Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2C70000
|
direct allocation
|
page read and write
|
||
DFE000
|
stack
|
page read and write
|
||
2D8F000
|
stack
|
page read and write
|
||
DA2000
|
unkown
|
page execute and write copy
|
||
A69000
|
stack
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
33CF000
|
stack
|
page read and write
|
||
D04000
|
unkown
|
page execute and read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
418F000
|
stack
|
page read and write
|
||
4EF0000
|
trusted library allocation
|
page read and write
|
||
480E000
|
stack
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
D3A000
|
unkown
|
page execute and write copy
|
||
DBA000
|
unkown
|
page execute and write copy
|
||
B10000
|
unkown
|
page readonly
|
||
CF6000
|
unkown
|
page execute and read and write
|
||
96C000
|
stack
|
page read and write
|
||
2ECF000
|
stack
|
page read and write
|
||
D11000
|
unkown
|
page execute and read and write
|
||
42CF000
|
stack
|
page read and write
|
||
3F4E000
|
stack
|
page read and write
|
||
CCD000
|
unkown
|
page execute and read and write
|
||
50DE000
|
stack
|
page read and write
|
||
390E000
|
stack
|
page read and write
|
||
507B000
|
trusted library allocation
|
page execute and read and write
|
||
CAF000
|
unkown
|
page execute and read and write
|
||
529E000
|
stack
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
1095000
|
heap
|
page read and write
|
||
5180000
|
trusted library allocation
|
page execute and read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
DA0000
|
unkown
|
page execute and write copy
|
||
4DB1000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
318E000
|
stack
|
page read and write
|
||
454F000
|
stack
|
page read and write
|
||
DA9000
|
unkown
|
page execute and write copy
|
||
4F00000
|
direct allocation
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
CCC000
|
unkown
|
page execute and write copy
|
||
300F000
|
stack
|
page read and write
|
||
3E0E000
|
stack
|
page read and write
|
||
C9B000
|
unkown
|
page execute and read and write
|
||
37CE000
|
stack
|
page read and write
|
||
CB3000
|
unkown
|
page execute and read and write
|
||
440F000
|
stack
|
page read and write
|
||
4EED000
|
trusted library allocation
|
page execute and read and write
|
||
490F000
|
stack
|
page read and write
|
||
5077000
|
trusted library allocation
|
page execute and read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
4D90000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
458E000
|
stack
|
page read and write
|
||
D29000
|
unkown
|
page execute and write copy
|
||
AE0000
|
heap
|
page read and write
|
||
4EB0000
|
trusted library allocation
|
page read and write
|
||
B12000
|
unkown
|
page execute and write copy
|
||
2C70000
|
direct allocation
|
page read and write
|
||
4EE4000
|
trusted library allocation
|
page read and write
|
||
4DB0000
|
heap
|
page read and write
|
||
430E000
|
stack
|
page read and write
|
||
5190000
|
heap
|
page read and write
|
||
404F000
|
stack
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
408E000
|
stack
|
page read and write
|
||
46CE000
|
stack
|
page read and write
|
||
5090000
|
trusted library allocation
|
page read and write
|
||
D47000
|
unkown
|
page execute and read and write
|
||
3CCE000
|
stack
|
page read and write
|
||
41CE000
|
stack
|
page read and write
|
||
5300000
|
heap
|
page execute and read and write
|
||
350F000
|
stack
|
page read and write
|
||
76CE000
|
stack
|
page read and write
|
||
10CE000
|
heap
|
page read and write
|
||
52E0000
|
trusted library allocation
|
page read and write
|
||
328F000
|
stack
|
page read and write
|
||
740D000
|
stack
|
page read and write
|
||
3A0F000
|
stack
|
page read and write
|
||
4F3C000
|
stack
|
page read and write
|
||
D32000
|
unkown
|
page execute and read and write
|
||
C9F000
|
unkown
|
page execute and write copy
|
||
1101000
|
heap
|
page read and write
|
||
4DC0000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
354E000
|
stack
|
page read and write
|
||
B26000
|
unkown
|
page execute and write copy
|
||
103E000
|
stack
|
page read and write
|
||
111E000
|
heap
|
page read and write
|
||
CE0000
|
unkown
|
page execute and read and write
|
||
CF3000
|
unkown
|
page execute and write copy
|
||
4F00000
|
direct allocation
|
page read and write
|
||
D2B000
|
unkown
|
page execute and read and write
|
||
DB8000
|
unkown
|
page execute and write copy
|
||
CAD000
|
unkown
|
page execute and write copy
|
||
1060000
|
heap
|
page read and write
|
||
D0B000
|
unkown
|
page execute and write copy
|
||
314F000
|
stack
|
page read and write
|
||
770E000
|
stack
|
page read and write
|
||
10A0000
|
direct allocation
|
page read and write
|
||
340E000
|
stack
|
page read and write
|
||
744E000
|
stack
|
page read and write
|
||
52DC000
|
stack
|
page read and write
|
||
D3B000
|
unkown
|
page execute and read and write
|
||
5070000
|
trusted library allocation
|
page read and write
|
||
B10000
|
unkown
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
38CF000
|
stack
|
page read and write
|
||
2DCC000
|
stack
|
page read and write
|
||
2C6E000
|
stack
|
page read and write
|
||
4EF4000
|
trusted library allocation
|
page read and write
|
||
B16000
|
unkown
|
page write copy
|
||
3DCF000
|
stack
|
page read and write
|
||
758E000
|
stack
|
page read and write
|
||
2F0E000
|
stack
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
C72000
|
unkown
|
page execute and read and write
|
||
3B8E000
|
stack
|
page read and write
|
||
DB8000
|
unkown
|
page execute and read and write
|
||
114E000
|
heap
|
page read and write
|
||
494E000
|
stack
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
47CF000
|
stack
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
C8E000
|
unkown
|
page execute and read and write
|
||
75C0000
|
heap
|
page execute and read and write
|
||
CCE000
|
unkown
|
page execute and write copy
|
||
10FF000
|
heap
|
page read and write
|
||
754E000
|
stack
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
DA9000
|
unkown
|
page execute and write copy
|
||
6335000
|
trusted library allocation
|
page read and write
|
||
6311000
|
trusted library allocation
|
page read and write
|
||
DA1000
|
unkown
|
page execute and read and write
|
||
10CA000
|
heap
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
B12000
|
unkown
|
page execute and read and write
|
||
D03000
|
unkown
|
page execute and write copy
|
||
4EE3000
|
trusted library allocation
|
page execute and read and write
|
||
B16000
|
unkown
|
page write copy
|
||
D18000
|
unkown
|
page execute and read and write
|
||
503F000
|
stack
|
page read and write
|
||
3B4F000
|
stack
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
1110000
|
heap
|
page read and write
|
||
5050000
|
direct allocation
|
page execute and read and write
|
||
444E000
|
stack
|
page read and write
|
||
4A4F000
|
stack
|
page read and write
|
||
DBA000
|
unkown
|
page execute and write copy
|
||
4ED0000
|
trusted library allocation
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
CB1000
|
unkown
|
page execute and write copy
|
||
B1A000
|
unkown
|
page execute and read and write
|
||
1109000
|
heap
|
page read and write
|
||
C74000
|
unkown
|
page execute and write copy
|
||
5311000
|
trusted library allocation
|
page read and write
|
||
B1A000
|
unkown
|
page execute and write copy
|
||
4F00000
|
direct allocation
|
page read and write
|
||
780E000
|
stack
|
page read and write
|
||
D2C000
|
unkown
|
page execute and write copy
|
||
D13000
|
unkown
|
page execute and write copy
|
||
10C0000
|
heap
|
page read and write
|
||
CA4000
|
unkown
|
page execute and read and write
|
||
3A4E000
|
stack
|
page read and write
|
||
5090000
|
direct allocation
|
page execute and read and write
|
||
2C87000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
468F000
|
stack
|
page read and write
|
||
138E000
|
stack
|
page read and write
|
||
304E000
|
stack
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
364F000
|
stack
|
page read and write
|
||
148E000
|
stack
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
2C70000
|
direct allocation
|
page read and write
|
||
1090000
|
heap
|
page read and write
|
||
378F000
|
stack
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
52F0000
|
trusted library allocation
|
page read and write
|
||
368E000
|
stack
|
page read and write
|
||
6314000
|
trusted library allocation
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
4DB1000
|
heap
|
page read and write
|
||
3C8F000
|
stack
|
page read and write
|
||
3F0F000
|
stack
|
page read and write
|
||
505A000
|
trusted library allocation
|
page execute and read and write
|
||
32CE000
|
stack
|
page read and write
|
||
D45000
|
unkown
|
page execute and write copy
|
||
5060000
|
heap
|
page read and write
|
||
C9A000
|
unkown
|
page execute and write copy
|
There are 183 hidden memdumps, click here to show them.