Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1171000
|
unkown
|
page execute and write copy
|
||
|
11BF000
|
unkown
|
page execute and write copy
|
||
|
11FD000
|
unkown
|
page execute and read and write
|
||
|
117C000
|
unkown
|
page execute and read and write
|
||
|
11FC000
|
unkown
|
page execute and write copy
|
||
|
4FB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
11A1000
|
unkown
|
page execute and read and write
|
||
|
786F000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
136D000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
116A000
|
unkown
|
page execute and read and write
|
||
|
1175000
|
unkown
|
page execute and write copy
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
4F50000
|
direct allocation
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
1154000
|
unkown
|
page execute and read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
10F9000
|
unkown
|
page execute and read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
1116000
|
unkown
|
page execute and write copy
|
||
|
4FD0000
|
direct allocation
|
page execute and read and write
|
||
|
10F9000
|
unkown
|
page execute and write copy
|
||
|
1310000
|
heap
|
page read and write
|
||
|
1189000
|
unkown
|
page execute and write copy
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
1211000
|
unkown
|
page execute and write copy
|
||
|
306E000
|
stack
|
page read and write
|
||
|
4F33000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DB0000
|
direct allocation
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
137F000
|
heap
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
32AF000
|
stack
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
1196000
|
unkown
|
page execute and write copy
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
112A000
|
unkown
|
page execute and write copy
|
||
|
366F000
|
stack
|
page read and write
|
||
|
5260000
|
heap
|
page execute and read and write
|
||
|
11C2000
|
unkown
|
page execute and read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
1126000
|
unkown
|
page execute and write copy
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
4F3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
511F000
|
stack
|
page read and write
|
||
|
1117000
|
unkown
|
page execute and read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
5371000
|
trusted library allocation
|
page read and write
|
||
|
F66000
|
unkown
|
page write copy
|
||
|
356E000
|
stack
|
page read and write
|
||
|
519C000
|
stack
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
10EE000
|
unkown
|
page execute and read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
6395000
|
trusted library allocation
|
page read and write
|
||
|
11BE000
|
unkown
|
page execute and read and write
|
||
|
4F44000
|
trusted library allocation
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
4F8C000
|
stack
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
136F000
|
heap
|
page read and write
|
||
|
74AE000
|
stack
|
page read and write
|
||
|
11AC000
|
unkown
|
page execute and read and write
|
||
|
1377000
|
heap
|
page read and write
|
||
|
F76000
|
unkown
|
page execute and write copy
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
13C1000
|
heap
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
112D000
|
unkown
|
page execute and write copy
|
||
|
1169000
|
unkown
|
page execute and write copy
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
746D000
|
stack
|
page read and write
|
||
|
4FBB000
|
trusted library allocation
|
page execute and read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
130C000
|
stack
|
page read and write
|
||
|
10D9000
|
unkown
|
page execute and write copy
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
F6A000
|
unkown
|
page execute and read and write
|
||
|
1103000
|
unkown
|
page execute and write copy
|
||
|
11A7000
|
unkown
|
page execute and write copy
|
||
|
6374000
|
trusted library allocation
|
page read and write
|
||
|
138C000
|
heap
|
page read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
117F000
|
unkown
|
page execute and read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
1151000
|
unkown
|
page execute and write copy
|
||
|
112B000
|
unkown
|
page execute and read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
119B000
|
unkown
|
page execute and read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
772F000
|
stack
|
page read and write
|
||
|
1127000
|
unkown
|
page execute and read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
E5E000
|
stack
|
page read and write
|
||
|
4F34000
|
trusted library allocation
|
page read and write
|
||
|
117D000
|
unkown
|
page execute and write copy
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
762E000
|
stack
|
page read and write
|
||
|
4FAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
7520000
|
heap
|
page execute and read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
114D000
|
unkown
|
page execute and write copy
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
114F000
|
unkown
|
page execute and read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
F62000
|
unkown
|
page execute and write copy
|
||
|
11BB000
|
unkown
|
page execute and write copy
|
||
|
F6A000
|
unkown
|
page execute and write copy
|
||
|
442F000
|
stack
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
F60000
|
unkown
|
page read and write
|
||
|
1105000
|
unkown
|
page execute and read and write
|
||
|
2DE7000
|
heap
|
page read and write
|
||
|
4F50000
|
direct allocation
|
page read and write
|
||
|
1211000
|
unkown
|
page execute and write copy
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
4E01000
|
heap
|
page read and write
|
||
|
1220000
|
unkown
|
page execute and write copy
|
||
|
126E000
|
stack
|
page read and write
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
F66000
|
unkown
|
page write copy
|
||
|
1330000
|
heap
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
10D7000
|
unkown
|
page execute and read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
1141000
|
unkown
|
page execute and read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
492F000
|
stack
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
1174000
|
unkown
|
page execute and read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
118E000
|
unkown
|
page execute and read and write
|
||
|
F62000
|
unkown
|
page execute and read and write
|
||
|
6371000
|
trusted library allocation
|
page read and write
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
119C000
|
unkown
|
page execute and write copy
|
||
|
4FA0000
|
direct allocation
|
page execute and read and write
|
||
|
3A2F000
|
stack
|
page read and write
|
||
|
1208000
|
unkown
|
page execute and write copy
|
||
|
1220000
|
unkown
|
page execute and read and write
|
||
|
4F50000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
4DF0000
|
direct allocation
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
776E000
|
stack
|
page read and write
|
There are 190 hidden memdumps, click here to show them.