Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
dfsvc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\dfsvc.exe
|
"C:\Users\user\Desktop\dfsvc.exe"
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
18F395D0000
|
heap
|
page execute and read and write
|
||
|
234F4FE000
|
stack
|
page read and write
|
||
|
234F2FC000
|
stack
|
page read and write
|
||
|
18F37AA4000
|
heap
|
page read and write
|
||
|
18F37910000
|
unkown
|
page readonly
|
||
|
18F495E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
|
18F37A69000
|
heap
|
page read and write
|
||
|
18F37D45000
|
heap
|
page read and write
|
||
|
18F37A00000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
234EEFE000
|
stack
|
page read and write
|
||
|
18F37A09000
|
heap
|
page read and write
|
||
|
234EBEE000
|
stack
|
page read and write
|
||
|
234F1FE000
|
stack
|
page read and write
|
||
|
18F37A3A000
|
heap
|
page read and write
|
||
|
234F5FE000
|
stack
|
page read and write
|
||
|
7FFD9B77C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
234F3FE000
|
stack
|
page read and write
|
||
|
7FF43FD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
234F6FA000
|
stack
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
|
234EBA3000
|
stack
|
page read and write
|
||
|
18F37A3E000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18F495E8000
|
trusted library allocation
|
page read and write
|
||
|
18F37C30000
|
trusted library allocation
|
page read and write
|
||
|
18F37CB0000
|
heap
|
page read and write
|
||
|
18F37A28000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
18F37ACA000
|
heap
|
page read and write
|
||
|
18F37BD0000
|
heap
|
page read and write
|
||
|
18F37D05000
|
heap
|
page read and write
|
||
|
18F379D0000
|
heap
|
page read and write
|
||
|
18F37912000
|
unkown
|
page readonly
|
||
|
18F37D00000
|
heap
|
page read and write
|
||
|
18F379A0000
|
heap
|
page read and write
|
||
|
18F37D40000
|
heap
|
page read and write
|
||
|
18F37910000
|
unkown
|
page readonly
|
||
|
18F379B0000
|
heap
|
page read and write
|
||
|
18F52280000
|
heap
|
page execute and read and write
|
||
|
234F73E000
|
stack
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B905000
|
trusted library allocation
|
page read and write
|
||
|
18F37A3C000
|
heap
|
page read and write
|
||
|
18F37A43000
|
heap
|
page read and write
|
||
|
234F83E000
|
stack
|
page read and write
|
||
|
18F37914000
|
unkown
|
page readonly
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
18F37C10000
|
trusted library allocation
|
page read and write
|
||
|
18F395E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
18F37A30000
|
heap
|
page read and write
|
||
|
18F495E1000
|
trusted library allocation
|
page read and write
|
There are 50 hidden memdumps, click here to show them.