Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Updater.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Updater.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Updater.exe
|
"C:\Users\user\Desktop\Updater.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://can.thisilient.com
|
unknown
|
||
|
https://can.thisilient.com/r
|
45.33.84.9
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://can.thisilient.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
can.thisilient.com
|
45.33.84.9
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.33.84.9
|
can.thisilient.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Updater_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A8DF734000
|
heap
|
page read and write
|
||
|
D27C1FD000
|
stack
|
page read and write
|
||
|
7FFD349AF000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7BF000
|
heap
|
page read and write
|
||
|
2A8DF7E7000
|
heap
|
page read and write
|
||
|
2A8C55C0000
|
heap
|
page read and write
|
||
|
D27B9FD000
|
stack
|
page read and write
|
||
|
D27ADFE000
|
stack
|
page read and write
|
||
|
7FFD34963000
|
trusted library allocation
|
page read and write
|
||
|
D2789FE000
|
stack
|
page read and write
|
||
|
D279DFE000
|
stack
|
page read and write
|
||
|
2A8C6FDC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
2A8C700C000
|
trusted library allocation
|
page read and write
|
||
|
2A8C702E000
|
trusted library allocation
|
page read and write
|
||
|
2A8C6FD9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34988000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
D27A5F9000
|
stack
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
2A8C53CF000
|
heap
|
page read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2785FF000
|
stack
|
page read and write
|
||
|
2A8C55B5000
|
heap
|
page read and write
|
||
|
D2781F1000
|
stack
|
page read and write
|
||
|
7FF4EB5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D27BDFB000
|
stack
|
page read and write
|
||
|
2A8DF940000
|
heap
|
page read and write
|
||
|
2A8C7032000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A2000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7BC000
|
heap
|
page read and write
|
||
|
7FFD347A4000
|
trusted library allocation
|
page read and write
|
||
|
2A8C7000000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3499B000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF766000
|
heap
|
page read and write
|
||
|
D2799FE000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
D2791FE000
|
stack
|
page read and write
|
||
|
7FFD34981000
|
trusted library allocation
|
page read and write
|
||
|
2A8C53A0000
|
heap
|
page read and write
|
||
|
2A8DF700000
|
heap
|
page read and write
|
||
|
7FFD3495F000
|
trusted library allocation
|
page read and write
|
||
|
2A8C5570000
|
heap
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347C4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349A5000
|
trusted library allocation
|
page read and write
|
||
|
D277B8F000
|
stack
|
page read and write
|
||
|
2A8C567A000
|
heap
|
page read and write
|
||
|
7FFD34986000
|
trusted library allocation
|
page read and write
|
||
|
2A8C53A6000
|
heap
|
page read and write
|
||
|
7FFD34856000
|
trusted library allocation
|
page read and write
|
||
|
D27CDFE000
|
stack
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page execute and read and write
|
||
|
D277B4E000
|
stack
|
page read and write
|
||
|
2A8C53CB000
|
heap
|
page read and write
|
||
|
D27A9FE000
|
stack
|
page read and write
|
||
|
2A8C7003000
|
trusted library allocation
|
page read and write
|
||
|
2A8C55B0000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
2A8C540D000
|
heap
|
page read and write
|
||
|
2A8C701E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
2A8C6E60000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7FD000
|
heap
|
page read and write
|
||
|
D27A1FE000
|
stack
|
page read and write
|
||
|
2A8C53E2000
|
heap
|
page read and write
|
||
|
2A8C5670000
|
heap
|
page read and write
|
||
|
2A8C55BA000
|
heap
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
2A8C6F20000
|
heap
|
page read and write
|
||
|
7FFD34955000
|
trusted library allocation
|
page read and write
|
||
|
2A8C6FF8000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7CE000
|
heap
|
page read and write
|
||
|
7FFD3495A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B8000
|
trusted library allocation
|
page read and write
|
||
|
D27B5FE000
|
stack
|
page read and write
|
||
|
7FFD347CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8C5610000
|
trusted library allocation
|
page read and write
|
||
|
2A8C5390000
|
heap
|
page read and write
|
||
|
2A8C6EF0000
|
heap
|
page execute and read and write
|
||
|
7FFD34984000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
2A8C5675000
|
heap
|
page read and write
|
||
|
7FFD34886000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
D278DFE000
|
stack
|
page read and write
|
||
|
2A8C53AC000
|
heap
|
page read and write
|
||
|
7FFD347B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8DF708000
|
heap
|
page read and write
|
||
|
2A8C6E80000
|
heap
|
page execute and read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
D2795FD000
|
stack
|
page read and write
|
||
|
D27B1FD000
|
stack
|
page read and write
|
||
|
2A8C5590000
|
heap
|
page read and write
|
||
|
2A8DF94A000
|
heap
|
page read and write
|
||
|
D27C9FA000
|
stack
|
page read and write
|
||
|
2A8C5302000
|
unkown
|
page readonly
|
||
|
7FFD347A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3496A000
|
trusted library allocation
|
page read and write
|
||
|
2A8D6F31000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7E5000
|
heap
|
page read and write
|
||
|
7FFD347FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
2A8C53E0000
|
heap
|
page read and write
|
||
|
2A8C7034000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3485C000
|
trusted library allocation
|
page execute and read and write
|
||
|
D27C5FE000
|
stack
|
page read and write
|
||
|
2A8C6F31000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
2A8C703C000
|
trusted library allocation
|
page read and write
|
||
|
2A8C5630000
|
trusted library allocation
|
page read and write
|
||
|
2A8C5300000
|
unkown
|
page readonly
|
||
|
2A8C5419000
|
heap
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
2A8DF7AD000
|
heap
|
page read and write
|
There are 112 hidden memdumps, click here to show them.