Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17C0000
|
heap
|
page read and write
|
||
|
FA2000
|
unkown
|
page execute and read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
4B0E000
|
stack
|
page read and write
|
||
|
11DE000
|
unkown
|
page execute and write copy
|
||
|
5310000
|
heap
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
188E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page execute and read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
11D3000
|
unkown
|
page execute and read and write
|
||
|
40CF000
|
stack
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
3D0F000
|
stack
|
page read and write
|
||
|
11D2000
|
unkown
|
page execute and write copy
|
||
|
11C1000
|
unkown
|
page execute and write copy
|
||
|
5311000
|
heap
|
page read and write
|
||
|
7C5E000
|
stack
|
page read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
7A10000
|
heap
|
page execute and read and write
|
||
|
11F1000
|
unkown
|
page execute and read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
1196000
|
unkown
|
page execute and write copy
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
11F2000
|
unkown
|
page execute and write copy
|
||
|
55C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB6000
|
unkown
|
page execute and write copy
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
11EE000
|
unkown
|
page execute and write copy
|
||
|
3D4E000
|
stack
|
page read and write
|
||
|
4C0F000
|
stack
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
4FCF000
|
stack
|
page read and write
|
||
|
55CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
420F000
|
stack
|
page read and write
|
||
|
18F9000
|
heap
|
page read and write
|
||
|
57D1000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
110D000
|
unkown
|
page execute and write copy
|
||
|
1BAE000
|
stack
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
193E000
|
heap
|
page read and write
|
||
|
3BCF000
|
stack
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
55F0000
|
direct allocation
|
page execute and read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
1901000
|
heap
|
page read and write
|
||
|
55FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D4000
|
unkown
|
page execute and write copy
|
||
|
78AC000
|
stack
|
page read and write
|
||
|
1250000
|
unkown
|
page execute and write copy
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
18BE000
|
heap
|
page read and write
|
||
|
11C3000
|
unkown
|
page execute and read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
3ACE000
|
stack
|
page read and write
|
||
|
1133000
|
unkown
|
page execute and write copy
|
||
|
3F8F000
|
stack
|
page read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
190E000
|
heap
|
page read and write
|
||
|
67F5000
|
trusted library allocation
|
page read and write
|
||
|
18EF000
|
heap
|
page read and write
|
||
|
1193000
|
unkown
|
page execute and write copy
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
55C0000
|
direct allocation
|
page execute and read and write
|
||
|
4D4F000
|
stack
|
page read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
112B000
|
unkown
|
page execute and read and write
|
||
|
488E000
|
stack
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
11D5000
|
unkown
|
page execute and read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
FAA000
|
unkown
|
page execute and read and write
|
||
|
3C0E000
|
stack
|
page read and write
|
||
|
117F000
|
unkown
|
page execute and write copy
|
||
|
5680000
|
heap
|
page execute and read and write
|
||
|
18BA000
|
heap
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
55D4000
|
trusted library allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
119D000
|
unkown
|
page execute and read and write
|
||
|
55EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E8E000
|
stack
|
page read and write
|
||
|
49CE000
|
stack
|
page read and write
|
||
|
1183000
|
unkown
|
page execute and read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
unkown
|
page execute and write copy
|
||
|
FA0000
|
unkown
|
page readonly
|
||
|
5311000
|
heap
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
11C0000
|
unkown
|
page execute and read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
7D9E000
|
stack
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
1250000
|
unkown
|
page execute and read and write
|
||
|
FA6000
|
unkown
|
page write copy
|
||
|
EDC000
|
stack
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and write copy
|
||
|
11F5000
|
unkown
|
page execute and read and write
|
||
|
4C4E000
|
stack
|
page read and write
|
||
|
FA0000
|
unkown
|
page read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
364F000
|
stack
|
page read and write
|
||
|
549B000
|
stack
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
11EF000
|
unkown
|
page execute and read and write
|
||
|
1195000
|
unkown
|
page execute and read and write
|
||
|
11D1000
|
unkown
|
page execute and read and write
|
||
|
55F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
FA2000
|
unkown
|
page execute and write copy
|
||
|
484F000
|
stack
|
page read and write
|
||
|
3FCE000
|
stack
|
page read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
177C000
|
stack
|
page read and write
|
||
|
67D4000
|
trusted library allocation
|
page read and write
|
||
|
11A3000
|
unkown
|
page execute and read and write
|
||
|
1359000
|
stack
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
1AAF000
|
stack
|
page read and write
|
||
|
11F0000
|
unkown
|
page execute and write copy
|
||
|
474E000
|
stack
|
page read and write
|
||
|
18F1000
|
heap
|
page read and write
|
||
|
110A000
|
unkown
|
page execute and read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
1137000
|
unkown
|
page execute and read and write
|
||
|
FA6000
|
unkown
|
page write copy
|
||
|
5410000
|
heap
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
1252000
|
unkown
|
page execute and write copy
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
1240000
|
unkown
|
page execute and write copy
|
||
|
11A4000
|
unkown
|
page execute and write copy
|
||
|
17BE000
|
stack
|
page read and write
|
||
|
1170000
|
unkown
|
page execute and read and write
|
||
|
55A0000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
3E4F000
|
stack
|
page read and write
|
||
|
448F000
|
stack
|
page read and write
|
||
|
11BD000
|
unkown
|
page execute and write copy
|
||
|
16E0000
|
direct allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
374F000
|
stack
|
page read and write
|
||
|
7B1F000
|
stack
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
112B000
|
unkown
|
page execute and write copy
|
||
|
5320000
|
heap
|
page read and write
|
||
|
55C4000
|
trusted library allocation
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
1252000
|
unkown
|
page execute and write copy
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
434F000
|
stack
|
page read and write
|
||
|
5460000
|
direct allocation
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
498F000
|
stack
|
page read and write
|
||
|
111E000
|
unkown
|
page execute and read and write
|
||
|
7B5E000
|
stack
|
page read and write
|
||
|
123A000
|
unkown
|
page execute and write copy
|
||
|
5460000
|
direct allocation
|
page read and write
|
||
|
16F7000
|
heap
|
page read and write
|
||
|
119E000
|
unkown
|
page execute and write copy
|
||
|
180E000
|
stack
|
page read and write
|
||
|
398E000
|
stack
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
79AD000
|
stack
|
page read and write
|
||
|
FAA000
|
unkown
|
page execute and write copy
|
||
|
438E000
|
stack
|
page read and write
|
||
|
67D1000
|
trusted library allocation
|
page read and write
|
||
|
11CB000
|
unkown
|
page execute and write copy
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
5460000
|
direct allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
17C4000
|
heap
|
page read and write
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page execute and read and write
|
||
|
11AA000
|
unkown
|
page execute and read and write
|
||
|
18A0000
|
direct allocation
|
page read and write
|
There are 196 hidden memdumps, click here to show them.