IOC Report
app.js

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\app.js"
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted

Memdumps

Base Address
Regiontype
Protect
Malicious
1BF3462C000
heap
page read and write
1BF328A1000
heap
page read and write
1BF328FC000
heap
page read and write
1BF328EC000
heap
page read and write
1BF3462C000
heap
page read and write
B1315FF000
stack
page read and write
7FFB0C460000
unkown
page readonly
B1313FE000
stack
page read and write
B1312FE000
stack
page read and write
1BF328A5000
heap
page read and write
1BF328B3000
heap
page read and write
1BF328C0000
heap
page read and write
1BF3463B000
heap
page read and write
1BF34636000
heap
page read and write
1BF328EC000
heap
page read and write
1BF3290F000
heap
page read and write
1BF3462C000
heap
page read and write
1BF328C4000
heap
page read and write
1BF328A1000
heap
page read and write
1BF328F0000
heap
page read and write
1BF328FF000
heap
page read and write
1BF32860000
heap
page read and write
1BF3285D000
heap
page read and write
1BF34636000
heap
page read and write
1BF328C2000
heap
page read and write
1BF328F5000
heap
page read and write
1BF3462C000
heap
page read and write
1BF328FB000
heap
page read and write
1BF35F30000
heap
page read and write
1BF328BA000
heap
page read and write
1BF342D0000
heap
page read and write
1BF328D7000
heap
page read and write
1BF328B0000
heap
page read and write
B1319FD000
stack
page read and write
1BF3285E000
heap
page read and write
1BF328C4000
heap
page read and write
1BF328B9000
heap
page read and write
B1317FF000
stack
page read and write
1BF3463B000
heap
page read and write
1BF328BB000
heap
page read and write
1BF328B9000
heap
page read and write
1BF34636000
heap
page read and write
1BF328C7000
heap
page read and write
1BF3287D000
heap
page read and write
1BF328E9000
heap
page read and write
1BF328D6000
heap
page read and write
B130FE9000
stack
page read and write
1BF328C3000
heap
page read and write
1BF3285C000
heap
page read and write
7FFB0C480000
unkown
page read and write
1BF3288B000
heap
page read and write
1BF3288A000
heap
page read and write
1BF328CB000
heap
page read and write
1BF328EC000
heap
page read and write
1BF328C2000
heap
page read and write
1BF328C0000
heap
page read and write
1BF32960000
heap
page read and write
1BF34639000
heap
page read and write
1BF34636000
heap
page read and write
7FFB0C476000
unkown
page readonly
1BF32980000
heap
page read and write
B1318FE000
stack
page read and write
1BF328CE000
heap
page read and write
1BF328A1000
heap
page read and write
1BF328D4000
heap
page read and write
1BF342D4000
heap
page read and write
1BF328CE000
heap
page read and write
7FFB0C482000
unkown
page readonly
1BF328CE000
heap
page read and write
1BF32850000
heap
page read and write
1BF328D9000
heap
page read and write
1BF328F1000
heap
page read and write
1BF3463A000
heap
page read and write
B1316FF000
stack
page read and write
1BF328F5000
heap
page read and write
1BF328A3000
heap
page read and write
1BF328BF000
heap
page read and write
1BF328C2000
heap
page read and write
1BF32855000
heap
page read and write
7FFB0C485000
unkown
page readonly
1BF328B9000
heap
page read and write
1BF34627000
heap
page read and write
1BF328EC000
heap
page read and write
1BF328CE000
heap
page read and write
1BF34620000
heap
page read and write
1BF328C6000
heap
page read and write
1BF3463B000
heap
page read and write
1BF32770000
heap
page read and write
1BF32882000
heap
page read and write
1BF32882000
heap
page read and write
1BF36050000
trusted library allocation
page read and write
7FFB0C461000
unkown
page execute read
There are 82 hidden memdumps, click here to show them.