Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Payload.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Payload.exe.log
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Payload.exe
|
"C:\Users\user\Desktop\Payload.exe"
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe
|
"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Payload.exe"
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
C12000
|
unkown
|
page readonly
|
||
126E000
|
stack
|
page read and write
|
||
10F1000
|
heap
|
page read and write
|
||
1B9DE000
|
stack
|
page read and write
|
||
14B5000
|
heap
|
page read and write
|
||
7FFD9B8F4000
|
trusted library allocation
|
page read and write
|
||
2E20000
|
heap
|
page read and write
|
||
1B8A0000
|
heap
|
page read and write
|
||
15F0000
|
heap
|
page execute and read and write
|
||
1B3BD000
|
stack
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
FE0000
|
heap
|
page execute and read and write
|
||
7FFD9B9AC000
|
trusted library allocation
|
page execute and read and write
|
||
1187000
|
heap
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
107C000
|
heap
|
page read and write
|
||
10DC000
|
heap
|
page read and write
|
||
2F0E000
|
stack
|
page read and write
|
||
166B000
|
heap
|
page read and write
|
||
EF4000
|
stack
|
page read and write
|
||
7FFD9B9D6000
|
trusted library allocation
|
page execute and read and write
|
||
1060000
|
heap
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
10BC000
|
heap
|
page read and write
|
||
12F13000
|
trusted library allocation
|
page read and write
|
||
1B97E000
|
stack
|
page read and write
|
||
2F11000
|
trusted library allocation
|
page read and write
|
||
1BD80000
|
heap
|
page execute and read and write
|
||
DC0000
|
heap
|
page read and write
|
||
10A6000
|
heap
|
page read and write
|
||
13CF000
|
stack
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
DE0000
|
heap
|
page read and write
|
||
B90000
|
heap
|
page read and write
|
||
7FFD9BAA0000
|
trusted library allocation
|
page execute and read and write
|
||
14B0000
|
heap
|
page read and write
|
||
1120000
|
heap
|
page read and write
|
||
1665000
|
heap
|
page read and write
|
||
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
1185000
|
heap
|
page read and write
|
||
10DE000
|
heap
|
page read and write
|
||
137F000
|
stack
|
page read and write
|
||
12F17000
|
trusted library allocation
|
page read and write
|
||
C10000
|
unkown
|
page readonly
|
||
1BBDE000
|
stack
|
page read and write
|
||
11A6000
|
heap
|
page read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B90D000
|
trusted library allocation
|
page execute and read and write
|
||
15E0000
|
heap
|
page read and write
|
||
1B870000
|
heap
|
page read and write
|
||
1610000
|
heap
|
page read and write
|
||
10B6000
|
heap
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
1195000
|
heap
|
page read and write
|
||
7FF48C6A0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B91B000
|
trusted library allocation
|
page execute and read and write
|
||
1660000
|
heap
|
page read and write
|
||
11A9000
|
heap
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
12C5000
|
heap
|
page read and write
|
||
7FFD9B91D000
|
trusted library allocation
|
page execute and read and write
|
||
1070000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
10E3000
|
heap
|
page read and write
|
||
1127000
|
heap
|
page read and write
|
||
10B6000
|
heap
|
page read and write
|
||
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
D54000
|
stack
|
page read and write
|
||
109C000
|
heap
|
page read and write
|
||
12C0000
|
heap
|
page read and write
|
||
1070000
|
heap
|
page read and write
|
||
10B0000
|
heap
|
page read and write
|
||
12F11000
|
trusted library allocation
|
page read and write
|
||
1B7FE000
|
stack
|
page read and write
|
||
10E6000
|
heap
|
page read and write
|
||
1073000
|
trusted library allocation
|
page read and write
|
||
10E2000
|
heap
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
1050000
|
trusted library allocation
|
page read and write
|
||
12E35000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8FD000
|
trusted library allocation
|
page execute and read and write
|
||
1BADF000
|
stack
|
page read and write
|
||
1C790000
|
heap
|
page read and write
|
||
2D5E000
|
stack
|
page read and write
|
||
D90000
|
heap
|
page read and write
|