Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
EA3000
|
unkown
|
page execute and read and write
|
||
|
F0A000
|
unkown
|
page execute and write copy
|
||
|
77F0000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
direct allocation
|
page read and write
|
||
|
F27000
|
unkown
|
page execute and write copy
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
5467000
|
trusted library allocation
|
page execute and read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
183F000
|
stack
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
138E000
|
heap
|
page read and write
|
||
|
CC6000
|
unkown
|
page write copy
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
1412000
|
heap
|
page read and write
|
||
|
6654000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
unkown
|
page read and write
|
||
|
77ED000
|
stack
|
page read and write
|
||
|
CC6000
|
unkown
|
page write copy
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
E67000
|
unkown
|
page execute and read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
E79000
|
unkown
|
page execute and write copy
|
||
|
5434000
|
trusted library allocation
|
page read and write
|
||
|
CC2000
|
unkown
|
page execute and read and write
|
||
|
545A000
|
trusted library allocation
|
page execute and read and write
|
||
|
79E0000
|
heap
|
page execute and read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
CCA000
|
unkown
|
page execute and read and write
|
||
|
F0D000
|
unkown
|
page execute and read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
EB1000
|
unkown
|
page execute and write copy
|
||
|
5460000
|
direct allocation
|
page execute and read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
EDC000
|
unkown
|
page execute and read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
F67000
|
unkown
|
page execute and write copy
|
||
|
F78000
|
unkown
|
page execute and write copy
|
||
|
351F000
|
stack
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
F67000
|
unkown
|
page execute and write copy
|
||
|
355E000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
E5D000
|
unkown
|
page execute and read and write
|
||
|
419F000
|
stack
|
page read and write
|
||
|
5444000
|
trusted library allocation
|
page read and write
|
||
|
13C1000
|
heap
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
13E1000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
796E000
|
stack
|
page read and write
|
||
|
ECE000
|
unkown
|
page execute and write copy
|
||
|
E99000
|
unkown
|
page execute and write copy
|
||
|
441F000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
E7A000
|
unkown
|
page execute and read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
52E0000
|
direct allocation
|
page read and write
|
||
|
F78000
|
unkown
|
page execute and write copy
|
||
|
EED000
|
unkown
|
page execute and write copy
|
||
|
F28000
|
unkown
|
page execute and read and write
|
||
|
3080000
|
direct allocation
|
page read and write
|
||
|
F61000
|
unkown
|
page execute and write copy
|
||
|
1480000
|
heap
|
page read and write
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
CD6000
|
unkown
|
page execute and write copy
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
E38000
|
unkown
|
page execute and read and write
|
||
|
564F000
|
stack
|
page read and write
|
||
|
EB4000
|
unkown
|
page execute and read and write
|
||
|
4E1F000
|
stack
|
page read and write
|
||
|
E90000
|
unkown
|
page execute and read and write
|
||
|
ED1000
|
unkown
|
page execute and write copy
|
||
|
6651000
|
trusted library allocation
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
5430000
|
direct allocation
|
page execute and read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
EC5000
|
unkown
|
page execute and read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
CC0000
|
unkown
|
page readonly
|
||
|
5433000
|
trusted library allocation
|
page execute and read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
553C000
|
stack
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
531B000
|
stack
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
5181000
|
heap
|
page read and write
|
||
|
F76000
|
unkown
|
page execute and write copy
|
||
|
5180000
|
heap
|
page read and write
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
CD5000
|
unkown
|
page execute and read and write
|
||
|
52E0000
|
direct allocation
|
page read and write
|
||
|
EF7000
|
unkown
|
page execute and read and write
|
||
|
E53000
|
unkown
|
page execute and read and write
|
||
|
391E000
|
stack
|
page read and write
|
||
|
E3A000
|
unkown
|
page execute and write copy
|
||
|
319F000
|
stack
|
page read and write
|
||
|
54F0000
|
heap
|
page execute and read and write
|
||
|
F76000
|
unkown
|
page execute and read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
EC3000
|
unkown
|
page execute and write copy
|
||
|
173E000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
EE1000
|
unkown
|
page execute and read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
F02000
|
unkown
|
page execute and read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
E8F000
|
unkown
|
page execute and write copy
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
E69000
|
unkown
|
page execute and read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
EFF000
|
unkown
|
page execute and write copy
|
||
|
CCA000
|
unkown
|
page execute and write copy
|
||
|
ED0000
|
unkown
|
page execute and read and write
|
||
|
E98000
|
unkown
|
page execute and read and write
|
||
|
7BEE000
|
stack
|
page read and write
|
||
|
E66000
|
unkown
|
page execute and write copy
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
5651000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
unkown
|
page execute and read and write
|
||
|
543D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
ED6000
|
unkown
|
page execute and read and write
|
||
|
3097000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
7AEF000
|
stack
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
E68000
|
unkown
|
page execute and write copy
|
||
|
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
EEA000
|
unkown
|
page execute and write copy
|
||
|
E5D000
|
unkown
|
page execute and write copy
|
||
|
409E000
|
stack
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
1339000
|
stack
|
page read and write
|
||
|
546B000
|
trusted library allocation
|
page execute and read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
E91000
|
unkown
|
page execute and write copy
|
||
|
EEC000
|
unkown
|
page execute and read and write
|
||
|
EF1000
|
unkown
|
page execute and write copy
|
||
|
CC2000
|
unkown
|
page execute and write copy
|
||
|
123C000
|
stack
|
page read and write
|
||
|
ED7000
|
unkown
|
page execute and write copy
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
6675000
|
trusted library allocation
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
EDD000
|
unkown
|
page execute and write copy
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
14E4000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
CD4000
|
unkown
|
page execute and write copy
|
There are 200 hidden memdumps, click here to show them.