Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Rapid Test Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Rapid Test Installer.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFD9FC.tmp
|
PNG image data, 300 x 300, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TmpD3C0.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TmpD3E0.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Rapid Test Installer.exe
|
"C:\Users\user\Desktop\Rapid Test Installer.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://foo/Resources/app.Light.ico
|
unknown
|
||
|
http://foo/bar/resources/app.light.ico
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/app.Light.ico
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/Theme/Light.xaml
|
unknown
|
||
|
http://schemas.datacontract.org/
|
unknown
|
||
|
http://schemas.datacontract.org
|
unknown
|
||
|
http://foo/Resources/StoreLogo.Light.png
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://foo/bar/resources/storeapplist.light.png
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/StoreInstaller.Models
|
unknown
|
||
|
http://foo/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://foo/bar/resources/storelogo.light.png
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/StoreLogo.Light.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.w3.oh
|
unknown
|
There are 6 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Rapid Test Installer_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Top
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
214F9618000
|
heap
|
page read and write
|
||
|
D7B833E000
|
stack
|
page read and write
|
||
|
214F987A000
|
heap
|
page read and write
|
||
|
214FD8AC000
|
heap
|
page read and write
|
||
|
214FAC09000
|
heap
|
page read and write
|
||
|
214DF4A0000
|
trusted library allocation
|
page read and write
|
||
|
214F955E000
|
heap
|
page read and write
|
||
|
7FFD9B642000
|
trusted library allocation
|
page read and write
|
||
|
214FAB84000
|
heap
|
page read and write
|
||
|
D7B71FE000
|
stack
|
page read and write
|
||
|
214F9839000
|
heap
|
page read and write
|
||
|
214DF4B0000
|
heap
|
page read and write
|
||
|
214F0E7D000
|
trusted library allocation
|
page read and write
|
||
|
D7B7BF9000
|
stack
|
page read and write
|
||
|
214F952D000
|
heap
|
page read and write
|
||
|
7FFD9B897000
|
trusted library allocation
|
page read and write
|
||
|
214FD813000
|
heap
|
page read and write
|
||
|
7FFD9B69C000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DF350000
|
heap
|
page read and write
|
||
|
214FAB8C000
|
heap
|
page read and write
|
||
|
214E1241000
|
trusted library allocation
|
page read and write
|
||
|
214FD903000
|
heap
|
page read and write
|
||
|
214E0E50000
|
heap
|
page execute and read and write
|
||
|
214DEF92000
|
unkown
|
page readonly
|
||
|
214DF6A0000
|
heap
|
page read and write
|
||
|
214DF150000
|
heap
|
page read and write
|
||
|
7FFD9B8E1000
|
trusted library allocation
|
page read and write
|
||
|
214DEF90000
|
unkown
|
page readonly
|
||
|
214E12C1000
|
trusted library allocation
|
page read and write
|
||
|
214DF390000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B653000
|
trusted library allocation
|
page read and write
|
||
|
214FAC01000
|
heap
|
page read and write
|
||
|
214FAC2F000
|
heap
|
page read and write
|
||
|
214E1304000
|
trusted library allocation
|
page read and write
|
||
|
214FD7BA000
|
heap
|
page read and write
|
||
|
D7B70FE000
|
stack
|
page read and write
|
||
|
7FFD9B893000
|
trusted library allocation
|
page read and write
|
||
|
214DF180000
|
heap
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DF1EA000
|
heap
|
page read and write
|
||
|
214E0DD0000
|
trusted library section
|
page readonly
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
D7B7DFB000
|
stack
|
page read and write
|
||
|
214FDC32000
|
trusted library allocation
|
page read and write
|
||
|
214E1403000
|
trusted library allocation
|
page read and write
|
||
|
D7B7CFC000
|
stack
|
page read and write
|
||
|
7FFD9B6F6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B726000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F9607000
|
heap
|
page read and write
|
||
|
214FAABD000
|
heap
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
214FAAA0000
|
heap
|
page read and write
|
||
|
214DF1BD000
|
heap
|
page read and write
|
||
|
214FD822000
|
heap
|
page read and write
|
||
|
7FFD9B66D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D7B6DEF000
|
stack
|
page read and write
|
||
|
214FD939000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF442180000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B803000
|
trusted library allocation
|
page read and write
|
||
|
214FD924000
|
heap
|
page read and write
|
||
|
214F95D9000
|
heap
|
page read and write
|
||
|
214FD8CB000
|
heap
|
page read and write
|
||
|
214DF460000
|
heap
|
page read and write
|
||
|
214E13FE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
214FD80A000
|
heap
|
page read and write
|
||
|
214FAC56000
|
heap
|
page read and write
|
||
|
7FFD9B8EF000
|
trusted library allocation
|
page read and write
|
||
|
D7B73FE000
|
stack
|
page read and write
|
||
|
214E10CF000
|
trusted library allocation
|
page read and write
|
||
|
214FD8A6000
|
heap
|
page read and write
|
||
|
7FFD9B8E3000
|
trusted library allocation
|
page read and write
|
||
|
D7B7F3D000
|
stack
|
page read and write
|
||
|
214DF6A5000
|
heap
|
page read and write
|
||
|
214FAADC000
|
heap
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
214DF660000
|
heap
|
page execute and read and write
|
||
|
214DF1A7000
|
heap
|
page read and write
|
||
|
214F9830000
|
heap
|
page read and write
|
||
|
214FAC98000
|
heap
|
page read and write
|
||
|
214DF130000
|
heap
|
page read and write
|
||
|
214E1302000
|
trusted library allocation
|
page read and write
|
||
|
D7B6D9E000
|
stack
|
page read and write
|
||
|
D7B7AF5000
|
stack
|
page read and write
|
||
|
D7B813E000
|
stack
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
D7B74FB000
|
stack
|
page read and write
|
||
|
214E12BD000
|
trusted library allocation
|
page read and write
|
||
|
214DF120000
|
heap
|
page read and write
|
||
|
214E123D000
|
trusted library allocation
|
page read and write
|
||
|
214F9542000
|
heap
|
page read and write
|
||
|
D7B803E000
|
stack
|
page read and write
|
||
|
7FFD9B644000
|
trusted library allocation
|
page read and write
|
||
|
D7B79FE000
|
stack
|
page read and write
|
||
|
214F9820000
|
heap
|
page read and write
|
||
|
7FFD9B660000
|
trusted library allocation
|
page read and write
|
||
|
214FAB58000
|
heap
|
page read and write
|
||
|
D7B72FE000
|
stack
|
page read and write
|
||
|
7FFD9B82E000
|
trusted library allocation
|
page read and write
|
||
|
214E1225000
|
trusted library allocation
|
page read and write
|
||
|
214F9564000
|
heap
|
page read and write
|
||
|
D7B77FB000
|
stack
|
page read and write
|
||
|
214FAB79000
|
heap
|
page read and write
|
||
|
214FAB73000
|
heap
|
page read and write
|
||
|
214E0CC2000
|
heap
|
page read and write
|
||
|
214F953B000
|
heap
|
page read and write
|
||
|
214DF3B0000
|
trusted library allocation
|
page read and write
|
||
|
D7B7E3E000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
214F9520000
|
heap
|
page read and write
|
||
|
7FFD9B66B000
|
trusted library allocation
|
page execute and read and write
|
||
|
214FAADF000
|
heap
|
page read and write
|
||
|
D7B857C000
|
stack
|
page read and write
|
||
|
214FAC4A000
|
heap
|
page read and write
|
||
|
214FD88D000
|
heap
|
page read and write
|
||
|
214FD7C0000
|
heap
|
page read and write
|
||
|
214FD7BD000
|
heap
|
page read and write
|
||
|
214FD81C000
|
heap
|
page read and write
|
||
|
214E0E61000
|
trusted library allocation
|
page read and write
|
||
|
D7B867D000
|
stack
|
page read and write
|
||
|
214FD8F8000
|
heap
|
page read and write
|
||
|
214FABFA000
|
heap
|
page read and write
|
||
|
214FD87B000
|
heap
|
page read and write
|
||
|
214F0E61000
|
trusted library allocation
|
page read and write
|
||
|
214E12EF000
|
trusted library allocation
|
page read and write
|
||
|
214FAAF1000
|
heap
|
page read and write
|
||
|
214FAAB7000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
214F9582000
|
heap
|
page read and write
|
||
|
7FFD9B65B000
|
trusted library allocation
|
page read and write
|
||
|
214DF07C000
|
unkown
|
page readonly
|
||
|
7FFD9B664000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page execute and read and write
|
||
|
214FD910000
|
heap
|
page read and write
|
||
|
214FD7D2000
|
heap
|
page read and write
|
||
|
214FAB42000
|
heap
|
page read and write
|
||
|
214E1147000
|
trusted library allocation
|
page read and write
|
||
|
214FD8D6000
|
heap
|
page read and write
|
||
|
214F9633000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DF480000
|
heap
|
page read and write
|
||
|
214FD8C9000
|
heap
|
page read and write
|
||
|
214FABFD000
|
heap
|
page read and write
|
||
|
214FAC6B000
|
heap
|
page read and write
|
||
|
214FAC6E000
|
heap
|
page read and write
|
||
|
7FFD9B643000
|
trusted library allocation
|
page execute and read and write
|
||
|
214FAC9E000
|
heap
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
214FAAED000
|
heap
|
page read and write
|
||
|
214F956D000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
214F9612000
|
heap
|
page read and write
|
||
|
214F8E60000
|
trusted library allocation
|
page read and write
|
||
|
214DF395000
|
trusted library allocation
|
page read and write
|
||
|
214F9545000
|
heap
|
page read and write
|
||
|
214FD8E0000
|
heap
|
page read and write
|
||
|
214E0F7F000
|
trusted library allocation
|
page read and write
|
||
|
214FD866000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8DC000
|
trusted library allocation
|
page read and write
|
||
|
D7B877E000
|
stack
|
page read and write
|
||
|
214E10CB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8EB000
|
trusted library allocation
|
page read and write
|
||
|
214FD7E0000
|
heap
|
page read and write
|
||
|
214F8E90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F2000
|
trusted library allocation
|
page read and write
|
||
|
214FAAF9000
|
heap
|
page read and write
|
||
|
214E132A000
|
trusted library allocation
|
page read and write
|
||
|
214E12AF000
|
trusted library allocation
|
page read and write
|
||
|
214F9522000
|
heap
|
page read and write
|
||
|
214FAB49000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
214FAC85000
|
heap
|
page read and write
|
||
|
214E1328000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
|
214FD876000
|
heap
|
page read and write
|
||
|
214DF219000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
214F957F000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B64D000
|
trusted library allocation
|
page execute and read and write
|
||
|
214FD8F5000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DF1EC000
|
heap
|
page read and write
|
||
|
214FAAC2000
|
heap
|
page read and write
|
||
|
7FFD9B65D000
|
trusted library allocation
|
page execute and read and write
|
||
|
214DF252000
|
heap
|
page read and write
|
||
|
D7B78FB000
|
stack
|
page read and write
|
||
|
214FAC14000
|
heap
|
page read and write
|
||
|
214F9630000
|
heap
|
page read and write
|
||
|
214DF1BF000
|
heap
|
page read and write
|
||
|
214FAB61000
|
heap
|
page read and write
|
||
|
214F98BB000
|
heap
|
page read and write
|
||
|
D7B843B000
|
stack
|
page read and write
|
||
|
214F9860000
|
heap
|
page read and write
|
||
|
214DEF90000
|
unkown
|
page readonly
|
||
|
D7B823D000
|
stack
|
page read and write
|
||
|
214F9810000
|
heap
|
page execute and read and write
|
||
|
214F9540000
|
heap
|
page read and write
|
||
|
7FFD9B8B8000
|
trusted library allocation
|
page read and write
|
||
|
D7B847E000
|
stack
|
page read and write
|
||
|
D7B76FE000
|
stack
|
page read and write
|
||
|
214FAAD7000
|
heap
|
page read and write
|
||
|
214F9867000
|
heap
|
page read and write
|
||
|
214FAACA000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
214FAAE7000
|
heap
|
page read and write
|
||
|
7FFD9B7F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82A000
|
trusted library allocation
|
page read and write
|
||
|
D7B75FE000
|
stack
|
page read and write
|
||
|
214FAABA000
|
heap
|
page read and write
|
||
|
214FD85D000
|
heap
|
page read and write
|
||
|
214DF4B5000
|
heap
|
page read and write
|
||
|
214F985D000
|
heap
|
page read and write
|
||
|
214FD818000
|
heap
|
page read and write
|
||
|
214FAADA000
|
heap
|
page read and write
|
||
|
214FAC0E000
|
heap
|
page read and write
|
||
|
7FFD9B83B000
|
trusted library allocation
|
page read and write
|
||
|
D7B887B000
|
stack
|
page read and write
|
||
|
214FAB2F000
|
heap
|
page read and write
|
||
|
214FD7E8000
|
heap
|
page read and write
|
||
|
214E1326000
|
trusted library allocation
|
page read and write
|
||
|
214FD6E0000
|
heap
|
page read and write
|
||
|
214E1151000
|
trusted library allocation
|
page read and write
|
||
|
214F9813000
|
heap
|
page execute and read and write
|
There are 219 hidden memdumps, click here to show them.