Create Sign up Log in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Community resources
Community resources
Community resources
How to report a malicious repository
soex0101
I'm New Here 
August 27, 2024 edited I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Hello
I report a malicious repository which was hosted in bitbucket
This is the url of that malicious repository - https://bitbucket.org/ani_tail/roquecanacolina
The owner of that repository distributes this repository to developers and that repository executes malicious javascripts
They execute an obfuscated javascript which was downloaded from http://ipcheck.cloud:8353/api/user/thirdcookie/v10/106
I attach it here
And then it executes a malicious javascript using C:\Windows\System32\WScript.exe
I want you to block that owner and the repository.
He is a cheater definitely
I attach here a report from https://www.virustotal.com/
VirusTotal |
VirusTotal |
Display grouped sandbox reports
CAPE Sandbox
0
0
0
0
0
2
Zenbox
0
0
0
0
0
0
Activity Summary
Detections
NOT FOUND
Mitre Signatures
NOT FOUND
IDS Rules
NOT FOUND
Sigma Rules
NOT FOUND
Dropped Files
NOT FOUND
Network comms
2 IP
Behavior Tags
idle long-sleeps
Network Communication
IP Traffic
TCP 204.79.197.203:443
TCP 74.125.132.94:443
Behavior Similarity Hashes
CAPE Sandbox
08df239d777097aab96f0c38c80217e9
Zenbox
80ed3249c9b50f650a0d11aee59523e3
File system actions
Files opened
C:\Users\<USER>\Desktop\script.js
C:\Users\user\Desktop\script.js
C:\Users\user\Desktop\script.js\
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\SYSTEM32\USERENV.dll
C:\Windows\SYSTEM32\WLDP.DLL
C:\Windows\SYSTEM32\amsi.dll
C:\Windows\SYSTEM32\cryptsp.dll
C:\Windows\SYSTEM32\ntmarta.dll
C:\Windows\SYSTEM32\sxs.dll
C:\Windows\SYSTEM32\wintypes.dll
C:\Windows\System32\AppLocker\MDM
C:\Windows\System32\CRYPTBASE.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\MSISIP.DLL
C:\Windows\System32\TextInputFramework.dll
C:\Windows\System32\VERSION.dll
C:\Windows\System32\WScript.exe
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\en-US\USER32.dll.mui
C:\Windows\System32\en-US\WScript.exe.mui
C:\Windows\System32\en-US\jscript.dll.mui
C:\Windows\System32\jscript.dll
C:\Windows\System32\scrobj.dll
C:\Windows\System32\wscript.exe
C:\Windows\System32\wshext.dll
C:\Windows\system32\
C:\Windows\system32\IMM32.DLL
C:\Windows\system32\dwmapi.dll
C:\Windows\system32\rpcss.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\uxtheme.dll
MountPointManager
Registry actions
Registry keys opened
HKEY_CLASSES_ROOT\.js
HKEY_CLASSES_ROOT\JSFile\ScriptEngine
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\Enabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe\JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wscript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JSFile\ScriptEngine\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\JScript\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\DisplayLogo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\IgnoreUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\LogSecuritySuccesses
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\Timeout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\TrustPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Script Host\Settings\UseWINSAFER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Local Settings
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_CURRENT_USER_Classes
HKEY_CURRENT_USER_Classes\.js
HKEY_CURRENT_USER_Classes\AppID\WScript.exe
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\Elevation
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandler
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandler32
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocServer32
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer32
HKEY_CURRENT_USER_Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\TreatAs
HKEY_CURRENT_USER_Classes\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Elevation
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocHandler
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocHandler32
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\LocalServer
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\LocalServer32
HKEY_CURRENT_USER_Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\TreatAs
HKEY_CURRENT_USER_Classes\JSFile\ScriptEngine
HKEY_CURRENT_USER_Classes\JScript
HKEY_CURRENT_USER_Classes\JScript\CLSID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Ole
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Ole\FeatureDevelopmentProperties
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\Packages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\WScript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WScript.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script\Features
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\Software\Classes\.js
HKEY_LOCAL_MACHINE\Software\Classes\AppID\WScript.exe
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{06290BD1-48AA-11D2-8432-006008C3FBFC}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}
HKEY_LOCAL_MACHINE\Software\Classes\JSFile\ScriptEngine
HKEY_LOCAL_MACHINE\Software\Classes\JScript
HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI\Providers
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\DESHashSessionKeyBackward
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\Tracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\FeatureDevelopmentProperties
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\OEM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Display
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects
HKEY_LOCAL_MACHINE\System\Setup
\REGISTRY\USER
Process and service actions
Processes created
"C:\Windows\system32\wscript.exe" "C:\Users\<USER>\Desktop\script.js"
C:\Windows\system32\services.exe
C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\script.js"
Shell commands
C:\Windows\system32\SecurityHealthService.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Processes terminated
C:\Windows\System32\wscript.exe
Services opened
WinDefend
Processes tree
5820 - "C:\Windows\system32\wscript.exe" "C:\Users\<USER>\Desktop\script.js"
6852 - C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\script.js"
2 answers
1 accepted
Andy Heinzer
Atlassian Team
August 27, 2024 edited Atlassian Team members are employees working across the company in a wide variety of roles.
Hi,
Thanks for reporting this. Our team has removed the content from our site.
Andy
Charlie Misonne
Community Leader 
August 27, 2024 edited Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Hi @soex0101 and welcome to the Atlassian Community!
Thanks for raising this. I escalated your question to Atlassian so they can review the repo.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Was this helpful?
Thanks!
- FAQ
- Community Guidelines
- About
- Privacy policy
- Notice at Collection
- Terms of use
- © 2024 Atlassian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.