Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://go.mic
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E0000
|
unkown
|
page readonly
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
EA000
|
unkown
|
page execute and write copy
|
||
|
337E000
|
stack
|
page read and write
|
||
|
26FE000
|
stack
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
6E00000
|
heap
|
page execute and read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
2EC000
|
unkown
|
page execute and read and write
|
||
|
45A0000
|
heap
|
page read and write
|
||
|
253F000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
4724000
|
trusted library allocation
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
470D000
|
trusted library allocation
|
page execute and read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
2B8000
|
unkown
|
page execute and write copy
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
2B7000
|
unkown
|
page execute and read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
243E000
|
stack
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
48E0000
|
trusted library allocation
|
page read and write
|
||
|
48D0000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
314000
|
unkown
|
page execute and write copy
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2CF000
|
unkown
|
page execute and read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
308000
|
unkown
|
page execute and read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
5A74000
|
trusted library allocation
|
page read and write
|
||
|
87E000
|
heap
|
page read and write
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
27FF000
|
stack
|
page read and write
|
||
|
EA000
|
unkown
|
page execute and write copy
|
||
|
327000
|
unkown
|
page execute and read and write
|
||
|
6B4C000
|
stack
|
page read and write
|
||
|
EA000
|
unkown
|
page execute and read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
384000
|
unkown
|
page execute and write copy
|
||
|
280000
|
unkown
|
page execute and read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
4580000
|
direct allocation
|
page read and write
|
||
|
E6000
|
unkown
|
page write copy
|
||
|
4880000
|
direct allocation
|
page execute and read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
4A60000
|
heap
|
page read and write
|
||
|
E6000
|
unkown
|
page write copy
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
48C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
E2000
|
unkown
|
page execute and write copy
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
2ED000
|
unkown
|
page execute and write copy
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
27E000
|
unkown
|
page execute and write copy
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
2A8000
|
unkown
|
page execute and write copy
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
39E000
|
unkown
|
page execute and write copy
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2BD000
|
unkown
|
page execute and read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
383F000
|
stack
|
page read and write
|
||
|
476C000
|
stack
|
page read and write
|
||
|
2B3000
|
unkown
|
page execute and write copy
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2E3000
|
unkown
|
page execute and write copy
|
||
|
2C0000
|
unkown
|
page execute and read and write
|
||
|
2CA000
|
unkown
|
page execute and write copy
|
||
|
26E000
|
unkown
|
page execute and read and write
|
||
|
4880000
|
trusted library allocation
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
290000
|
unkown
|
page execute and write copy
|
||
|
5A95000
|
trusted library allocation
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
337000
|
unkown
|
page execute and read and write
|
||
|
4720000
|
trusted library allocation
|
page read and write
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
2BE000
|
unkown
|
page execute and write copy
|
||
|
39E000
|
unkown
|
page execute and write copy
|
||
|
2F4000
|
unkown
|
page execute and write copy
|
||
|
48F0000
|
heap
|
page execute and read and write
|
||
|
28F000
|
unkown
|
page execute and read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
46D0000
|
trusted library allocation
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
45D0000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
25B7000
|
heap
|
page read and write
|
||
|
46F0000
|
trusted library allocation
|
page read and write
|
||
|
38E000
|
unkown
|
page execute and write copy
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
2AA000
|
unkown
|
page execute and read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
38E000
|
unkown
|
page execute and write copy
|
||
|
4A71000
|
trusted library allocation
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
489B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B3F000
|
stack
|
page read and write
|
||
|
8C1000
|
heap
|
page read and write
|
||
|
739000
|
stack
|
page read and write
|
||
|
26C000
|
unkown
|
page execute and read and write
|
||
|
279000
|
unkown
|
page execute and write copy
|
||
|
4703000
|
trusted library allocation
|
page execute and read and write
|
||
|
4897000
|
trusted library allocation
|
page execute and read and write
|
||
|
305000
|
unkown
|
page execute and write copy
|
||
|
325000
|
unkown
|
page execute and write copy
|
||
|
423F000
|
stack
|
page read and write
|
||
|
293F000
|
stack
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
27A000
|
unkown
|
page execute and read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
33D000
|
unkown
|
page execute and write copy
|
||
|
31B000
|
unkown
|
page execute and write copy
|
||
|
704F000
|
stack
|
page read and write
|
||
|
E0000
|
unkown
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
257C000
|
stack
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2CC000
|
unkown
|
page execute and write copy
|
||
|
386000
|
unkown
|
page execute and write copy
|
||
|
28D000
|
unkown
|
page execute and write copy
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
F6000
|
unkown
|
page execute and write copy
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
8B1000
|
heap
|
page read and write
|
||
|
2F8000
|
unkown
|
page execute and read and write
|
||
|
31A000
|
unkown
|
page execute and read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
4704000
|
trusted library allocation
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
335000
|
unkown
|
page execute and write copy
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
256000
|
unkown
|
page execute and read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
2F3000
|
unkown
|
page execute and read and write
|
||
|
48B0000
|
direct allocation
|
page execute and read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
E2000
|
unkown
|
page execute and read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
488A000
|
trusted library allocation
|
page execute and read and write
|
||
|
39C000
|
unkown
|
page execute and read and write
|
||
|
39C000
|
unkown
|
page execute and write copy
|
||
|
2CB000
|
unkown
|
page execute and read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
385000
|
unkown
|
page execute and read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
258000
|
unkown
|
page execute and write copy
|
||
|
26D000
|
unkown
|
page execute and write copy
|
||
|
293000
|
unkown
|
page execute and read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
31E000
|
unkown
|
page execute and read and write
|
||
|
33E000
|
unkown
|
page execute and read and write
|
||
|
4730000
|
direct allocation
|
page read and write
|
||
|
279000
|
unkown
|
page execute and write copy
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
5A71000
|
trusted library allocation
|
page read and write
|
There are 197 hidden memdumps, click here to show them.