Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3F0F000
|
stack
|
page read and write
|
||
3C5000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
2FD000
|
unkown
|
page execute and read and write
|
||
2407000
|
heap
|
page read and write
|
||
478E000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
417000
|
unkown
|
page execute and write copy
|
||
48DD000
|
trusted library allocation
|
page execute and read and write
|
||
44F0000
|
heap
|
page read and write
|
||
17A000
|
unkown
|
page execute and write copy
|
||
23CC000
|
stack
|
page read and write
|
||
40D000
|
unkown
|
page execute and write copy
|
||
37CE000
|
stack
|
page read and write
|
||
44E1000
|
heap
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
394000
|
unkown
|
page execute and write copy
|
||
288F000
|
stack
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
33CF000
|
stack
|
page read and write
|
||
2B4E000
|
stack
|
page read and write
|
||
3A2000
|
unkown
|
page execute and read and write
|
||
2ECF000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
2B0F000
|
stack
|
page read and write
|
||
365000
|
unkown
|
page execute and read and write
|
||
398000
|
unkown
|
page execute and read and write
|
||
4907000
|
trusted library allocation
|
page execute and read and write
|
||
417000
|
unkown
|
page execute and write copy
|
||
44D0000
|
direct allocation
|
page read and write
|
||
38CF000
|
stack
|
page read and write
|
||
186000
|
unkown
|
page execute and write copy
|
||
345000
|
unkown
|
page execute and write copy
|
||
44D0000
|
direct allocation
|
page read and write
|
||
238E000
|
stack
|
page read and write
|
||
49D0000
|
trusted library allocation
|
page read and write
|
||
44E0000
|
heap
|
page read and write
|
||
120000
|
heap
|
page read and write
|
||
2E6000
|
unkown
|
page execute and write copy
|
||
5C35000
|
trusted library allocation
|
page read and write
|
||
4630000
|
direct allocation
|
page read and write
|
||
176000
|
unkown
|
page write copy
|
||
6D0D000
|
stack
|
page read and write
|
||
328000
|
unkown
|
page execute and read and write
|
||
4A00000
|
heap
|
page read and write
|
||
83E000
|
stack
|
page read and write
|
||
3AA000
|
unkown
|
page execute and write copy
|
||
48FA000
|
trusted library allocation
|
page execute and read and write
|
||
328F000
|
stack
|
page read and write
|
||
278E000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
40E000
|
unkown
|
page execute and read and write
|
||
323000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
49AC000
|
stack
|
page read and write
|
||
3CCE000
|
stack
|
page read and write
|
||
3C8000
|
unkown
|
page execute and read and write
|
||
4680000
|
heap
|
page read and write
|
||
2C8E000
|
stack
|
page read and write
|
||
40F000
|
unkown
|
page execute and write copy
|
||
4900000
|
trusted library allocation
|
page read and write
|
||
3A4E000
|
stack
|
page read and write
|
||
23E0000
|
direct allocation
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
3AE000
|
unkown
|
page execute and read and write
|
||
5C11000
|
trusted library allocation
|
page read and write
|
||
850000
|
heap
|
page read and write
|
||
490B000
|
trusted library allocation
|
page execute and read and write
|
||
264E000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
399000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
3B8E000
|
stack
|
page read and write
|
||
318E000
|
stack
|
page read and write
|
||
381000
|
unkown
|
page execute and write copy
|
||
380000
|
unkown
|
page execute and read and write
|
||
4C00000
|
heap
|
page execute and read and write
|
||
354E000
|
stack
|
page read and write
|
||
87E000
|
heap
|
page read and write
|
||
870000
|
heap
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
304E000
|
stack
|
page read and write
|
||
363000
|
unkown
|
page execute and write copy
|
||
33A000
|
unkown
|
page execute and write copy
|
||
49C0000
|
trusted library allocation
|
page read and write
|
||
37C000
|
unkown
|
page execute and read and write
|
||
170000
|
unkown
|
page readonly
|
||
28CE000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
48E0000
|
trusted library allocation
|
page read and write
|
||
87A000
|
heap
|
page read and write
|
||
5C14000
|
trusted library allocation
|
page read and write
|
||
6F8E000
|
stack
|
page read and write
|
||
426000
|
unkown
|
page execute and write copy
|
||
2E4000
|
unkown
|
page execute and read and write
|
||
30D000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
340E000
|
stack
|
page read and write
|
||
44E1000
|
heap
|
page read and write
|
||
8CD000
|
heap
|
page read and write
|
||
4BF0000
|
heap
|
page execute and read and write
|
||
386000
|
unkown
|
page execute and read and write
|
||
48D3000
|
trusted library allocation
|
page execute and read and write
|
||
350000
|
unkown
|
page execute and read and write
|
||
4BEE000
|
stack
|
page read and write
|
||
8C2000
|
heap
|
page read and write
|
||
44E1000
|
heap
|
page read and write
|
||
AAE000
|
stack
|
page read and write
|
||
312000
|
unkown
|
page execute and read and write
|
||
130000
|
heap
|
page read and write
|
||
2C4F000
|
stack
|
page read and write
|
||
274F000
|
stack
|
page read and write
|
||
8B1000
|
heap
|
page read and write
|
||
35D000
|
unkown
|
page execute and write copy
|
||
2DCE000
|
stack
|
page read and write
|
||
324000
|
unkown
|
page execute and read and write
|
||
39C000
|
unkown
|
page execute and write copy
|
||
361000
|
unkown
|
page execute and read and write
|
||
44E1000
|
heap
|
page read and write
|
||
39B000
|
unkown
|
page execute and read and write
|
||
6F4E000
|
stack
|
page read and write
|
||
44E4000
|
heap
|
page read and write
|
||
350F000
|
stack
|
page read and write
|
||
48E4000
|
trusted library allocation
|
page read and write
|
||
4890000
|
heap
|
page read and write
|
||
466B000
|
stack
|
page read and write
|
||
368E000
|
stack
|
page read and write
|
||
33B000
|
unkown
|
page execute and read and write
|
||
47C0000
|
direct allocation
|
page execute and read and write
|
||
44E1000
|
heap
|
page read and write
|
||
3F4E000
|
stack
|
page read and write
|
||
390E000
|
stack
|
page read and write
|
||
185000
|
unkown
|
page execute and read and write
|
||
3DCF000
|
stack
|
page read and write
|
||
4630000
|
direct allocation
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
4920000
|
trusted library allocation
|
page read and write
|
||
3C8F000
|
stack
|
page read and write
|
||
529000
|
stack
|
page read and write
|
||
17A000
|
unkown
|
page execute and write copy
|
||
172000
|
unkown
|
page execute and read and write
|
||
6E0E000
|
stack
|
page read and write
|
||
44E1000
|
heap
|
page read and write
|
||
325000
|
unkown
|
page execute and write copy
|
||
E0000
|
heap
|
page read and write
|
||
29CF000
|
stack
|
page read and write
|
||
260F000
|
stack
|
page read and write
|
||
17A000
|
unkown
|
page execute and read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
309000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
176000
|
unkown
|
page write copy
|
||
4630000
|
direct allocation
|
page read and write
|
||
3B5000
|
unkown
|
page execute and write copy
|
||
3B7000
|
unkown
|
page execute and read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
404F000
|
stack
|
page read and write
|
||
3A0F000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
48D4000
|
trusted library allocation
|
page read and write
|
||
49B0000
|
trusted library allocation
|
page execute and read and write
|
||
326000
|
unkown
|
page execute and read and write
|
||
250F000
|
stack
|
page read and write
|
||
45E0000
|
trusted library allocation
|
page read and write
|
||
300F000
|
stack
|
page read and write
|
||
172000
|
unkown
|
page execute and write copy
|
||
4790000
|
direct allocation
|
page execute and read and write
|
||
2F0E000
|
stack
|
page read and write
|
||
2D8F000
|
stack
|
page read and write
|
||
37D000
|
unkown
|
page execute and write copy
|
||
BAE000
|
stack
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
6E4E000
|
stack
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
428000
|
unkown
|
page execute and write copy
|
||
2400000
|
heap
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
AC000
|
stack
|
page read and write
|
||
48C0000
|
trusted library allocation
|
page read and write
|
||
184000
|
unkown
|
page execute and write copy
|
||
A6E000
|
stack
|
page read and write
|
||
30B000
|
unkown
|
page execute and read and write
|
||
461E000
|
stack
|
page read and write
|
||
32CE000
|
stack
|
page read and write
|
||
48F0000
|
trusted library allocation
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
8D4000
|
heap
|
page read and write
|
||
378F000
|
stack
|
page read and write
|
||
378000
|
unkown
|
page execute and write copy
|
||
364F000
|
stack
|
page read and write
|
||
428000
|
unkown
|
page execute and write copy
|
||
418F000
|
stack
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
8B9000
|
heap
|
page read and write
|
||
314F000
|
stack
|
page read and write
|
||
708F000
|
stack
|
page read and write
|
||
3E0E000
|
stack
|
page read and write
|
||
3B4F000
|
stack
|
page read and write
|
||
426000
|
unkown
|
page execute and read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
327000
|
unkown
|
page execute and write copy
|
||
E4000
|
heap
|
page read and write
|
||
4501000
|
heap
|
page read and write
|
||
488F000
|
stack
|
page read and write
|
||
4B0F000
|
stack
|
page read and write
|
||
170000
|
unkown
|
page read and write
|
||
408E000
|
stack
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
E4000
|
heap
|
page read and write
|
||
44D0000
|
direct allocation
|
page read and write
|
||
2A0E000
|
stack
|
page read and write
|
||
4C11000
|
trusted library allocation
|
page read and write
|
||
496E000
|
stack
|
page read and write
|
There are 205 hidden memdumps, click here to show them.