Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Scan_PDF_3008059384.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\B96Z294P.log
|
Unicode text, UTF-16, little-endian text, with very long lines (653), with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Scan_PDF_3008059384.exe
|
"C:\Users\user\Desktop\Scan_PDF_3008059384.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://app.cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=kkl22.ddns
|
unknown
|
||
|
https://app.cloudfiles-secure.io
|
unknown
|
||
|
https://app.cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=
|
unknown
|
||
|
http://ns.adobe.
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://app.cloudfiles-secure.io/Bin/ScreenConnect.Client.a
|
unknown
|
||
|
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Mic
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
app.cloudfiles-secure.io
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C
|
Blob
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4C2272FBA7A7380F55E2A424E9E624AEE1C14579
|
Blob
|
||
|
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
|
ComponentStore_RandomString
|
||
|
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0
|
ComponentStore_RandomString
|
||
|
HKEY_CURRENT_USER_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\StateManager
|
StateStore_RandomString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\dfsvc_RASMANCS
|
FileDirectory
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
19EA7E60000
|
heap
|
page read and write
|
||
|
19EA7E0B000
|
heap
|
page read and write
|
||
|
19E8DA48000
|
heap
|
page read and write
|
||
|
7FF7C0D4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA7D86000
|
heap
|
page read and write
|
||
|
F51000
|
unkown
|
page write copy
|
||
|
273E000
|
stack
|
page read and write
|
||
|
7FF7C0F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA840B000
|
heap
|
page read and write
|
||
|
19E9F6C1000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
7FF7C0D22000
|
trusted library allocation
|
page read and write
|
||
|
F53000
|
unkown
|
page readonly
|
||
|
7FF7C0D30000
|
trusted library allocation
|
page read and write
|
||
|
19EA7D80000
|
heap
|
page read and write
|
||
|
19EA7E66000
|
heap
|
page read and write
|
||
|
7FF7C0DD6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA8415000
|
heap
|
page read and write
|
||
|
F4B000
|
unkown
|
page readonly
|
||
|
19EA8431000
|
heap
|
page read and write
|
||
|
19E8F6B0000
|
heap
|
page read and write
|
||
|
19EA7E34000
|
heap
|
page read and write
|
||
|
19EA7E32000
|
heap
|
page read and write
|
||
|
7FF7C0EE0000
|
trusted library allocation
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
7FF7C0ED0000
|
trusted library allocation
|
page read and write
|
||
|
19EA7E79000
|
heap
|
page read and write
|
||
|
19EA9537000
|
heap
|
page read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
19E8F76D000
|
trusted library allocation
|
page read and write
|
||
|
47899E000
|
stack
|
page read and write
|
||
|
7FF7C0D40000
|
trusted library allocation
|
page read and write
|
||
|
19E8F78E000
|
trusted library allocation
|
page read and write
|
||
|
F51000
|
unkown
|
page read and write
|
||
|
19E8F6E3000
|
trusted library allocation
|
page read and write
|
||
|
19E8D970000
|
heap
|
page read and write
|
||
|
7FF7C0D44000
|
trusted library allocation
|
page read and write
|
||
|
19E8DD25000
|
heap
|
page read and write
|
||
|
EB000
|
stack
|
page read and write
|
||
|
19EA7DAF000
|
heap
|
page read and write
|
||
|
19EA97C0000
|
heap
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
60E000
|
stack
|
page read and write
|
||
|
4798FE000
|
stack
|
page read and write
|
||
|
479DFE000
|
stack
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
19E8F782000
|
trusted library allocation
|
page read and write
|
||
|
19E8F77C000
|
trusted library allocation
|
page read and write
|
||
|
19EA7E1C000
|
heap
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
19E8F6C1000
|
trusted library allocation
|
page read and write
|
||
|
19EA7DE3000
|
heap
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
19E8DA00000
|
heap
|
page read and write
|
||
|
19E8DD55000
|
heap
|
page read and write
|
||
|
19E8F890000
|
trusted library allocation
|
page read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
7FF7C0EF0000
|
trusted library allocation
|
page read and write
|
||
|
19E8F888000
|
trusted library allocation
|
page read and write
|
||
|
19E8DA09000
|
heap
|
page read and write
|
||
|
4791FE000
|
stack
|
page read and write
|
||
|
F41000
|
unkown
|
page execute read
|
||
|
19E8F77F000
|
trusted library allocation
|
page read and write
|
||
|
478FFE000
|
stack
|
page read and write
|
||
|
19EA9548000
|
heap
|
page read and write
|
||
|
19E8F944000
|
trusted library allocation
|
page read and write
|
||
|
19E9F6D1000
|
trusted library allocation
|
page read and write
|
||
|
19EA83F0000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
19E8DD20000
|
heap
|
page read and write
|
||
|
7FF7C0D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E8DAE4000
|
heap
|
page read and write
|
||
|
19EA9510000
|
heap
|
page read and write
|
||
|
19E9F6CE000
|
trusted library allocation
|
page read and write
|
||
|
19E8F7D8000
|
trusted library allocation
|
page read and write
|
||
|
19EA8140000
|
heap
|
page read and write
|
||
|
19EA8143000
|
heap
|
page read and write
|
||
|
19E8F785000
|
trusted library allocation
|
page read and write
|
||
|
19E8DA3A000
|
heap
|
page read and write
|
||
|
7FF7C0D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA7E1E000
|
heap
|
page read and write
|
||
|
7FF7C0D24000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0D20000
|
trusted library allocation
|
page read and write
|
||
|
19E8D9B0000
|
heap
|
page read and write
|
||
|
19E8DA5C000
|
heap
|
page read and write
|
||
|
19EA7E6E000
|
heap
|
page read and write
|
||
|
19E8DA1B000
|
heap
|
page read and write
|
||
|
19EA8260000
|
heap
|
page read and write
|
||
|
19E8F6EA000
|
trusted library allocation
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
19EA8500000
|
heap
|
page read and write
|
||
|
7FF7C0EC0000
|
trusted library allocation
|
page read and write
|
||
|
19E8DA3C000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
19E8F6A0000
|
heap
|
page read and write
|
||
|
19EA7E73000
|
heap
|
page read and write
|
||
|
19EA83E0000
|
heap
|
page read and write
|
||
|
4795FA000
|
stack
|
page read and write
|
||
|
19E8F832000
|
trusted library allocation
|
page read and write
|
||
|
19EA954B000
|
heap
|
page read and write
|
||
|
479AFD000
|
stack
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
19E8F824000
|
trusted library allocation
|
page read and write
|
||
|
19E8DD40000
|
trusted library section
|
page readonly
|
||
|
68B000
|
heap
|
page read and write
|
||
|
19EA7E54000
|
heap
|
page read and write
|
||
|
7FF7C0DDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E8F779000
|
trusted library allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
4794EA000
|
stack
|
page read and write
|
||
|
7FF7C0DD0000
|
trusted library allocation
|
page read and write
|
||
|
479CFE000
|
stack
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
F4B000
|
unkown
|
page readonly
|
||
|
19EA7E80000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
4799FE000
|
stack
|
page read and write
|
||
|
92E000
|
stack
|
page read and write
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
4796FD000
|
stack
|
page read and write
|
||
|
19EA8505000
|
heap
|
page read and write
|
||
|
479BFD000
|
stack
|
page read and write
|
||
|
19EA8293000
|
heap
|
page execute and read and write
|
||
|
19E8DA4A000
|
heap
|
page read and write
|
||
|
19E8DBF0000
|
trusted library allocation
|
page read and write
|
||
|
19EA7DB6000
|
heap
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
7FF4FAC20000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA953C000
|
heap
|
page read and write
|
||
|
7FF7C0F00000
|
trusted library allocation
|
page read and write
|
||
|
19E8DCC0000
|
heap
|
page read and write
|
||
|
64B000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
F53000
|
unkown
|
page readonly
|
||
|
19EA7D95000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
||
|
19E8DCB0000
|
heap
|
page execute and read and write
|
||
|
7FF7C0F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA9C12000
|
trusted library allocation
|
page read and write
|
||
|
19E8F92F000
|
trusted library allocation
|
page read and write
|
||
|
F41000
|
unkown
|
page execute read
|
||
|
19E8F6E6000
|
trusted library allocation
|
page read and write
|
||
|
19E8F788000
|
trusted library allocation
|
page read and write
|
||
|
19E8D960000
|
heap
|
page read and write
|
||
|
19E8DC40000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E8DA40000
|
heap
|
page read and write
|
||
|
1EC000
|
stack
|
page read and write
|
||
|
19EA841D000
|
heap
|
page read and write
|
||
|
19E8DD50000
|
heap
|
page read and write
|
||
|
4789DF000
|
stack
|
page read and write
|
||
|
7FF7C0E06000
|
trusted library allocation
|
page execute and read and write
|
||
|
19E8F873000
|
trusted library allocation
|
page read and write
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
19E8DA84000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
19E8F83A000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0D32000
|
trusted library allocation
|
page read and write
|
||
|
478CF3000
|
stack
|
page read and write
|
||
|
7FF7C0DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19EA7E16000
|
heap
|
page read and write
|
||
|
19E8DAFB000
|
heap
|
page read and write
|
||
|
4793F8000
|
stack
|
page read and write
|
||
|
19EA7E62000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
19E8D990000
|
heap
|
page read and write
|
||
|
19E8DCE0000
|
heap
|
page execute and read and write
|
||
|
19E8F6CA000
|
trusted library allocation
|
page read and write
|
||
|
19EA7E5C000
|
heap
|
page read and write
|
||
|
4792FE000
|
stack
|
page read and write
|
||
|
19E8DBD0000
|
trusted library allocation
|
page read and write
|
||
|
19EA8290000
|
heap
|
page execute and read and write
|
||
|
4790FC000
|
stack
|
page read and write
|
||
|
19EA8445000
|
heap
|
page read and write
|
There are 170 hidden memdumps, click here to show them.