Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
473F000
|
stack
|
page read and write
|
||
7CC000
|
stack
|
page read and write
|
||
397F000
|
stack
|
page read and write
|
||
C44000
|
unkown
|
page execute and write copy
|
||
C64000
|
unkown
|
page execute and write copy
|
||
C01000
|
unkown
|
page execute and read and write
|
||
113E000
|
stack
|
page read and write
|
||
40FF000
|
stack
|
page read and write
|
||
383F000
|
stack
|
page read and write
|
||
2D3E000
|
stack
|
page read and write
|
||
423F000
|
stack
|
page read and write
|
||
4D50000
|
trusted library allocation
|
page read and write
|
||
F1E000
|
heap
|
page read and write
|
||
BFA000
|
unkown
|
page execute and read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
4D4D000
|
trusted library allocation
|
page execute and read and write
|
||
734E000
|
stack
|
page read and write
|
||
C25000
|
unkown
|
page execute and write copy
|
||
4BE0000
|
heap
|
page read and write
|
||
5020000
|
heap
|
page execute and read and write
|
||
373E000
|
stack
|
page read and write
|
||
4EDF000
|
stack
|
page read and write
|
||
A25000
|
heap
|
page read and write
|
||
3C3E000
|
stack
|
page read and write
|
||
4D8B000
|
trusted library allocation
|
page execute and read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
61B5000
|
trusted library allocation
|
page read and write
|
||
CDA000
|
unkown
|
page execute and write copy
|
||
C38000
|
unkown
|
page execute and read and write
|
||
4D60000
|
direct allocation
|
page read and write
|
||
3ABF000
|
stack
|
page read and write
|
||
477E000
|
stack
|
page read and write
|
||
4D54000
|
trusted library allocation
|
page read and write
|
||
3BFF000
|
stack
|
page read and write
|
||
3FBF000
|
stack
|
page read and write
|
||
427E000
|
stack
|
page read and write
|
||
A3A000
|
unkown
|
page execute and write copy
|
||
CCA000
|
unkown
|
page execute and write copy
|
||
2BBF000
|
stack
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
BBC000
|
unkown
|
page execute and read and write
|
||
CBC000
|
unkown
|
page execute and write copy
|
||
4F3E000
|
stack
|
page read and write
|
||
BF4000
|
unkown
|
page execute and write copy
|
||
4D70000
|
trusted library allocation
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4D70000
|
direct allocation
|
page execute and read and write
|
||
A20000
|
heap
|
page read and write
|
||
35BF000
|
stack
|
page read and write
|
||
C11000
|
unkown
|
page execute and read and write
|
||
4C11000
|
heap
|
page read and write
|
||
2BFB000
|
stack
|
page read and write
|
||
C39000
|
unkown
|
page execute and write copy
|
||
5080000
|
heap
|
page read and write
|
||
4EF0000
|
trusted library allocation
|
page read and write
|
||
F3C000
|
heap
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
34BE000
|
stack
|
page read and write
|
||
728D000
|
stack
|
page read and write
|
||
A30000
|
unkown
|
page readonly
|
||
7350000
|
heap
|
page execute and read and write
|
||
4D90000
|
heap
|
page read and write
|
||
A46000
|
unkown
|
page execute and write copy
|
||
C52000
|
unkown
|
page execute and write copy
|
||
2FBE000
|
stack
|
page read and write
|
||
CCA000
|
unkown
|
page execute and write copy
|
||
35FE000
|
stack
|
page read and write
|
||
2F7F000
|
stack
|
page read and write
|
||
F6D000
|
heap
|
page read and write
|
||
5030000
|
trusted library allocation
|
page execute and read and write
|
||
127F000
|
stack
|
page read and write
|
||
A3A000
|
unkown
|
page execute and read and write
|
||
F31000
|
heap
|
page read and write
|
||
2A40000
|
heap
|
page read and write
|
||
4D30000
|
trusted library allocation
|
page read and write
|
||
44BF000
|
stack
|
page read and write
|
||
5050000
|
trusted library allocation
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
EEA000
|
heap
|
page read and write
|
||
3EBE000
|
stack
|
page read and write
|
||
30FE000
|
stack
|
page read and write
|
||
4D43000
|
trusted library allocation
|
page execute and read and write
|
||
CD8000
|
unkown
|
page execute and read and write
|
||
4D80000
|
trusted library allocation
|
page read and write
|
||
BFC000
|
unkown
|
page execute and write copy
|
||
5191000
|
trusted library allocation
|
page read and write
|
||
2E3F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4DDC000
|
stack
|
page read and write
|
||
F20000
|
heap
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
6191000
|
trusted library allocation
|
page read and write
|
||
4C20000
|
heap
|
page read and write
|
||
C66000
|
unkown
|
page execute and read and write
|
||
BBA000
|
unkown
|
page execute and write copy
|
||
36FF000
|
stack
|
page read and write
|
||
3AFE000
|
stack
|
page read and write
|
||
BAF000
|
unkown
|
page execute and read and write
|
||
4C11000
|
heap
|
page read and write
|
||
347F000
|
stack
|
page read and write
|
||
C0C000
|
unkown
|
page execute and write copy
|
||
4D60000
|
direct allocation
|
page read and write
|
||
333F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4EF0000
|
direct allocation
|
page execute and read and write
|
||
5040000
|
trusted library allocation
|
page read and write
|
||
4BC0000
|
direct allocation
|
page read and write
|
||
ED0000
|
heap
|
page read and write
|
||
DF0000
|
heap
|
page read and write
|
||
BD6000
|
unkown
|
page execute and read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
3D7E000
|
stack
|
page read and write
|
||
4D10000
|
trusted library allocation
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
C5A000
|
unkown
|
page execute and write copy
|
||
3FFE000
|
stack
|
page read and write
|
||
745E000
|
stack
|
page read and write
|
||
6194000
|
trusted library allocation
|
page read and write
|
||
44FE000
|
stack
|
page read and write
|
||
518F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
CDA000
|
unkown
|
page execute and write copy
|
||
B9F000
|
unkown
|
page execute and write copy
|
||
2A77000
|
heap
|
page read and write
|
||
4D7A000
|
trusted library allocation
|
page execute and read and write
|
||
4D60000
|
direct allocation
|
page read and write
|
||
C2D000
|
unkown
|
page execute and read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
EE0000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
45FF000
|
stack
|
page read and write
|
||
765E000
|
stack
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
2CFF000
|
stack
|
page read and write
|
||
43BE000
|
stack
|
page read and write
|
||
2ABE000
|
stack
|
page read and write
|
||
C53000
|
unkown
|
page execute and read and write
|
||
413E000
|
stack
|
page read and write
|
||
BD1000
|
unkown
|
page execute and write copy
|
||
3D3F000
|
stack
|
page read and write
|
||
387E000
|
stack
|
page read and write
|
||
117E000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
C4A000
|
unkown
|
page execute and read and write
|
||
31FF000
|
stack
|
page read and write
|
||
C5C000
|
unkown
|
page execute and read and write
|
||
755E000
|
stack
|
page read and write
|
||
C47000
|
unkown
|
page execute and read and write
|
||
A36000
|
unkown
|
page write copy
|
||
4D87000
|
trusted library allocation
|
page execute and read and write
|
||
C48000
|
unkown
|
page execute and write copy
|
||
4C11000
|
heap
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
2A70000
|
heap
|
page read and write
|
||
4D44000
|
trusted library allocation
|
page read and write
|
||
A32000
|
unkown
|
page execute and read and write
|
||
463E000
|
stack
|
page read and write
|
||
72CE000
|
stack
|
page read and write
|
||
4C10000
|
heap
|
page read and write
|
||
A32000
|
unkown
|
page execute and write copy
|
||
501C000
|
stack
|
page read and write
|
||
4C00000
|
direct allocation
|
page read and write
|
||
EEE000
|
heap
|
page read and write
|
||
CC0000
|
unkown
|
page execute and write copy
|
||
103E000
|
stack
|
page read and write
|
||
337E000
|
stack
|
page read and write
|
||
B9C000
|
unkown
|
page execute and read and write
|
||
BBC000
|
unkown
|
page execute and write copy
|
||
DD9000
|
stack
|
page read and write
|
||
323E000
|
stack
|
page read and write
|
||
C35000
|
unkown
|
page execute and write copy
|
||
4C11000
|
heap
|
page read and write
|
||
CBF000
|
unkown
|
page execute and read and write
|
||
39BE000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
487F000
|
stack
|
page read and write
|
||
A36000
|
unkown
|
page write copy
|
||
4C00000
|
direct allocation
|
page read and write
|
||
30BF000
|
stack
|
page read and write
|
||
437F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
730E000
|
stack
|
page read and write
|
||
3E7F000
|
stack
|
page read and write
|
||
C3E000
|
unkown
|
page execute and read and write
|
||
BCF000
|
unkown
|
page execute and write copy
|
||
2E7E000
|
stack
|
page read and write
|
||
CD8000
|
unkown
|
page execute and write copy
|
||
BD0000
|
unkown
|
page execute and read and write
|
There are 184 hidden memdumps, click here to show them.