Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
 |
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1384000
|
heap
|
page read and write
|
||
|
A78000
|
unkown
|
page execute and write copy
|
||
|
3DCF000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
5130000
|
direct allocation
|
page read and write
|
||
|
364F000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
53C0000
|
heap
|
page read and write
|
||
|
3F0F000
|
stack
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
AC4000
|
unkown
|
page execute and read and write
|
||
|
A4B000
|
unkown
|
page execute and write copy
|
||
|
8E6000
|
unkown
|
page write copy
|
||
|
AF8000
|
unkown
|
page execute and write copy
|
||
|
390E000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
30C7000
|
heap
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
5130000
|
direct allocation
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
8EA000
|
unkown
|
page execute and write copy
|
||
|
798E000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
B2A000
|
unkown
|
page execute and write copy
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
8E0000
|
unkown
|
page readonly
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
A9E000
|
unkown
|
page execute and read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
8EA000
|
unkown
|
page execute and read and write
|
||
|
B07000
|
unkown
|
page execute and write copy
|
||
|
5021000
|
heap
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
440F000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
5130000
|
direct allocation
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
408E000
|
stack
|
page read and write
|
||
|
AFD000
|
unkown
|
page execute and write copy
|
||
|
8E0000
|
unkown
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
54CF000
|
stack
|
page read and write
|
||
|
AA8000
|
unkown
|
page execute and write copy
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
B86000
|
unkown
|
page execute and write copy
|
||
|
AFC000
|
unkown
|
page execute and read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
AD9000
|
unkown
|
page execute and read and write
|
||
|
ABF000
|
unkown
|
page execute and write copy
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
8E2000
|
unkown
|
page execute and write copy
|
||
|
4CCF000
|
stack
|
page read and write
|
||
|
6534000
|
trusted library allocation
|
page read and write
|
||
|
444E000
|
stack
|
page read and write
|
||
|
8F6000
|
unkown
|
page execute and write copy
|
||
|
3A0F000
|
stack
|
page read and write
|
||
|
A70000
|
unkown
|
page execute and write copy
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
52E4000
|
trusted library allocation
|
page read and write
|
||
|
B2C000
|
unkown
|
page execute and read and write
|
||
|
794F000
|
stack
|
page read and write
|
||
|
AE3000
|
unkown
|
page execute and read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
B18000
|
unkown
|
page execute and read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
B84000
|
unkown
|
page execute and read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
51CB000
|
stack
|
page read and write
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
AB4000
|
unkown
|
page execute and read and write
|
||
|
B86000
|
unkown
|
page execute and write copy
|
||
|
B0D000
|
unkown
|
page execute and write copy
|
||
|
B0F000
|
unkown
|
page execute and write copy
|
||
|
5021000
|
heap
|
page read and write
|
||
|
EAC000
|
stack
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
A70000
|
unkown
|
page execute and read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
B28000
|
unkown
|
page execute and write copy
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute and write copy
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
3B8E000
|
stack
|
page read and write
|
||
|
B0E000
|
unkown
|
page execute and read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
B84000
|
unkown
|
page execute and write copy
|
||
|
AE9000
|
unkown
|
page execute and read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
404F000
|
stack
|
page read and write
|
||
|
4A8E000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page execute and read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
52FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
B29000
|
unkown
|
page execute and read and write
|
||
|
8E2000
|
unkown
|
page execute and read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
5531000
|
trusted library allocation
|
page read and write
|
||
|
490F000
|
stack
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
3C8F000
|
stack
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
AF9000
|
unkown
|
page execute and read and write
|
||
|
B0C000
|
unkown
|
page execute and read and write
|
||
|
5520000
|
heap
|
page execute and read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
AC0000
|
unkown
|
page execute and read and write
|
||
|
38CF000
|
stack
|
page read and write
|
||
|
52DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
B76000
|
unkown
|
page execute and write copy
|
||
|
304E000
|
stack
|
page read and write
|
||
|
AD3000
|
unkown
|
page execute and write copy
|
||
|
A64000
|
unkown
|
page execute and read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
AE4000
|
unkown
|
page execute and write copy
|
||
|
1570000
|
heap
|
page read and write
|
||
|
154B000
|
stack
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
unkown
|
page execute and write copy
|
||
|
B10000
|
unkown
|
page execute and read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
780F000
|
stack
|
page read and write
|
||
|
A48000
|
unkown
|
page execute and read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
B11000
|
unkown
|
page execute and write copy
|
||
|
458E000
|
stack
|
page read and write
|
||
|
53AC000
|
stack
|
page read and write
|
||
|
AA1000
|
unkown
|
page execute and read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52D4000
|
trusted library allocation
|
page read and write
|
||
|
530B000
|
trusted library allocation
|
page execute and read and write
|
||
|
350F000
|
stack
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
52D0000
|
direct allocation
|
page execute and read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
8E6000
|
unkown
|
page write copy
|
||
|
A88000
|
unkown
|
page execute and read and write
|
||
|
418F000
|
stack
|
page read and write
|
||
|
15FB000
|
heap
|
page read and write
|
||
|
AE1000
|
unkown
|
page execute and write copy
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
A83000
|
unkown
|
page execute and write copy
|
||
|
76CD000
|
stack
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
15B8000
|
heap
|
page read and write
|
||
|
A9D000
|
unkown
|
page execute and write copy
|
||
|
5021000
|
heap
|
page read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
5300000
|
direct allocation
|
page execute and read and write
|
||
|
196E000
|
stack
|
page read and write
|
||
|
4A4F000
|
stack
|
page read and write
|
||
|
3E0E000
|
stack
|
page read and write
|
||
|
42CF000
|
stack
|
page read and write
|
||
|
454F000
|
stack
|
page read and write
|
||
|
4B8F000
|
stack
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
6531000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
3CCE000
|
stack
|
page read and write
|
||
|
47CF000
|
stack
|
page read and write
|
||
|
430D000
|
stack
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
52D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA9000
|
stack
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
A7A000
|
unkown
|
page execute and read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
AA0000
|
unkown
|
page execute and write copy
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
7A8E000
|
stack
|
page read and write
|
||
|
6555000
|
trusted library allocation
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page execute and read and write
|
||
|
AFA000
|
unkown
|
page execute and write copy
|
||
|
1384000
|
heap
|
page read and write
|
||
|
B76000
|
unkown
|
page execute and write copy
|
||
|
494E000
|
stack
|
page read and write
|
||
|
5010000
|
direct allocation
|
page read and write
|
||
|
30A0000
|
direct allocation
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
5307000
|
trusted library allocation
|
page execute and read and write
|
||
|
148F000
|
stack
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
1384000
|
heap
|
page read and write
|
There are 204 hidden memdumps, click here to show them.