Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4D71000
|
heap
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
B44000
|
unkown
|
page execute and write copy
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
403D000
|
stack
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
A2C000
|
unkown
|
page execute and read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
6325000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
4EA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
A66000
|
unkown
|
page execute and read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
AC4000
|
unkown
|
page execute and read and write
|
||
|
114E000
|
stack
|
page read and write
|
||
|
4EFC000
|
stack
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
11FF000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page read and write
|
||
|
4EAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
A78000
|
unkown
|
page execute and read and write
|
||
|
427F000
|
stack
|
page read and write
|
||
|
AA0000
|
unkown
|
page execute and read and write
|
||
|
B42000
|
unkown
|
page execute and write copy
|
||
|
758E000
|
stack
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
11B0000
|
direct allocation
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
B42000
|
unkown
|
page execute and read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
B33000
|
unkown
|
page execute and write copy
|
||
|
AB2000
|
unkown
|
page execute and read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
7480000
|
heap
|
page execute and read and write
|
||
|
121E000
|
heap
|
page read and write
|
||
|
10C5000
|
heap
|
page read and write
|
||
|
AB9000
|
unkown
|
page execute and write copy
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
886000
|
unkown
|
page write copy
|
||
|
4EC0000
|
direct allocation
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
AAD000
|
unkown
|
page execute and read and write
|
||
|
AE4000
|
unkown
|
page execute and read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
A86000
|
unkown
|
page execute and write copy
|
||
|
896000
|
unkown
|
page execute and write copy
|
||
|
4EC0000
|
direct allocation
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
6301000
|
trusted library allocation
|
page read and write
|
||
|
AA3000
|
unkown
|
page execute and read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
A95000
|
unkown
|
page execute and read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
9FC000
|
unkown
|
page execute and read and write
|
||
|
1201000
|
heap
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
AAB000
|
unkown
|
page execute and write copy
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
1211000
|
heap
|
page read and write
|
||
|
A26000
|
unkown
|
page execute and write copy
|
||
|
377E000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
A3A000
|
unkown
|
page execute and read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute and write copy
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
1251000
|
heap
|
page read and write
|
||
|
A5A000
|
unkown
|
page execute and read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
4D81000
|
heap
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
88A000
|
unkown
|
page execute and read and write
|
||
|
ABB000
|
unkown
|
page execute and write copy
|
||
|
413F000
|
stack
|
page read and write
|
||
|
A23000
|
unkown
|
page execute and read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
1209000
|
heap
|
page read and write
|
||
|
882000
|
unkown
|
page execute and read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
882000
|
unkown
|
page execute and write copy
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4E70000
|
trusted library allocation
|
page read and write
|
||
|
4EC0000
|
direct allocation
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
747E000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
A79000
|
unkown
|
page execute and write copy
|
||
|
4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
A84000
|
unkown
|
page execute and write copy
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
9FE000
|
unkown
|
page execute and write copy
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
A75000
|
unkown
|
page execute and write copy
|
||
|
AA1000
|
unkown
|
page execute and write copy
|
||
|
467E000
|
stack
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
B44000
|
unkown
|
page execute and write copy
|
||
|
4F40000
|
direct allocation
|
page execute and read and write
|
||
|
A5B000
|
unkown
|
page execute and write copy
|
||
|
A8A000
|
unkown
|
page execute and read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
11CA000
|
heap
|
page read and write
|
||
|
5301000
|
trusted library allocation
|
page read and write
|
||
|
110D000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4FF0000
|
heap
|
page read and write
|
||
|
A96000
|
unkown
|
page execute and write copy
|
||
|
B33000
|
unkown
|
page execute and write copy
|
||
|
4F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page execute and read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
4F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
4EB4000
|
trusted library allocation
|
page read and write
|
||
|
A35000
|
unkown
|
page execute and write copy
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
A23000
|
unkown
|
page execute and write copy
|
||
|
A7B000
|
unkown
|
page execute and read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page execute and read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
A93000
|
unkown
|
page execute and write copy
|
||
|
AAE000
|
unkown
|
page execute and write copy
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
AE1000
|
unkown
|
page execute and write copy
|
||
|
4F10000
|
direct allocation
|
page execute and read and write
|
||
|
6304000
|
trusted library allocation
|
page read and write
|
||
|
3FFF000
|
stack
|
page read and write
|
||
|
88A000
|
unkown
|
page execute and write copy
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
4FDC000
|
stack
|
page read and write
|
||
|
73FD000
|
stack
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
A53000
|
unkown
|
page execute and write copy
|
||
|
4EA4000
|
trusted library allocation
|
page read and write
|
||
|
120D000
|
heap
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
4F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
A15000
|
unkown
|
page execute and read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
A85000
|
unkown
|
page execute and read and write
|
||
|
B2B000
|
unkown
|
page execute and write copy
|
||
|
118B000
|
stack
|
page read and write
|
||
|
ABA000
|
unkown
|
page execute and read and write
|
||
|
ACF000
|
unkown
|
page execute and read and write
|
||
|
4D60000
|
direct allocation
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
886000
|
unkown
|
page write copy
|
||
|
ACD000
|
unkown
|
page execute and write copy
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
4D71000
|
heap
|
page read and write
|
There are 194 hidden memdumps, click here to show them.