Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3B4F000
|
stack
|
page read and write
|
||
6A2000
|
unkown
|
page execute and read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48C0000
|
heap
|
page read and write
|
||
6B9000
|
unkown
|
page execute and read and write
|
||
4D40000
|
trusted library allocation
|
page execute and read and write
|
||
5DA1000
|
trusted library allocation
|
page read and write
|
||
49F4000
|
trusted library allocation
|
page read and write
|
||
61C000
|
unkown
|
page execute and write copy
|
||
2B0F000
|
stack
|
page read and write
|
||
70C0000
|
heap
|
page execute and read and write
|
||
CDE000
|
heap
|
page read and write
|
||
4D90000
|
heap
|
page read and write
|
||
F7F000
|
stack
|
page read and write
|
||
4A10000
|
direct allocation
|
page read and write
|
||
730E000
|
stack
|
page read and write
|
||
6F7E000
|
stack
|
page read and write
|
||
699000
|
unkown
|
page execute and read and write
|
||
48C1000
|
heap
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
6C7000
|
unkown
|
page execute and write copy
|
||
2B4E000
|
stack
|
page read and write
|
||
658000
|
unkown
|
page execute and write copy
|
||
48C1000
|
heap
|
page read and write
|
||
3A0F000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
6F3D000
|
stack
|
page read and write
|
||
679000
|
unkown
|
page execute and read and write
|
||
33CF000
|
stack
|
page read and write
|
||
CC1000
|
heap
|
page read and write
|
||
470000
|
unkown
|
page read and write
|
||
49FD000
|
trusted library allocation
|
page execute and read and write
|
||
48C1000
|
heap
|
page read and write
|
||
6A9000
|
unkown
|
page execute and write copy
|
||
48B0000
|
direct allocation
|
page read and write
|
||
2ECF000
|
stack
|
page read and write
|
||
275E000
|
stack
|
page read and write
|
||
5FD000
|
unkown
|
page execute and write copy
|
||
48B0000
|
direct allocation
|
page read and write
|
||
4D60000
|
trusted library allocation
|
page read and write
|
||
49F3000
|
trusted library allocation
|
page execute and read and write
|
||
3F4E000
|
stack
|
page read and write
|
||
4D50000
|
trusted library allocation
|
page read and write
|
||
472000
|
unkown
|
page execute and write copy
|
||
683000
|
unkown
|
page execute and read and write
|
||
48C1000
|
heap
|
page read and write
|
||
2C8E000
|
stack
|
page read and write
|
||
C80000
|
heap
|
page read and write
|
||
4B8B000
|
trusted library allocation
|
page execute and read and write
|
||
47A000
|
unkown
|
page execute and write copy
|
||
4B87000
|
trusted library allocation
|
page execute and read and write
|
||
45C000
|
stack
|
page read and write
|
||
28E0000
|
direct allocation
|
page read and write
|
||
697000
|
unkown
|
page execute and write copy
|
||
4A4C000
|
stack
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
4A6A000
|
trusted library allocation
|
page execute and read and write
|
||
64E000
|
unkown
|
page execute and read and write
|
||
5FB000
|
unkown
|
page execute and read and write
|
||
289B000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
C8A000
|
heap
|
page read and write
|
||
6AB000
|
unkown
|
page execute and read and write
|
||
304E000
|
stack
|
page read and write
|
||
66D000
|
unkown
|
page execute and write copy
|
||
318E000
|
stack
|
page read and write
|
||
61D000
|
unkown
|
page execute and read and write
|
||
AF9000
|
stack
|
page read and write
|
||
612000
|
unkown
|
page execute and write copy
|
||
5FF000
|
unkown
|
page execute and read and write
|
||
48C1000
|
heap
|
page read and write
|
||
2900000
|
heap
|
page read and write
|
||
C8E000
|
heap
|
page read and write
|
||
49C0000
|
trusted library allocation
|
page read and write
|
||
364F000
|
stack
|
page read and write
|
||
72C000
|
unkown
|
page execute and write copy
|
||
65A000
|
unkown
|
page execute and read and write
|
||
47A000
|
unkown
|
page execute and read and write
|
||
693000
|
unkown
|
page execute and write copy
|
||
3C8E000
|
stack
|
page read and write
|
||
790000
|
heap
|
page read and write
|
||
72E000
|
unkown
|
page execute and write copy
|
||
49E0000
|
trusted library allocation
|
page read and write
|
||
C4E000
|
stack
|
page read and write
|
||
4B7E000
|
stack
|
page read and write
|
||
42CF000
|
stack
|
page read and write
|
||
4A10000
|
direct allocation
|
page read and write
|
||
2A0F000
|
stack
|
page read and write
|
||
418F000
|
stack
|
page read and write
|
||
2DCE000
|
stack
|
page read and write
|
||
716000
|
unkown
|
page execute and write copy
|
||
7C0000
|
heap
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
32CE000
|
stack
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
4A60000
|
trusted library allocation
|
page read and write
|
||
71C000
|
unkown
|
page execute and write copy
|
||
70BE000
|
stack
|
page read and write
|
||
300F000
|
stack
|
page read and write
|
||
3DCF000
|
stack
|
page read and write
|
||
470000
|
unkown
|
page readonly
|
||
CC9000
|
heap
|
page read and write
|
||
674000
|
unkown
|
page execute and read and write
|
||
67A000
|
unkown
|
page execute and write copy
|
||
613000
|
unkown
|
page execute and read and write
|
||
7C5000
|
heap
|
page read and write
|
||
354E000
|
stack
|
page read and write
|
||
5DA4000
|
trusted library allocation
|
page read and write
|
||
709000
|
unkown
|
page execute and write copy
|
||
4D30000
|
heap
|
page execute and read and write
|
||
4BA0000
|
trusted library allocation
|
page read and write
|
||
4CEE000
|
stack
|
page read and write
|
||
485000
|
unkown
|
page execute and read and write
|
||
368E000
|
stack
|
page read and write
|
||
C50000
|
heap
|
page read and write
|
||
454F000
|
stack
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
476000
|
unkown
|
page write copy
|
||
28DE000
|
stack
|
page read and write
|
||
71C000
|
unkown
|
page execute and write copy
|
||
607000
|
unkown
|
page execute and read and write
|
||
3B8E000
|
stack
|
page read and write
|
||
4890000
|
heap
|
page read and write
|
||
314F000
|
stack
|
page read and write
|
||
5DC5000
|
trusted library allocation
|
page read and write
|
||
6CB000
|
unkown
|
page execute and read and write
|
||
72C000
|
unkown
|
page execute and read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
404F000
|
stack
|
page read and write
|
||
476000
|
unkown
|
page write copy
|
||
378F000
|
stack
|
page read and write
|
||
3CCE000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
4BA0000
|
direct allocation
|
page execute and read and write
|
||
340E000
|
stack
|
page read and write
|
||
CD1000
|
heap
|
page read and write
|
||
606000
|
unkown
|
page execute and write copy
|
||
48C1000
|
heap
|
page read and write
|
||
472000
|
unkown
|
page execute and read and write
|
||
61B000
|
unkown
|
page execute and read and write
|
||
4D2C000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
350F000
|
stack
|
page read and write
|
||
3F0F000
|
stack
|
page read and write
|
||
390E000
|
stack
|
page read and write
|
||
37CE000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48D0000
|
heap
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
C0E000
|
stack
|
page read and write
|
||
707E000
|
stack
|
page read and write
|
||
4A00000
|
trusted library allocation
|
page read and write
|
||
70A000
|
unkown
|
page execute and read and write
|
||
675000
|
unkown
|
page execute and write copy
|
||
2C4F000
|
stack
|
page read and write
|
||
E7E000
|
stack
|
page read and write
|
||
2D8F000
|
stack
|
page read and write
|
||
6CA000
|
unkown
|
page execute and write copy
|
||
6D8000
|
unkown
|
page execute and read and write
|
||
285F000
|
stack
|
page read and write
|
||
328F000
|
stack
|
page read and write
|
||
408E000
|
stack
|
page read and write
|
||
3E0E000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
440F000
|
stack
|
page read and write
|
||
444E000
|
stack
|
page read and write
|
||
3A4E000
|
stack
|
page read and write
|
||
71CE000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
4A10000
|
direct allocation
|
page read and write
|
||
6B3000
|
unkown
|
page execute and write copy
|
||
72E000
|
unkown
|
page execute and write copy
|
||
2F0E000
|
stack
|
page read and write
|
||
720E000
|
stack
|
page read and write
|
||
5DE000
|
unkown
|
page execute and read and write
|
||
4A70000
|
heap
|
page read and write
|
||
643000
|
unkown
|
page execute and write copy
|
||
484000
|
unkown
|
page execute and write copy
|
||
486000
|
unkown
|
page execute and write copy
|
||
2907000
|
heap
|
page read and write
|
||
6A1000
|
unkown
|
page execute and write copy
|
||
4B80000
|
trusted library allocation
|
page read and write
|
||
430E000
|
stack
|
page read and write
|
||
61A000
|
unkown
|
page execute and write copy
|
||
6D5000
|
unkown
|
page execute and write copy
|
||
48C1000
|
heap
|
page read and write
|
||
4A04000
|
trusted library allocation
|
page read and write
|
||
38CF000
|
stack
|
page read and write
|
||
48B0000
|
direct allocation
|
page read and write
|
||
48C1000
|
heap
|
page read and write
|
||
4A60000
|
direct allocation
|
page execute and read and write
|
||
4BEE000
|
stack
|
page read and write
|
||
41CE000
|
stack
|
page read and write
|
||
5E0000
|
unkown
|
page execute and write copy
|
||
4DA1000
|
trusted library allocation
|
page read and write
|
||
CBF000
|
heap
|
page read and write
|
||
6C9000
|
unkown
|
page execute and read and write
|
||
696000
|
unkown
|
page execute and read and write
|
There are 193 hidden memdumps, click here to show them.