFB4B430000
trusted library allocation
page execute and read and write
6411BF7000
stack
page read and write
19B0BBE9000
trusted library allocation
page read and write
1416000
trusted library allocation
page execute and read and write
19B22B64000
heap
page read and write
1150000
heap
page read and write
7FFB4B500000
trusted library allocation
page read and write
19B1A8CD000
trusted library allocation
page read and write
7FFB4B455000
trusted library allocation
page read and write
19B22685000
heap
page read and write
57E0000
heap
page execute and read and write
19B0A1E0000
heap
page execute and read and write
11BA000
heap
page read and write
654C000
stack
page read and write
19B0B938000
trusted library allocation
page read and write
7FFB4B480000
trusted library allocation
page read and write
13F4000
trusted library allocation
page read and write
19B1A75E000
trusted library allocation
page read and write
122A000
heap
page read and write
576D000
stack
page read and write
19B22790000
heap
page read and write
5FCE000
stack
page read and write
11AB000
heap
page read and write
7FFB4B570000
trusted library allocation
page read and write
641158E000
stack
page read and write
19B08877000
heap
page read and write
19B0A708000
trusted library allocation
page read and write
19B0A570000
trusted library allocation
page read and write
64129CF000
stack
page read and write
7FFB4B560000
trusted library allocation
page read and write
1160000
heap
page read and write
142B000
trusted library allocation
page execute and read and write
19B22AFB000
heap
page read and write
57AE000
stack
page read and write
7FFB4B5B0000
trusted library allocation
page read and write
6950000
trusted library allocation
page execute and read and write
141A000
trusted library allocation
page execute and read and write
6411E7E000
stack
page read and write
19B08990000
trusted library allocation
page read and write
59EE000
stack
page read and write
64115CF000
stack
page read and write
630C000
stack
page read and write
19B08831000
heap
page read and write
6411000
heap
page read and write
10F7000
stack
page read and write
7FFB4B270000
trusted library allocation
page read and write
19B0A180000
heap
page readonly
6905000
trusted library allocation
page read and write
2FF0000
trusted library allocation
page read and write
1100000
heap
page read and write
1427000
trusted library allocation
page execute and read and write
34B1000
trusted library allocation
page read and write
62CD000
stack
page read and write
19B0B93A000
trusted library allocation
page read and write
19B089A5000
heap
page read and write
5CE0000
trusted library allocation
page read and write
1248000
heap
page read and write
19B0AB0D000
trusted library allocation
page read and write
11EB000
heap
page read and write
19B0880D000
heap
page read and write
19B08788000
heap
page read and write
4059000
trusted library allocation
page read and write
19B0BCB3000
trusted library allocation
page read and write
12BC000
stack
page read and write
19B0884B000
heap
page read and write
19B08839000
heap
page read and write
7FFB4B460000
trusted library allocation
page execute and read and write
19B22900000
trusted library section
page read and write
641197C000
stack
page read and write
148E000
stack
page read and write
7FFB4B470000
trusted library allocation
page read and write
1410000
trusted library allocation
page read and write
7FFB4B32C000
trusted library allocation
page execute and read and write
5F4E000
stack
page read and write
19B0A670000
heap
page read and write
618D000
stack
page read and write
19B2287B000
heap
page read and write
7FFB4B326000
trusted library allocation
page read and write
7FFB4B4F0000
trusted library allocation
page read and write
7FFB4B320000
trusted library allocation
page read and write
6411B7D000
stack
page read and write
7FFB4B490000
trusted library allocation
page read and write
19B0A681000
trusted library allocation
page read and write
19B0AAD2000
trusted library allocation
page read and write
7FFB4B274000
trusted library allocation
page read and write
3010000
trusted library allocation
page read and write
19B1A681000
trusted library allocation
page read and write
1230000
heap
page read and write
6411EFB000
stack
page read and write
19B1A690000
trusted library allocation
page read and write
7FFB4B4C0000
trusted library allocation
page read and write
6411D78000
stack
page read and write
7FFB4B42A000
trusted library allocation
page read and write
400000
remote allocation
page execute and read and write
19B088A0000
heap
page read and write
19B0A190000
trusted library allocation
page read and write
604F000
stack
page read and write
124D000
heap
page read and write
664E000
stack
page read and write
19B0A5A0000
trusted library allocation
page read and write
1412000
trusted library allocation
page read and write
1440000
trusted library allocation
page read and write
7FFB4B27D000
trusted library allocation
page execute and read and write
19B22B52000
heap
page read and write
19B0882B000
heap
page read and write
19B22B58000
heap
page read and write
7FFB4B28B000
trusted library allocation
page read and write
7FFB4B590000
trusted library allocation
page read and write
7FFB4B410000
trusted library allocation
page read and write
19B0BA56000
trusted library allocation
page read and write
7FFB4B530000
trusted library allocation
page read and write
7FFB4B5A0000
trusted library allocation
page read and write
12D0000
heap
page read and write
19B22B69000
heap
page read and write
19B22B05000
heap
page read and write
558E000
stack
page read and write
518E000
stack
page read and write
19B0887D000
heap
page read and write
7FFB4B5D0000
trusted library allocation
page read and write
5CF1000
trusted library allocation
page read and write
11B7000
heap
page read and write
6411F7E000
stack
page read and write
19B22AF2000
heap
page read and write
5C2E000
stack
page read and write
55C0000
heap
page read and write
19B08880000
heap
page read and write
19B0A220000
heap
page read and write
7FFB4B272000
trusted library allocation
page read and write
550E000
stack
page read and write
7FFB4B4E0000
trusted library allocation
page read and write
6411C76000
stack
page read and write
19B22B73000
heap
page read and write
6910000
heap
page read and write
12D6000
heap
page read and write
7FFB4B540000
trusted library allocation
page read and write
19B086A0000
heap
page read and write
2F58000
trusted library allocation
page read and write
6411AFE000
stack
page read and write
13F3000
trusted library allocation
page execute and read and write
19B088E0000
heap
page read and write
19B08780000
heap
page read and write
19B22811000
heap
page read and write
13FD000
trusted library allocation
page execute and read and write
11E8000
heap
page read and write
6411A7F000
stack
page read and write
641187D000
stack
page read and write
7FFB4B4B0000
trusted library allocation
page read and write
19B08792000
heap
page read and write
5D06000
trusted library allocation
page read and write
15AE000
stack
page read and write
554C000
stack
page read and write
2F4E000
stack
page read and write
19B0AACE000
trusted library allocation
page read and write
5F8D000
stack
page read and write
7FFB4B273000
trusted library allocation
page execute and read and write
19B227EB000
heap
page read and write
19B227CD000
heap
page read and write
7FFB4B5C0000
trusted library allocation
page read and write
1403000
trusted library allocation
page read and write
641150E000
stack
page read and write
19B0BCAF000
trusted library allocation
page read and write
7FFB4B4A0000
trusted library allocation
page read and write
1255000
heap
page read and write
64118FE000
stack
page read and write
6411FFB000
stack
page read and write
7FFB4B356000
trusted library allocation
page execute and read and write
1250000
heap
page read and write
1400000
trusted library allocation
page read and write
6411DFE000
stack
page read and write
19B22B00000
heap
page read and write
64119FE000
stack
page read and write
4051000
trusted library allocation
page read and write
124B000
heap
page read and write
7FFB4B421000
trusted library allocation
page read and write
14A7000
heap
page read and write
7FFB4B580000
trusted library allocation
page read and write
19B08835000
heap
page read and write
11ED000
heap
page read and write
68E0000
trusted library allocation
page read and write
7FFB4B4D0000
trusted library allocation
page read and write
19B08930000
heap
page read and write
5D00000
trusted library allocation
page read and write
508C000
stack
page read and write
19B08879000
heap
page read and write
6412A4B000
stack
page read and write
6920000
heap
page read and write
7FFB4B452000
trusted library allocation
page read and write
19B0C6B3000
trusted library allocation
page read and write
1490000
trusted library allocation
page execute and read and write
7FFB4B5E0000
trusted library allocation
page read and write
640E000
stack
page read and write
19B0AAD6000
trusted library allocation
page read and write
19B1A6AA000
trusted library allocation
page read and write
7DF411CD0000
trusted library allocation
page execute and read and write
19B22AB0000
heap
page read and write
57C0000
heap
page read and write
7FFB4B510000
trusted library allocation
page read and write
19B0A170000
trusted library allocation
page read and write
14A0000
heap
page read and write
5D10000
heap
page read and write
7FFB4B550000
trusted library allocation
page read and write
68D4000
trusted library allocation
page read and write
5B2E000
stack
page read and write
3085000
trusted library allocation
page read and write
13F0000
trusted library allocation
page read and write
16AE000
stack
page read and write
608E000
stack
page read and write
7FFB4B520000
trusted library allocation
page read and write
19B0A200000
heap
page execute and read and write
6411CF9000
stack
page read and write
7FFB4B330000
trusted library allocation
page execute and read and write
19B1A6F2000
trusted library allocation
page read and write
7FFB4B45B000
trusted library allocation
page read and write
19B229A7000
heap
page execute and read and write
3000000
heap
page execute and read and write
19B229D0000
heap
page read and write
6411485000
stack
page read and write
127B000
heap
page read and write
7FFB4B390000
trusted library allocation
page execute and read and write
19B22813000
heap
page read and write
19B0AACB000
trusted library allocation
page read and write
1157000
heap
page read and write
11F3000
heap
page read and write
There are 245 hidden memdumps, click here to show them.