IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
3B4F000
stack
page read and write
6A2000
unkown
page execute and read and write
48B0000
direct allocation
page read and write
48C0000
heap
page read and write
6B9000
unkown
page execute and read and write
4D40000
trusted library allocation
page execute and read and write
5DA1000
trusted library allocation
page read and write
49F4000
trusted library allocation
page read and write
61C000
unkown
page execute and write copy
2B0F000
stack
page read and write
70C0000
heap
page execute and read and write
CDE000
heap
page read and write
4D90000
heap
page read and write
F7F000
stack
page read and write
4A10000
direct allocation
page read and write
730E000
stack
page read and write
6F7E000
stack
page read and write
699000
unkown
page execute and read and write
48C1000
heap
page read and write
48C1000
heap
page read and write
6C7000
unkown
page execute and write copy
2B4E000
stack
page read and write
658000
unkown
page execute and write copy
48C1000
heap
page read and write
3A0F000
stack
page read and write
48B0000
direct allocation
page read and write
48C1000
heap
page read and write
6F3D000
stack
page read and write
679000
unkown
page execute and read and write
33CF000
stack
page read and write
CC1000
heap
page read and write
470000
unkown
page read and write
49FD000
trusted library allocation
page execute and read and write
48C1000
heap
page read and write
6A9000
unkown
page execute and write copy
48B0000
direct allocation
page read and write
2ECF000
stack
page read and write
275E000
stack
page read and write
5FD000
unkown
page execute and write copy
48B0000
direct allocation
page read and write
4D60000
trusted library allocation
page read and write
49F3000
trusted library allocation
page execute and read and write
3F4E000
stack
page read and write
4D50000
trusted library allocation
page read and write
472000
unkown
page execute and write copy
683000
unkown
page execute and read and write
48C1000
heap
page read and write
2C8E000
stack
page read and write
C80000
heap
page read and write
4B8B000
trusted library allocation
page execute and read and write
47A000
unkown
page execute and write copy
4B87000
trusted library allocation
page execute and read and write
45C000
stack
page read and write
28E0000
direct allocation
page read and write
697000
unkown
page execute and write copy
4A4C000
stack
page read and write
48C1000
heap
page read and write
48B0000
direct allocation
page read and write
4A6A000
trusted library allocation
page execute and read and write
64E000
unkown
page execute and read and write
5FB000
unkown
page execute and read and write
289B000
stack
page read and write
48B0000
direct allocation
page read and write
48C1000
heap
page read and write
C8A000
heap
page read and write
6AB000
unkown
page execute and read and write
304E000
stack
page read and write
66D000
unkown
page execute and write copy
318E000
stack
page read and write
61D000
unkown
page execute and read and write
AF9000
stack
page read and write
612000
unkown
page execute and write copy
5FF000
unkown
page execute and read and write
48C1000
heap
page read and write
2900000
heap
page read and write
C8E000
heap
page read and write
49C0000
trusted library allocation
page read and write
364F000
stack
page read and write
72C000
unkown
page execute and write copy
65A000
unkown
page execute and read and write
47A000
unkown
page execute and read and write
693000
unkown
page execute and write copy
3C8E000
stack
page read and write
790000
heap
page read and write
72E000
unkown
page execute and write copy
49E0000
trusted library allocation
page read and write
C4E000
stack
page read and write
4B7E000
stack
page read and write
42CF000
stack
page read and write
4A10000
direct allocation
page read and write
2A0F000
stack
page read and write
418F000
stack
page read and write
2DCE000
stack
page read and write
716000
unkown
page execute and write copy
7C0000
heap
page read and write
48C1000
heap
page read and write
48C1000
heap
page read and write
32CE000
stack
page read and write
7A0000
heap
page read and write
4A60000
trusted library allocation
page read and write
71C000
unkown
page execute and write copy
70BE000
stack
page read and write
300F000
stack
page read and write
3DCF000
stack
page read and write
470000
unkown
page readonly
CC9000
heap
page read and write
674000
unkown
page execute and read and write
67A000
unkown
page execute and write copy
613000
unkown
page execute and read and write
7C5000
heap
page read and write
354E000
stack
page read and write
5DA4000
trusted library allocation
page read and write
709000
unkown
page execute and write copy
4D30000
heap
page execute and read and write
4BA0000
trusted library allocation
page read and write
4CEE000
stack
page read and write
485000
unkown
page execute and read and write
368E000
stack
page read and write
C50000
heap
page read and write
454F000
stack
page read and write
48C1000
heap
page read and write
476000
unkown
page write copy
28DE000
stack
page read and write
71C000
unkown
page execute and write copy
607000
unkown
page execute and read and write
3B8E000
stack
page read and write
4890000
heap
page read and write
314F000
stack
page read and write
5DC5000
trusted library allocation
page read and write
6CB000
unkown
page execute and read and write
72C000
unkown
page execute and read and write
48B0000
direct allocation
page read and write
404F000
stack
page read and write
476000
unkown
page write copy
378F000
stack
page read and write
3CCE000
stack
page read and write
48B0000
direct allocation
page read and write
4BA0000
direct allocation
page execute and read and write
340E000
stack
page read and write
CD1000
heap
page read and write
606000
unkown
page execute and write copy
48C1000
heap
page read and write
472000
unkown
page execute and read and write
61B000
unkown
page execute and read and write
4D2C000
stack
page read and write
48B0000
direct allocation
page read and write
350F000
stack
page read and write
3F0F000
stack
page read and write
390E000
stack
page read and write
37CE000
stack
page read and write
48B0000
direct allocation
page read and write
48D0000
heap
page read and write
48B0000
direct allocation
page read and write
C0E000
stack
page read and write
707E000
stack
page read and write
4A00000
trusted library allocation
page read and write
70A000
unkown
page execute and read and write
675000
unkown
page execute and write copy
2C4F000
stack
page read and write
E7E000
stack
page read and write
2D8F000
stack
page read and write
6CA000
unkown
page execute and write copy
6D8000
unkown
page execute and read and write
285F000
stack
page read and write
328F000
stack
page read and write
408E000
stack
page read and write
3E0E000
stack
page read and write
48B0000
direct allocation
page read and write
48C1000
heap
page read and write
440F000
stack
page read and write
444E000
stack
page read and write
3A4E000
stack
page read and write
71CE000
stack
page read and write
48B0000
direct allocation
page read and write
4A10000
direct allocation
page read and write
6B3000
unkown
page execute and write copy
72E000
unkown
page execute and write copy
2F0E000
stack
page read and write
720E000
stack
page read and write
5DE000
unkown
page execute and read and write
4A70000
heap
page read and write
643000
unkown
page execute and write copy
484000
unkown
page execute and write copy
486000
unkown
page execute and write copy
2907000
heap
page read and write
6A1000
unkown
page execute and write copy
4B80000
trusted library allocation
page read and write
430E000
stack
page read and write
61A000
unkown
page execute and write copy
6D5000
unkown
page execute and write copy
48C1000
heap
page read and write
4A04000
trusted library allocation
page read and write
38CF000
stack
page read and write
48B0000
direct allocation
page read and write
48C1000
heap
page read and write
4A60000
direct allocation
page execute and read and write
4BEE000
stack
page read and write
41CE000
stack
page read and write
5E0000
unkown
page execute and write copy
4DA1000
trusted library allocation
page read and write
CBF000
heap
page read and write
6C9000
unkown
page execute and read and write
696000
unkown
page execute and read and write
There are 193 hidden memdumps, click here to show them.