Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Pulse Secure Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Pulse Secure Installer.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFC18C.tmp
|
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFF58B.tmp
|
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TmpF23D.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TmpF24E.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Pulse Secure Installer.exe
|
"C:\Users\user\Desktop\Pulse Secure Installer.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.datacontract.org/2004/07/StoreInstaller.Models
|
unknown
|
||
|
http://foo/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://schemas.datacontract.org/
|
unknown
|
||
|
http://schemas.datacontract.org
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.UniversalStore.DisplayCatalog.Contracts.Version7.R
|
unknown
|
||
|
http://foo/bar/resources/storeapplist.light.png
|
unknown
|
||
|
http://www.w3.oh
|
unknown
|
||
|
https://store-images.s-microsoh
|
unknown
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Pulse Secure Installer_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Top
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C8DF380000
|
heap
|
page read and write
|
||
|
1C8DD5B2000
|
unkown
|
page readonly
|
||
|
1C8FCCDE000
|
heap
|
page read and write
|
||
|
1C8F7B06000
|
heap
|
page read and write
|
||
|
6268EEE000
|
stack
|
page read and write
|
||
|
1C8FC03C000
|
heap
|
page read and write
|
||
|
1C8DD970000
|
heap
|
page read and write
|
||
|
1C8FCD28000
|
heap
|
page read and write
|
||
|
1C8FCCF7000
|
heap
|
page read and write
|
||
|
1C8F7E00000
|
heap
|
page read and write
|
||
|
1C8F7AC6000
|
heap
|
page read and write
|
||
|
1C8FBE41000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
626A939000
|
stack
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FCCD4000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF190000
|
trusted library allocation
|
page read and write
|
||
|
1C8FCE12000
|
heap
|
page read and write
|
||
|
1C8F7C90000
|
heap
|
page execute and read and write
|
||
|
1C8F7B24000
|
heap
|
page read and write
|
||
|
1C8DF4AF000
|
trusted library allocation
|
page read and write
|
||
|
1C8F9136000
|
heap
|
page read and write
|
||
|
7FF848FFA000
|
trusted library allocation
|
page read and write
|
||
|
1C8EF391000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7AA7000
|
heap
|
page read and write
|
||
|
1C8DF97A000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF84908D000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
6269EFD000
|
stack
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBE4E000
|
heap
|
page read and write
|
||
|
1C8F7D8C000
|
heap
|
page read and write
|
||
|
1C8DF96A000
|
trusted library allocation
|
page read and write
|
||
|
1C8FC802000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBF72000
|
heap
|
page read and write
|
||
|
1C8FBFAE000
|
heap
|
page read and write
|
||
|
1C8F7390000
|
trusted library allocation
|
page read and write
|
||
|
62697FB000
|
stack
|
page read and write
|
||
|
1C8F7D33000
|
heap
|
page execute and read and write
|
||
|
7FF84906F000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBECA000
|
heap
|
page read and write
|
||
|
1C8FBEE4000
|
heap
|
page read and write
|
||
|
1C8FBDF8000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD928000
|
heap
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7A86000
|
heap
|
page read and write
|
||
|
1C8FC05E000
|
heap
|
page read and write
|
||
|
1C8DD845000
|
heap
|
page read and write
|
||
|
1C8F7D7D000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
1C8F9246000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8DD850000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBF66000
|
heap
|
page read and write
|
||
|
1C8FBE47000
|
heap
|
page read and write
|
||
|
1C8F9167000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBEBF000
|
heap
|
page read and write
|
||
|
1C8DF85B000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBE6E000
|
heap
|
page read and write
|
||
|
1C8DDB30000
|
heap
|
page read and write
|
||
|
1C8F7B50000
|
heap
|
page read and write
|
||
|
1C8DD5B0000
|
unkown
|
page readonly
|
||
|
7FF84900B000
|
trusted library allocation
|
page read and write
|
||
|
626A53F000
|
stack
|
page read and write
|
||
|
1C8DD8B9000
|
heap
|
page read and write
|
||
|
1C8DF9F2000
|
trusted library allocation
|
page read and write
|
||
|
1C8EF3AD000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7A91000
|
heap
|
page read and write
|
||
|
1C8F9098000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8F73C0000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF7EC000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF7F7000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD950000
|
heap
|
page read and write
|
||
|
1C8F9148000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF732000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC2000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF8490D8000
|
trusted library allocation
|
page read and write
|
||
|
626A837000
|
stack
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF819000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF170000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7B11000
|
heap
|
page read and write
|
||
|
1C8FCCD0000
|
heap
|
page read and write
|
||
|
1C8FBF03000
|
heap
|
page read and write
|
||
|
1C8FBE32000
|
heap
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490AB000
|
trusted library allocation
|
page read and write
|
||
|
1C8F90E1000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
1C8F90CD000
|
heap
|
page read and write
|
||
|
1C8F91FD000
|
heap
|
page read and write
|
||
|
1C8DDB35000
|
heap
|
page read and write
|
||
|
1C8DD88F000
|
heap
|
page read and write
|
||
|
1C8DD84E000
|
heap
|
page read and write
|
||
|
1C8F7B22000
|
heap
|
page read and write
|
||
|
1C8FCD2F000
|
heap
|
page read and write
|
||
|
62690FE000
|
stack
|
page read and write
|
||
|
1C8DF1F9000
|
heap
|
page read and write
|
||
|
1C8FBF22000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8DF922000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD820000
|
heap
|
page read and write
|
||
|
1C8F7B90000
|
heap
|
page read and write
|
||
|
1C8F7A50000
|
heap
|
page read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8FBFBA000
|
heap
|
page read and write
|
||
|
1C8F7B16000
|
heap
|
page read and write
|
||
|
1C8F7ABA000
|
heap
|
page read and write
|
||
|
1C8F9129000
|
heap
|
page read and write
|
||
|
1C8DF857000
|
trusted library allocation
|
page read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
6268BBF000
|
stack
|
page read and write
|
||
|
1C8FBF6C000
|
heap
|
page read and write
|
||
|
1C8F7AFF000
|
heap
|
page read and write
|
||
|
7FF8490F5000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD84C000
|
heap
|
page read and write
|
||
|
1C8F7A82000
|
heap
|
page read and write
|
||
|
1C8F90AE000
|
heap
|
page read and write
|
||
|
1C8DD88D000
|
heap
|
page read and write
|
||
|
1C8FBEEA000
|
heap
|
page read and write
|
||
|
1C8F7D86000
|
heap
|
page read and write
|
||
|
7FF84906A000
|
trusted library allocation
|
page read and write
|
||
|
1C8DFE4A000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490A1000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBE60000
|
heap
|
page read and write
|
||
|
1C8F7AAA000
|
heap
|
page read and write
|
||
|
7FF848FC4000
|
trusted library allocation
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
626A13F000
|
stack
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
6268BFE000
|
stack
|
page read and write
|
||
|
62696FA000
|
stack
|
page read and write
|
||
|
1C8FCD49000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBEC8000
|
heap
|
page read and write
|
||
|
1C8FCD22000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8FBFBE000
|
heap
|
page read and write
|
||
|
7FF8490AF000
|
trusted library allocation
|
page read and write
|
||
|
62695FE000
|
stack
|
page read and write
|
||
|
1C8F9116000
|
heap
|
page read and write
|
||
|
1C8F7B0D000
|
heap
|
page read and write
|
||
|
7FF84912E000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7DA6000
|
heap
|
page read and write
|
||
|
1C8FBE53000
|
heap
|
page read and write
|
||
|
1C8FC052000
|
heap
|
page read and write
|
||
|
1C8DFD1C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FFE000
|
trusted library allocation
|
page read and write
|
||
|
1C8F91ED000
|
heap
|
page read and write
|
||
|
1C8FBF68000
|
heap
|
page read and write
|
||
|
1C8FBFC2000
|
heap
|
page read and write
|
||
|
1C8FBF24000
|
heap
|
page read and write
|
||
|
1C8FBEF0000
|
heap
|
page read and write
|
||
|
1C8DF391000
|
trusted library allocation
|
page read and write
|
||
|
1C8FCCFE000
|
heap
|
page read and write
|
||
|
1C8DD840000
|
heap
|
page read and write
|
||
|
1C8F928E000
|
heap
|
page read and write
|
||
|
626AB34000
|
stack
|
page read and write
|
||
|
1C8DF805000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBF92000
|
heap
|
page read and write
|
||
|
1C8FCCE4000
|
heap
|
page read and write
|
||
|
1C8F7B42000
|
heap
|
page read and write
|
||
|
1C8FBEC5000
|
heap
|
page read and write
|
||
|
1C8FBF17000
|
heap
|
page read and write
|
||
|
1C8F9132000
|
heap
|
page read and write
|
||
|
62691FE000
|
stack
|
page read and write
|
||
|
1C8DD8BF000
|
heap
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7D30000
|
heap
|
page execute and read and write
|
||
|
62694FE000
|
stack
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8F7D40000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page execute and read and write
|
||
|
6269BFB000
|
stack
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7B93000
|
heap
|
page read and write
|
||
|
1C8DD5B0000
|
unkown
|
page readonly
|
||
|
62693FB000
|
stack
|
page read and write
|
||
|
1C8F9155000
|
heap
|
page read and write
|
||
|
1C8FBD30000
|
heap
|
page read and write
|
||
|
1C8F925A000
|
heap
|
page read and write
|
||
|
1C8F7AA1000
|
heap
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8F7A6B000
|
heap
|
page read and write
|
||
|
1C8F9277000
|
heap
|
page read and write
|
||
|
1C8DF7D4000
|
trusted library allocation
|
page read and write
|
||
|
62699F1000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FC056000
|
heap
|
page read and write
|
||
|
1C8F920A000
|
heap
|
page read and write
|
||
|
1C8FBE5C000
|
heap
|
page read and write
|
||
|
1C8DFD24000
|
trusted library allocation
|
page read and write
|
||
|
626A03E000
|
stack
|
page read and write
|
||
|
1C8F9204000
|
heap
|
page read and write
|
||
|
7FF8490A3000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBEA0000
|
heap
|
page read and write
|
||
|
1C8F7B4B000
|
heap
|
page read and write
|
||
|
1C8DF91C000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF7FB000
|
trusted library allocation
|
page read and write
|
||
|
1C8DF774000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBEB3000
|
heap
|
page read and write
|
||
|
1C8DF7EE000
|
trusted library allocation
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
1C8FCD0D000
|
heap
|
page read and write
|
||
|
6268FFE000
|
stack
|
page read and write
|
||
|
1C8FC059000
|
heap
|
page read and write
|
||
|
7FF849006000
|
trusted library allocation
|
page read and write
|
||
|
6269AF7000
|
stack
|
page read and write
|
||
|
1C8F9094000
|
heap
|
page read and write
|
||
|
1C8DD740000
|
heap
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8F7A60000
|
heap
|
page read and write
|
||
|
1C8DF370000
|
trusted library allocation
|
page read and write
|
||
|
1C8F90F6000
|
heap
|
page read and write
|
||
|
6269DFD000
|
stack
|
page read and write
|
||
|
1C8F7B4E000
|
heap
|
page read and write
|
||
|
1C8F7D59000
|
heap
|
page read and write
|
||
|
6269CFE000
|
stack
|
page read and write
|
||
|
1C8DF756000
|
trusted library allocation
|
page read and write
|
||
|
626A43C000
|
stack
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8F7D50000
|
heap
|
page read and write
|
||
|
626A33C000
|
stack
|
page read and write
|
||
|
1C8FCCEC000
|
heap
|
page read and write
|
||
|
1C8F9284000
|
heap
|
page read and write
|
||
|
1C8FBE57000
|
heap
|
page read and write
|
||
|
7FF467C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C8DD69C000
|
unkown
|
page readonly
|
||
|
1C8DF1E0000
|
heap
|
page execute and read and write
|
||
|
6269FFE000
|
stack
|
page read and write
|
||
|
1C8F90B9000
|
heap
|
page read and write
|
||
|
62692FE000
|
stack
|
page read and write
|
||
|
1C8F7A5B000
|
heap
|
page read and write
|
||
|
1C8DD91C000
|
heap
|
page read and write
|
||
|
1C8DF5FB000
|
trusted library allocation
|
page read and write
|
||
|
1C8F7D9E000
|
heap
|
page read and write
|
||
|
1C8DFD08000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBEAF000
|
heap
|
page read and write
|
||
|
1C8DFE4C000
|
trusted library allocation
|
page read and write
|
||
|
1C8FC06D000
|
heap
|
page read and write
|
||
|
1C8DF801000
|
trusted library allocation
|
page read and write
|
||
|
1C8FBECE000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD86C000
|
heap
|
page read and write
|
||
|
1C8F7B80000
|
trusted library section
|
page readonly
|
||
|
1C8DF79F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
There are 251 hidden memdumps, click here to show them.