Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1011000
|
unkown
|
page execute and read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
523F000
|
stack
|
page read and write
|
||
|
5097000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
367E000
|
stack
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
137C000
|
heap
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
4F1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
42BF000
|
stack
|
page read and write
|
||
|
3DBF000
|
stack
|
page read and write
|
||
|
EEA000
|
unkown
|
page execute and write copy
|
||
|
1320000
|
heap
|
page read and write
|
||
|
4F30000
|
direct allocation
|
page read and write
|
||
|
D80000
|
unkown
|
page read and write
|
||
|
F9D000
|
unkown
|
page execute and write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
467F000
|
stack
|
page read and write
|
||
|
F65000
|
unkown
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
34FF000
|
stack
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
F80000
|
unkown
|
page execute and write copy
|
||
|
F02000
|
unkown
|
page execute and write copy
|
||
|
50C0000
|
direct allocation
|
page execute and read and write
|
||
|
443E000
|
stack
|
page read and write
|
||
|
4F30000
|
direct allocation
|
page read and write
|
||
|
353E000
|
stack
|
page read and write
|
||
|
F3D000
|
unkown
|
page execute and read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
FA1000
|
unkown
|
page execute and write copy
|
||
|
4F6B000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
F05000
|
unkown
|
page execute and read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
1028000
|
unkown
|
page execute and read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page execute and write copy
|
||
|
746E000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
F9C000
|
unkown
|
page execute and read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
313F000
|
stack
|
page read and write
|
||
|
D8A000
|
unkown
|
page execute and read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
F7C000
|
unkown
|
page execute and write copy
|
||
|
D86000
|
unkown
|
page write copy
|
||
|
135D000
|
heap
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
1019000
|
unkown
|
page execute and write copy
|
||
|
F60000
|
unkown
|
page execute and write copy
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
F3F000
|
unkown
|
page execute and read and write
|
||
|
F7A000
|
unkown
|
page execute and write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
327F000
|
stack
|
page read and write
|
||
|
F01000
|
unkown
|
page execute and read and write
|
||
|
3F3E000
|
stack
|
page read and write
|
||
|
1145000
|
heap
|
page read and write
|
||
|
F62000
|
unkown
|
page execute and read and write
|
||
|
38BF000
|
stack
|
page read and write
|
||
|
3EFF000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
102A000
|
unkown
|
page execute and write copy
|
||
|
F51000
|
unkown
|
page execute and read and write
|
||
|
508A000
|
trusted library allocation
|
page execute and read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
732C000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
FD5000
|
unkown
|
page execute and write copy
|
||
|
5080000
|
direct allocation
|
page execute and read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
3DFE000
|
stack
|
page read and write
|
||
|
4F13000
|
trusted library allocation
|
page execute and read and write
|
||
|
F0E000
|
unkown
|
page execute and read and write
|
||
|
3B3F000
|
stack
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
6254000
|
trusted library allocation
|
page read and write
|
||
|
F9A000
|
unkown
|
page execute and write copy
|
||
|
38FE000
|
stack
|
page read and write
|
||
|
FBA000
|
unkown
|
page execute and read and write
|
||
|
39FF000
|
stack
|
page read and write
|
||
|
4F30000
|
direct allocation
|
page read and write
|
||
|
FA7000
|
unkown
|
page execute and read and write
|
||
|
513E000
|
stack
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
75AE000
|
stack
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
F7B000
|
unkown
|
page execute and read and write
|
||
|
363F000
|
stack
|
page read and write
|
||
|
D82000
|
unkown
|
page execute and write copy
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
D80000
|
unkown
|
page readonly
|
||
|
1019000
|
unkown
|
page execute and write copy
|
||
|
3C7F000
|
stack
|
page read and write
|
||
|
4F00000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
FA0000
|
unkown
|
page execute and read and write
|
||
|
742D000
|
stack
|
page read and write
|
||
|
132A000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
457E000
|
stack
|
page read and write
|
||
|
F8D000
|
unkown
|
page execute and write copy
|
||
|
509B000
|
trusted library allocation
|
page execute and read and write
|
||
|
F26000
|
unkown
|
page execute and read and write
|
||
|
13AF000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
47BF000
|
stack
|
page read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
4F24000
|
trusted library allocation
|
page read and write
|
||
|
506F000
|
stack
|
page read and write
|
||
|
102A000
|
unkown
|
page execute and write copy
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
41BE000
|
stack
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
75EE000
|
stack
|
page read and write
|
||
|
4F14000
|
trusted library allocation
|
page read and write
|
||
|
F3C000
|
unkown
|
page execute and write copy
|
||
|
43FF000
|
stack
|
page read and write
|
||
|
FC8000
|
unkown
|
page execute and write copy
|
||
|
42FE000
|
stack
|
page read and write
|
||
|
6275000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
heap
|
page execute and read and write
|
||
|
D96000
|
unkown
|
page execute and write copy
|
||
|
453F000
|
stack
|
page read and write
|
||
|
F66000
|
unkown
|
page execute and write copy
|
||
|
403F000
|
stack
|
page read and write
|
||
|
3B7E000
|
stack
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
D8A000
|
unkown
|
page execute and write copy
|
||
|
124F000
|
stack
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page execute and read and write
|
||
|
7430000
|
trusted library allocation
|
page read and write
|
||
|
F63000
|
unkown
|
page execute and write copy
|
||
|
FCA000
|
unkown
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
37BE000
|
stack
|
page read and write
|
||
|
5251000
|
trusted library allocation
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
3CBE000
|
stack
|
page read and write
|
||
|
1028000
|
unkown
|
page execute and write copy
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
F7F000
|
unkown
|
page execute and read and write
|
||
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE8000
|
unkown
|
page execute and read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
F25000
|
unkown
|
page execute and write copy
|
||
|
377F000
|
stack
|
page read and write
|
||
|
113D000
|
stack
|
page read and write
|
||
|
F8E000
|
unkown
|
page execute and read and write
|
||
|
317E000
|
stack
|
page read and write
|
||
|
F85000
|
unkown
|
page execute and read and write
|
||
|
F0C000
|
unkown
|
page execute and write copy
|
||
|
D86000
|
unkown
|
page write copy
|
||
|
417F000
|
stack
|
page read and write
|
||
|
407E000
|
stack
|
page read and write
|
||
|
6251000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1010000
|
unkown
|
page execute and write copy
|
||
|
D82000
|
unkown
|
page execute and read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
132E000
|
heap
|
page read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
F68000
|
unkown
|
page execute and read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
FB8000
|
unkown
|
page execute and write copy
|
||
|
1367000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
4DE1000
|
heap
|
page read and write
|
||
|
FD9000
|
unkown
|
page execute and read and write
|
||
|
135F000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page read and write
|
There are 195 hidden memdumps, click here to show them.