Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
4F80000
|
direct allocation
|
page read and write
|
||
1349000
|
heap
|
page read and write
|
||
4F91000
|
heap
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
610000
|
unkown
|
page execute and write copy
|
||
52C0000
|
trusted library allocation
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
1341000
|
heap
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
528000
|
unkown
|
page execute and read and write
|
||
396000
|
unkown
|
page execute and write copy
|
||
433F000
|
stack
|
page read and write
|
||
5260000
|
trusted library allocation
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
1300000
|
heap
|
page read and write
|
||
54B1000
|
trusted library allocation
|
page read and write
|
||
40BF000
|
stack
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
487E000
|
stack
|
page read and write
|
||
3CFF000
|
stack
|
page read and write
|
||
525000
|
unkown
|
page execute and read and write
|
||
64B1000
|
trusted library allocation
|
page read and write
|
||
78BE000
|
stack
|
page read and write
|
||
768E000
|
stack
|
page read and write
|
||
45FE000
|
stack
|
page read and write
|
||
52B0000
|
trusted library allocation
|
page read and write
|
||
357F000
|
stack
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
3FBE000
|
stack
|
page read and write
|
||
628000
|
unkown
|
page execute and write copy
|
||
44BE000
|
stack
|
page read and write
|
||
628000
|
unkown
|
page execute and write copy
|
||
163F000
|
stack
|
page read and write
|
||
307F000
|
stack
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
5A0000
|
unkown
|
page execute and read and write
|
||
510000
|
unkown
|
page execute and write copy
|
||
138E000
|
heap
|
page read and write
|
||
41FF000
|
stack
|
page read and write
|
||
3E7E000
|
stack
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
37FF000
|
stack
|
page read and write
|
||
2E70000
|
heap
|
page read and write
|
||
593000
|
unkown
|
page execute and read and write
|
||
2E77000
|
heap
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
616000
|
unkown
|
page execute and write copy
|
||
30BE000
|
stack
|
page read and write
|
||
12DE000
|
stack
|
page read and write
|
||
50E0000
|
direct allocation
|
page read and write
|
||
5120000
|
heap
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
50E0000
|
direct allocation
|
page read and write
|
||
584000
|
unkown
|
page execute and read and write
|
||
133F000
|
heap
|
page read and write
|
||
382000
|
unkown
|
page execute and read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
79FE000
|
stack
|
page read and write
|
||
510000
|
unkown
|
page execute and read and write
|
||
49BE000
|
stack
|
page read and write
|
||
53C000
|
unkown
|
page execute and write copy
|
||
5243000
|
trusted library allocation
|
page execute and read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
153E000
|
stack
|
page read and write
|
||
54AE000
|
stack
|
page read and write
|
||
423E000
|
stack
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
4E6000
|
unkown
|
page execute and read and write
|
||
5090000
|
heap
|
page read and write
|
||
517000
|
unkown
|
page execute and read and write
|
||
5BB000
|
unkown
|
page execute and read and write
|
||
1180000
|
heap
|
page read and write
|
||
4F91000
|
heap
|
page read and write
|
||
566000
|
unkown
|
page execute and read and write
|
||
1194000
|
heap
|
page read and write
|
||
38A000
|
unkown
|
page execute and read and write
|
||
579000
|
unkown
|
page execute and write copy
|
||
4F91000
|
heap
|
page read and write
|
||
35BE000
|
stack
|
page read and write
|
||
560000
|
unkown
|
page execute and write copy
|
||
40FE000
|
stack
|
page read and write
|
||
3ABE000
|
stack
|
page read and write
|
||
58F000
|
unkown
|
page execute and write copy
|
||
497F000
|
stack
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
5250000
|
trusted library allocation
|
page read and write
|
||
562000
|
unkown
|
page execute and read and write
|
||
483F000
|
stack
|
page read and write
|
||
3D3E000
|
stack
|
page read and write
|
||
380000
|
unkown
|
page readonly
|
||
535C000
|
stack
|
page read and write
|
||
5254000
|
trusted library allocation
|
page read and write
|
||
764D000
|
stack
|
page read and write
|
||
45BF000
|
stack
|
page read and write
|
||
130A000
|
heap
|
page read and write
|
||
524D000
|
trusted library allocation
|
page execute and read and write
|
||
4FA0000
|
heap
|
page read and write
|
||
135E000
|
heap
|
page read and write
|
||
31BF000
|
stack
|
page read and write
|
||
36FE000
|
stack
|
page read and write
|
||
53A0000
|
heap
|
page execute and read and write
|
||
2E1E000
|
stack
|
page read and write
|
||
5B0000
|
unkown
|
page execute and read and write
|
||
1194000
|
heap
|
page read and write
|
||
31FE000
|
stack
|
page read and write
|
||
5270000
|
trusted library allocation
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
5270000
|
direct allocation
|
page execute and read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
2E5B000
|
stack
|
page read and write
|
||
4F60000
|
direct allocation
|
page read and write
|
||
3A7F000
|
stack
|
page read and write
|
||
3BBF000
|
stack
|
page read and write
|
||
38A000
|
unkown
|
page execute and write copy
|
||
1194000
|
heap
|
page read and write
|
||
53D000
|
unkown
|
page execute and read and write
|
||
502000
|
unkown
|
page execute and read and write
|
||
52A0000
|
trusted library allocation
|
page execute and read and write
|
||
626000
|
unkown
|
page execute and write copy
|
||
4F80000
|
direct allocation
|
page read and write
|
||
5277000
|
trusted library allocation
|
page execute and read and write
|
||
3E3F000
|
stack
|
page read and write
|
||
386000
|
unkown
|
page write copy
|
||
1194000
|
heap
|
page read and write
|
||
527B000
|
trusted library allocation
|
page execute and read and write
|
||
540000
|
unkown
|
page execute and write copy
|
||
5244000
|
trusted library allocation
|
page read and write
|
||
473E000
|
stack
|
page read and write
|
||
616000
|
unkown
|
page execute and write copy
|
||
5AF000
|
unkown
|
page execute and write copy
|
||
59B000
|
unkown
|
page execute and write copy
|
||
1194000
|
heap
|
page read and write
|
||
386000
|
unkown
|
page write copy
|
||
382000
|
unkown
|
page execute and write copy
|
||
4E8000
|
unkown
|
page execute and write copy
|
||
4F91000
|
heap
|
page read and write
|
||
5240000
|
direct allocation
|
page execute and read and write
|
||
2F7F000
|
stack
|
page read and write
|
||
447F000
|
stack
|
page read and write
|
||
552000
|
unkown
|
page execute and read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
4ABF000
|
stack
|
page read and write
|
||
393F000
|
stack
|
page read and write
|
||
46FF000
|
stack
|
page read and write
|
||
1190000
|
heap
|
page read and write
|
||
5B8000
|
unkown
|
page execute and write copy
|
||
522E000
|
stack
|
page read and write
|
||
383E000
|
stack
|
page read and write
|
||
563000
|
unkown
|
page execute and write copy
|
||
4AFE000
|
stack
|
page read and write
|
||
130E000
|
heap
|
page read and write
|
||
64B4000
|
trusted library allocation
|
page read and write
|
||
2E60000
|
heap
|
page read and write
|
||
626000
|
unkown
|
page execute and read and write
|
||
57F000
|
unkown
|
page execute and write copy
|
||
36BF000
|
stack
|
page read and write
|
||
14FE000
|
stack
|
page read and write
|
||
57E000
|
unkown
|
page execute and read and write
|
||
1194000
|
heap
|
page read and write
|
||
512000
|
unkown
|
page execute and write copy
|
||
4BFF000
|
stack
|
page read and write
|
||
50D0000
|
trusted library allocation
|
page read and write
|
||
50E0000
|
direct allocation
|
page read and write
|
||
397E000
|
stack
|
page read and write
|
||
78FE000
|
stack
|
page read and write
|
||
4F90000
|
heap
|
page read and write
|
||
347E000
|
stack
|
page read and write
|
||
64D5000
|
trusted library allocation
|
page read and write
|
||
3F7F000
|
stack
|
page read and write
|
||
343F000
|
stack
|
page read and write
|
||
32FF000
|
stack
|
page read and write
|
||
1270000
|
heap
|
page read and write
|
||
5290000
|
trusted library allocation
|
page read and write
|
||
4F80000
|
direct allocation
|
page read and write
|
||
1139000
|
stack
|
page read and write
|
||
76B0000
|
heap
|
page execute and read and write
|
||
77BE000
|
stack
|
page read and write
|
||
333E000
|
stack
|
page read and write
|
||
527000
|
unkown
|
page execute and write copy
|
||
524000
|
unkown
|
page execute and write copy
|
||
437E000
|
stack
|
page read and write
|
||
526A000
|
trusted library allocation
|
page execute and read and write
|
||
52D0000
|
heap
|
page read and write
|
||
3BFE000
|
stack
|
page read and write
|
||
4F91000
|
heap
|
page read and write
|
||
103C000
|
stack
|
page read and write
|
||
511B000
|
stack
|
page read and write
|
||
380000
|
unkown
|
page read and write
|
||
5090000
|
trusted library allocation
|
page read and write
|
||
531E000
|
stack
|
page read and write
|
||
1194000
|
heap
|
page read and write
|
||
539E000
|
stack
|
page read and write
|
There are 187 hidden memdumps, click here to show them.