IOC Report
uw7vXaPNPF.exe

loading gif

Files

File Path
Type
Category
Malicious
uw7vXaPNPF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\uw7vXaPNPF.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\uw7vXaPNPF.exe
"C:\Users\user\Desktop\uw7vXaPNPF.exe"
malicious

Domains

Name
IP
Malicious
s-part-0035.t-0009.t-msedge.net
13.107.246.63

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
4E3B000
trusted library allocation
page execute and read and write
B6A000
unkown
page execute and read and write
4E30000
trusted library allocation
page read and write
3BEE000
stack
page read and write
DDE000
stack
page read and write
BF3000
unkown
page execute and read and write
5090000
trusted library allocation
page execute and read and write
3F6F000
stack
page read and write
944000
heap
page read and write
BE6000
unkown
page execute and read and write
10FF000
stack
page read and write
BFC000
unkown
page execute and read and write
4CDA000
trusted library allocation
page execute and read and write
D9B000
stack
page read and write
B9B000
unkown
page execute and read and write
BA2000
unkown
page execute and write copy
9E4000
unkown
page execute and write copy
BE1000
unkown
page execute and read and write
3A6F000
stack
page read and write
5131000
trusted library allocation
page read and write
2F6E000
stack
page read and write
4D2B000
stack
page read and write
BDA000
unkown
page execute and write copy
73AE000
stack
page read and write
73B0000
heap
page execute and read and write
BAC000
unkown
page execute and read and write
45AF000
stack
page read and write
32EF000
stack
page read and write
4C70000
trusted library allocation
page read and write
9B0000
heap
page read and write
2D2F000
stack
page read and write
2F2F000
stack
page read and write
382E000
stack
page read and write
11CC000
heap
page read and write
1150000
direct allocation
page read and write
482F000
stack
page read and write
4E37000
trusted library allocation
page execute and read and write
B5F000
unkown
page execute and read and write
40AF000
stack
page read and write
4F9E000
stack
page read and write
944000
heap
page read and write
1150000
direct allocation
page read and write
C82000
unkown
page execute and write copy
BD4000
unkown
page execute and read and write
396E000
stack
page read and write
1150000
direct allocation
page read and write
44AE000
stack
page read and write
4CB4000
trusted library allocation
page read and write
C07000
unkown
page execute and read and write
136F000
stack
page read and write
732F000
stack
page read and write
4C70000
heap
page read and write
6131000
trusted library allocation
page read and write
432F000
stack
page read and write
944000
heap
page read and write
4CB3000
trusted library allocation
page execute and read and write
BFE000
unkown
page execute and write copy
8FE000
stack
page read and write
11AD000
heap
page read and write
4CC0000
trusted library allocation
page read and write
944000
heap
page read and write
4E2F000
stack
page read and write
B43000
unkown
page execute and read and write
B6A000
unkown
page execute and write copy
9DA000
unkown
page execute and read and write
2C27000
heap
page read and write
11B9000
heap
page read and write
1150000
direct allocation
page read and write
11BB000
heap
page read and write
392F000
stack
page read and write
4CB0000
direct allocation
page execute and read and write
1170000
heap
page read and write
C84000
unkown
page execute and write copy
50A0000
trusted library allocation
page read and write
944000
heap
page read and write
B6C000
unkown
page execute and write copy
71C000
stack
page read and write
3D2E000
stack
page read and write
6155000
trusted library allocation
page read and write
944000
heap
page read and write
944000
heap
page read and write
C09000
unkown
page execute and write copy
342F000
stack
page read and write
722D000
stack
page read and write
736E000
stack
page read and write
9DA000
unkown
page execute and write copy
944000
heap
page read and write
4B81000
heap
page read and write
11B7000
heap
page read and write
944000
heap
page read and write
346E000
stack
page read and write
880000
heap
page read and write
2C0F000
stack
page read and write
472E000
stack
page read and write
B46000
unkown
page execute and write copy
45EE000
stack
page read and write
3AAE000
stack
page read and write
B6E000
unkown
page execute and write copy
36EE000
stack
page read and write
31EE000
stack
page read and write
422E000
stack
page read and write
2C10000
direct allocation
page read and write
4CA0000
trusted library allocation
page read and write
DF0000
direct allocation
page read and write
C10000
unkown
page execute and read and write
890000
heap
page read and write
4E9E000
stack
page read and write
117A000
heap
page read and write
117E000
heap
page read and write
BD5000
unkown
page execute and write copy
940000
heap
page read and write
1150000
direct allocation
page read and write
B99000
unkown
page execute and write copy
BB6000
unkown
page execute and write copy
4E30000
direct allocation
page execute and read and write
C23000
unkown
page execute and write copy
C82000
unkown
page execute and read and write
1150000
direct allocation
page read and write
1150000
direct allocation
page read and write
3BAF000
stack
page read and write
C25000
unkown
page execute and read and write
1150000
direct allocation
page read and write
BEE000
unkown
page execute and write copy
50EE000
stack
page read and write
46EF000
stack
page read and write
BD9000
unkown
page execute and read and write
B6F000
unkown
page execute and read and write
74BE000
stack
page read and write
5120000
heap
page execute and read and write
2C20000
heap
page read and write
2E2F000
stack
page read and write
4B71000
heap
page read and write
1150000
direct allocation
page read and write
819000
stack
page read and write
93E000
stack
page read and write
9D0000
unkown
page readonly
9D2000
unkown
page execute and read and write
41EF000
stack
page read and write
C71000
unkown
page execute and write copy
C6B000
unkown
page execute and write copy
11AF000
heap
page read and write
40EE000
stack
page read and write
9E5000
unkown
page execute and read and write
1150000
direct allocation
page read and write
944000
heap
page read and write
3CEF000
stack
page read and write
4B71000
heap
page read and write
944000
heap
page read and write
4CBD000
trusted library allocation
page execute and read and write
37EF000
stack
page read and write
BB8000
unkown
page execute and read and write
944000
heap
page read and write
332E000
stack
page read and write
4B71000
heap
page read and write
50B0000
trusted library allocation
page read and write
3E2F000
stack
page read and write
30AE000
stack
page read and write
2C10000
direct allocation
page read and write
BD1000
unkown
page execute and write copy
9D2000
unkown
page execute and write copy
113E000
stack
page read and write
BE2000
unkown
page execute and write copy
4CE0000
heap
page read and write
9D6000
unkown
page write copy
4B71000
heap
page read and write
306F000
stack
page read and write
4CD0000
trusted library allocation
page read and write
B6D000
unkown
page execute and read and write
436E000
stack
page read and write
4CC4000
trusted library allocation
page read and write
35AE000
stack
page read and write
1150000
direct allocation
page read and write
31AF000
stack
page read and write
4E50000
trusted library allocation
page read and write
BFB000
unkown
page execute and write copy
944000
heap
page read and write
944000
heap
page read and write
1150000
direct allocation
page read and write
11BF000
heap
page read and write
9E6000
unkown
page execute and write copy
9D0000
unkown
page read and write
6134000
trusted library allocation
page read and write
9AE000
stack
page read and write
508C000
stack
page read and write
C02000
unkown
page execute and read and write
C04000
unkown
page execute and write copy
4B71000
heap
page read and write
9D6000
unkown
page write copy
4B71000
heap
page read and write
75BE000
stack
page read and write
446F000
stack
page read and write
C71000
unkown
page execute and write copy
944000
heap
page read and write
36AF000
stack
page read and write
1150000
direct allocation
page read and write
C84000
unkown
page execute and write copy
4B70000
heap
page read and write
944000
heap
page read and write
944000
heap
page read and write
3E6E000
stack
page read and write
3FAE000
stack
page read and write
1150000
direct allocation
page read and write
944000
heap
page read and write
11FF000
heap
page read and write
4FA0000
heap
page read and write
356F000
stack
page read and write
There are 196 hidden memdumps, click here to show them.