Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
46C0000
|
trusted library allocation
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
4DD000
|
unkown
|
page execute and write copy
|
||
|
B3F000
|
heap
|
page read and write
|
||
|
5A0000
|
unkown
|
page execute and write copy
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
6D7E000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
4733000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AA4000
|
trusted library allocation
|
page read and write
|
||
|
6F3E000
|
stack
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
32A000
|
unkown
|
page execute and write copy
|
||
|
4910000
|
heap
|
page read and write
|
||
|
5AC5000
|
trusted library allocation
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
6DB0000
|
heap
|
page execute and read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
322000
|
unkown
|
page execute and read and write
|
||
|
2A9F000
|
stack
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
5AF000
|
unkown
|
page execute and read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page execute and read and write
|
||
|
48A000
|
unkown
|
page execute and read and write
|
||
|
4A0000
|
unkown
|
page execute and read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
326000
|
unkown
|
page write copy
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
3D9E000
|
stack
|
page read and write
|
||
|
48A0000
|
trusted library allocation
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
299000
|
stack
|
page read and write
|
||
|
5CA000
|
unkown
|
page execute and write copy
|
||
|
5B9000
|
unkown
|
page execute and write copy
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
5B9000
|
unkown
|
page execute and write copy
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
4E5000
|
unkown
|
page execute and write copy
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
320000
|
unkown
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
4B6000
|
unkown
|
page execute and read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
4734000
|
trusted library allocation
|
page read and write
|
||
|
5AA1000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
549000
|
unkown
|
page execute and read and write
|
||
|
5B0000
|
unkown
|
page execute and write copy
|
||
|
5AB000
|
unkown
|
page execute and write copy
|
||
|
411F000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
48C000
|
unkown
|
page execute and write copy
|
||
|
517000
|
unkown
|
page execute and read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
533000
|
unkown
|
page execute and read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
571000
|
unkown
|
page execute and read and write
|
||
|
B0E000
|
heap
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
48A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
552000
|
unkown
|
page execute and read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
320000
|
unkown
|
page readonly
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
570000
|
unkown
|
page execute and write copy
|
||
|
361E000
|
stack
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
3FDF000
|
stack
|
page read and write
|
||
|
524000
|
unkown
|
page execute and read and write
|
||
|
477C000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
25D7000
|
heap
|
page read and write
|
||
|
48AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
547000
|
unkown
|
page execute and write copy
|
||
|
934000
|
heap
|
page read and write
|
||
|
B47000
|
heap
|
page read and write
|
||
|
6C7E000
|
stack
|
page read and write
|
||
|
B3D000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
50F000
|
unkown
|
page execute and write copy
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
4880000
|
trusted library allocation
|
page read and write
|
||
|
299E000
|
stack
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
514000
|
unkown
|
page execute and write copy
|
||
|
334000
|
unkown
|
page execute and write copy
|
||
|
934000
|
heap
|
page read and write
|
||
|
25C0000
|
direct allocation
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page read and write
|
||
|
54A000
|
unkown
|
page execute and write copy
|
||
|
B5B000
|
heap
|
page read and write
|
||
|
473D000
|
trusted library allocation
|
page execute and read and write
|
||
|
532000
|
unkown
|
page execute and write copy
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
336000
|
unkown
|
page execute and write copy
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
32A000
|
unkown
|
page execute and read and write
|
||
|
512000
|
unkown
|
page execute and read and write
|
||
|
4F0000
|
unkown
|
page execute and read and write
|
||
|
4720000
|
trusted library allocation
|
page read and write
|
||
|
326000
|
unkown
|
page write copy
|
||
|
285E000
|
stack
|
page read and write
|
||
|
4FD000
|
unkown
|
page execute and write copy
|
||
|
259F000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
6C3D000
|
stack
|
page read and write
|
||
|
335000
|
unkown
|
page execute and read and write
|
||
|
3D5F000
|
stack
|
page read and write
|
||
|
4884000
|
trusted library allocation
|
page read and write
|
||
|
46E0000
|
direct allocation
|
page execute and read and write
|
||
|
3C5E000
|
stack
|
page read and write
|
||
|
5A2000
|
unkown
|
page execute and read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
371F000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
537000
|
unkown
|
page execute and read and write
|
||
|
6DFE000
|
stack
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
4FE000
|
unkown
|
page execute and read and write
|
||
|
2ADE000
|
stack
|
page read and write
|
||
|
540000
|
unkown
|
page execute and read and write
|
||
|
4AA1000
|
trusted library allocation
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
4B5000
|
unkown
|
page execute and write copy
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
489A000
|
trusted library allocation
|
page execute and read and write
|
||
|
534000
|
unkown
|
page execute and write copy
|
||
|
4990000
|
heap
|
page execute and read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
53F000
|
unkown
|
page execute and write copy
|
||
|
5C8000
|
unkown
|
page execute and write copy
|
||
|
6EFE000
|
stack
|
page read and write
|
||
|
495C000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
3E9F000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
4AD000
|
unkown
|
page execute and write copy
|
||
|
51F000
|
unkown
|
page execute and write copy
|
||
|
375E000
|
stack
|
page read and write
|
||
|
26DF000
|
stack
|
page read and write
|
||
|
5C8000
|
unkown
|
page execute and read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
46D0000
|
direct allocation
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
4AD000
|
unkown
|
page execute and read and write
|
||
|
934000
|
heap
|
page read and write
|
||
|
4DE000
|
unkown
|
page execute and read and write
|
||
|
5CA000
|
unkown
|
page execute and write copy
|
||
|
934000
|
heap
|
page read and write
|
||
|
322000
|
unkown
|
page execute and write copy
|
||
|
271E000
|
stack
|
page read and write
|
||
|
45B0000
|
direct allocation
|
page read and write
|
There are 194 hidden memdumps, click here to show them.