Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zIpa.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\zIpa.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_24dg2lof.tgz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nyrpu4ve.rqs.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qw4jqknp.3pk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxwpmznj.opy.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\zIpa.exe
|
"C:\Users\user\Desktop\zIpa.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\zIpa.exe"
|
|
|
|
C:\Users\user\Desktop\zIpa.exe
|
"C:\Users\user\Desktop\zIpa.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
||
|
http://cp8nl.hyperhost.ua
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cp8nl.hyperhost.ua
|
185.174.175.187
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.174.175.187
|
cp8nl.hyperhost.ua
|
Ukraine
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4289000
|
trusted library allocation
|
page read and write
|
|
|
|
27B1000
|
trusted library allocation
|
page read and write
|
|
|
|
27FE000
|
trusted library allocation
|
page read and write
|
|
|
|
2829000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
317E000
|
stack
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
B42000
|
heap
|
page read and write
|
||
|
6020000
|
heap
|
page read and write
|
||
|
4DAC000
|
trusted library allocation
|
page read and write
|
||
|
74B2000
|
trusted library allocation
|
page read and write
|
||
|
7A4D000
|
stack
|
page read and write
|
||
|
16D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
57BE000
|
trusted library allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
CB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
937E000
|
stack
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
48AD000
|
stack
|
page read and write
|
||
|
9171000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
BF2F000
|
stack
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
5EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
32F3000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
heap
|
page read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
5980000
|
trusted library section
|
page readonly
|
||
|
2776000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
C0AC000
|
stack
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
59D0000
|
heap
|
page execute and read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
5D26000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C80000
|
heap
|
page read and write
|
||
|
7D3E000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
16C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7490000
|
trusted library allocation
|
page read and write
|
||
|
5D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
535C000
|
stack
|
page read and write
|
||
|
275E000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
trusted library allocation
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
91AC000
|
heap
|
page read and write
|
||
|
CCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2678000
|
trusted library allocation
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
AB3000
|
heap
|
page read and write
|
||
|
381F000
|
trusted library allocation
|
page read and write
|
||
|
1259000
|
stack
|
page read and write
|
||
|
B09000
|
heap
|
page read and write
|
||
|
5E60000
|
trusted library allocation
|
page read and write
|
||
|
191F000
|
stack
|
page read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
5C90000
|
heap
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
C06F000
|
stack
|
page read and write
|
||
|
1930000
|
heap
|
page read and write
|
||
|
B0E000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
CC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
15C2000
|
heap
|
page read and write
|
||
|
BCEE000
|
stack
|
page read and write
|
||
|
1522000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
5E1F000
|
stack
|
page read and write
|
||
|
59C0000
|
heap
|
page read and write
|
||
|
631E000
|
stack
|
page read and write
|
||
|
7F910000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF6E000
|
stack
|
page read and write
|
||
|
5CBE000
|
heap
|
page read and write
|
||
|
7A00000
|
trusted library allocation
|
page read and write
|
||
|
79FE000
|
stack
|
page read and write
|
||
|
57A4000
|
trusted library allocation
|
page read and write
|
||
|
9192000
|
heap
|
page read and write
|
||
|
15B4000
|
heap
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page read and write
|
||
|
BDEE000
|
stack
|
page read and write
|
||
|
C1AC000
|
stack
|
page read and write
|
||
|
CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
57AB000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
6840000
|
heap
|
page read and write
|
||
|
5D20000
|
trusted library allocation
|
page read and write
|
||
|
6062000
|
heap
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
1507000
|
heap
|
page read and write
|
||
|
5ECE000
|
trusted library allocation
|
page read and write
|
||
|
2771000
|
trusted library allocation
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
5923000
|
heap
|
page read and write
|
||
|
78FE000
|
stack
|
page read and write
|
||
|
2831000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
57C1000
|
trusted library allocation
|
page read and write
|
||
|
2838000
|
trusted library allocation
|
page read and write
|
||
|
FCA000
|
unkown
|
page readonly
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
94A0000
|
trusted library allocation
|
page read and write
|
||
|
B4E000
|
heap
|
page read and write
|
||
|
641E000
|
stack
|
page read and write
|
||
|
6590000
|
heap
|
page read and write
|
||
|
601D000
|
stack
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
58A000
|
stack
|
page read and write
|
||
|
4DB3000
|
heap
|
page read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
9140000
|
heap
|
page read and write
|
||
|
545C000
|
stack
|
page read and write
|
||
|
37B1000
|
trusted library allocation
|
page read and write
|
||
|
16A4000
|
trusted library allocation
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
9163000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
9190000
|
heap
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
BC6E000
|
stack
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5288000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
4D98000
|
trusted library allocation
|
page read and write
|
||
|
BE2E000
|
stack
|
page read and write
|
||
|
947E000
|
stack
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
277D000
|
trusted library allocation
|
page read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
5D80000
|
heap
|
page read and write
|
||
|
16C2000
|
trusted library allocation
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page execute and read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
6073000
|
heap
|
page read and write
|
||
|
5E67000
|
trusted library allocation
|
page read and write
|
||
|
5D7D000
|
stack
|
page read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page execute and read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
57CD000
|
trusted library allocation
|
page read and write
|
||
|
C1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2762000
|
trusted library allocation
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
1920000
|
trusted library allocation
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
5D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
50FC000
|
stack
|
page read and write
|
||
|
27FC000
|
trusted library allocation
|
page read and write
|
||
|
5E70000
|
trusted library allocation
|
page read and write
|
||
|
14FF000
|
heap
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
14E8000
|
heap
|
page read and write
|
||
|
2806000
|
trusted library allocation
|
page read and write
|
||
|
37D9000
|
trusted library allocation
|
page read and write
|
||
|
276E000
|
trusted library allocation
|
page read and write
|
||
|
1514000
|
heap
|
page read and write
|
||
|
1690000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
F12000
|
unkown
|
page readonly
|
||
|
5ED0000
|
trusted library allocation
|
page read and write
|
||
|
6075000
|
heap
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
16BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1357000
|
stack
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
276A000
|
trusted library allocation
|
page read and write
|
||
|
D7C000
|
stack
|
page read and write
|
||
|
F10000
|
unkown
|
page readonly
|
||
|
275B000
|
trusted library allocation
|
page read and write
|
||
|
CB2000
|
trusted library allocation
|
page read and write
|
||
|
2817000
|
trusted library allocation
|
page read and write
|
||
|
57C6000
|
trusted library allocation
|
page read and write
|
||
|
933E000
|
stack
|
page read and write
|
||
|
2782000
|
trusted library allocation
|
page read and write
|
||
|
1967000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CC5000
|
trusted library allocation
|
page execute and read and write
|
||
|
6560000
|
trusted library allocation
|
page read and write
|
||
|
9480000
|
trusted library section
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
4281000
|
trusted library allocation
|
page read and write
|
||
|
5C75000
|
heap
|
page read and write
|
||
|
CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
16CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
7BC0000
|
trusted library section
|
page read and write
|
||
|
4D8C000
|
stack
|
page read and write
|
||
|
16DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
32E8000
|
trusted library allocation
|
page read and write
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
16D2000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2825000
|
trusted library allocation
|
page read and write
|
||
|
2794000
|
trusted library allocation
|
page read and write
|
||
|
597B000
|
stack
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
918A000
|
heap
|
page read and write
|
||
|
7B7E000
|
stack
|
page read and write
|
||
|
65A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1576000
|
heap
|
page read and write
|
||
|
2650000
|
trusted library allocation
|
page read and write
|
||
|
5EC0000
|
trusted library allocation
|
page read and write
|
||
|
CC2000
|
trusted library allocation
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
3115000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page execute and read and write
|
||
|
5EA0000
|
trusted library allocation
|
page read and write
|
||
|
5A1F000
|
stack
|
page read and write
|
||
|
917D000
|
heap
|
page read and write
|
||
|
264E000
|
stack
|
page read and write
|
||
|
6028000
|
heap
|
page read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
5E80000
|
trusted library allocation
|
page read and write
|
||
|
16A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
16AD000
|
trusted library allocation
|
page execute and read and write
|
There are 241 hidden memdumps, click here to show them.