IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
CSV text
dropped
malicious

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
DisableNotifications
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AUOptions
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoRebootWithLoggedOnUsers
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
UseWUServer
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotConnectToWindowsUpdateInternetLocations
malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
TamperProtection

Memdumps

Base Address
Regiontype
Protect
Malicious
3F0F000
stack
page read and write
3C5000
unkown
page execute and write copy
E4000
heap
page read and write
2FD000
unkown
page execute and read and write
2407000
heap
page read and write
478E000
stack
page read and write
E4000
heap
page read and write
417000
unkown
page execute and write copy
48DD000
trusted library allocation
page execute and read and write
44F0000
heap
page read and write
17A000
unkown
page execute and write copy
23CC000
stack
page read and write
40D000
unkown
page execute and write copy
37CE000
stack
page read and write
44E1000
heap
page read and write
E4000
heap
page read and write
394000
unkown
page execute and write copy
288F000
stack
page read and write
44D0000
direct allocation
page read and write
33CF000
stack
page read and write
2B4E000
stack
page read and write
3A2000
unkown
page execute and read and write
2ECF000
stack
page read and write
E4000
heap
page read and write
44D0000
direct allocation
page read and write
2B0F000
stack
page read and write
365000
unkown
page execute and read and write
398000
unkown
page execute and read and write
4907000
trusted library allocation
page execute and read and write
417000
unkown
page execute and write copy
44D0000
direct allocation
page read and write
38CF000
stack
page read and write
186000
unkown
page execute and write copy
345000
unkown
page execute and write copy
44D0000
direct allocation
page read and write
238E000
stack
page read and write
49D0000
trusted library allocation
page read and write
44E0000
heap
page read and write
120000
heap
page read and write
2E6000
unkown
page execute and write copy
5C35000
trusted library allocation
page read and write
4630000
direct allocation
page read and write
176000
unkown
page write copy
6D0D000
stack
page read and write
328000
unkown
page execute and read and write
4A00000
heap
page read and write
83E000
stack
page read and write
3AA000
unkown
page execute and write copy
48FA000
trusted library allocation
page execute and read and write
328F000
stack
page read and write
278E000
stack
page read and write
E4000
heap
page read and write
40E000
unkown
page execute and read and write
323000
unkown
page execute and write copy
E4000
heap
page read and write
49AC000
stack
page read and write
3CCE000
stack
page read and write
3C8000
unkown
page execute and read and write
4680000
heap
page read and write
2C8E000
stack
page read and write
40F000
unkown
page execute and write copy
4900000
trusted library allocation
page read and write
3A4E000
stack
page read and write
23E0000
direct allocation
page read and write
E4000
heap
page read and write
3AE000
unkown
page execute and read and write
5C11000
trusted library allocation
page read and write
850000
heap
page read and write
490B000
trusted library allocation
page execute and read and write
264E000
stack
page read and write
E4000
heap
page read and write
399000
unkown
page execute and write copy
E4000
heap
page read and write
3B8E000
stack
page read and write
318E000
stack
page read and write
381000
unkown
page execute and write copy
380000
unkown
page execute and read and write
4C00000
heap
page execute and read and write
354E000
stack
page read and write
87E000
heap
page read and write
870000
heap
page read and write
E4000
heap
page read and write
304E000
stack
page read and write
363000
unkown
page execute and write copy
33A000
unkown
page execute and write copy
49C0000
trusted library allocation
page read and write
37C000
unkown
page execute and read and write
170000
unkown
page readonly
28CE000
stack
page read and write
E4000
heap
page read and write
48E0000
trusted library allocation
page read and write
87A000
heap
page read and write
5C14000
trusted library allocation
page read and write
6F8E000
stack
page read and write
426000
unkown
page execute and write copy
2E4000
unkown
page execute and read and write
30D000
unkown
page execute and write copy
E4000
heap
page read and write
340E000
stack
page read and write
44E1000
heap
page read and write
8CD000
heap
page read and write
4BF0000
heap
page execute and read and write
386000
unkown
page execute and read and write
48D3000
trusted library allocation
page execute and read and write
350000
unkown
page execute and read and write
4BEE000
stack
page read and write
8C2000
heap
page read and write
44E1000
heap
page read and write
AAE000
stack
page read and write
312000
unkown
page execute and read and write
130000
heap
page read and write
2C4F000
stack
page read and write
274F000
stack
page read and write
8B1000
heap
page read and write
35D000
unkown
page execute and write copy
2DCE000
stack
page read and write
324000
unkown
page execute and read and write
39C000
unkown
page execute and write copy
361000
unkown
page execute and read and write
44E1000
heap
page read and write
39B000
unkown
page execute and read and write
6F4E000
stack
page read and write
44E4000
heap
page read and write
350F000
stack
page read and write
48E4000
trusted library allocation
page read and write
4890000
heap
page read and write
466B000
stack
page read and write
368E000
stack
page read and write
33B000
unkown
page execute and read and write
47C0000
direct allocation
page execute and read and write
44E1000
heap
page read and write
3F4E000
stack
page read and write
390E000
stack
page read and write
185000
unkown
page execute and read and write
3DCF000
stack
page read and write
4630000
direct allocation
page read and write
44D0000
direct allocation
page read and write
4920000
trusted library allocation
page read and write
3C8F000
stack
page read and write
529000
stack
page read and write
17A000
unkown
page execute and write copy
172000
unkown
page execute and read and write
6E0E000
stack
page read and write
44E1000
heap
page read and write
325000
unkown
page execute and write copy
E0000
heap
page read and write
29CF000
stack
page read and write
260F000
stack
page read and write
17A000
unkown
page execute and read and write
44D0000
direct allocation
page read and write
309000
unkown
page execute and write copy
E4000
heap
page read and write
176000
unkown
page write copy
4630000
direct allocation
page read and write
3B5000
unkown
page execute and write copy
3B7000
unkown
page execute and read and write
44D0000
direct allocation
page read and write
404F000
stack
page read and write
3A0F000
stack
page read and write
E4000
heap
page read and write
48D4000
trusted library allocation
page read and write
49B0000
trusted library allocation
page execute and read and write
326000
unkown
page execute and read and write
250F000
stack
page read and write
45E0000
trusted library allocation
page read and write
300F000
stack
page read and write
172000
unkown
page execute and write copy
4790000
direct allocation
page execute and read and write
2F0E000
stack
page read and write
2D8F000
stack
page read and write
37D000
unkown
page execute and write copy
BAE000
stack
page read and write
44D0000
direct allocation
page read and write
6E4E000
stack
page read and write
E4000
heap
page read and write
428000
unkown
page execute and write copy
2400000
heap
page read and write
44D0000
direct allocation
page read and write
AC000
stack
page read and write
48C0000
trusted library allocation
page read and write
184000
unkown
page execute and write copy
A6E000
stack
page read and write
30B000
unkown
page execute and read and write
461E000
stack
page read and write
32CE000
stack
page read and write
48F0000
trusted library allocation
page read and write
44D0000
direct allocation
page read and write
E4000
heap
page read and write
8D4000
heap
page read and write
378F000
stack
page read and write
378000
unkown
page execute and write copy
364F000
stack
page read and write
428000
unkown
page execute and write copy
418F000
stack
page read and write
44D0000
direct allocation
page read and write
8B9000
heap
page read and write
314F000
stack
page read and write
708F000
stack
page read and write
3E0E000
stack
page read and write
3B4F000
stack
page read and write
426000
unkown
page execute and read and write
44D0000
direct allocation
page read and write
327000
unkown
page execute and write copy
E4000
heap
page read and write
4501000
heap
page read and write
488F000
stack
page read and write
4B0F000
stack
page read and write
170000
unkown
page read and write
408E000
stack
page read and write
44D0000
direct allocation
page read and write
E4000
heap
page read and write
44D0000
direct allocation
page read and write
2A0E000
stack
page read and write
4C11000
trusted library allocation
page read and write
496E000
stack
page read and write
There are 205 hidden memdumps, click here to show them.