Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
uw7vXaPNPF.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\uw7vXaPNPF.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\uw7vXaPNPF.exe
|
"C:\Users\user\Desktop\uw7vXaPNPF.exe"
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
4E3B000
|
trusted library allocation
|
page execute and read and write
|
||
B6A000
|
unkown
|
page execute and read and write
|
||
4E30000
|
trusted library allocation
|
page read and write
|
||
3BEE000
|
stack
|
page read and write
|
||
DDE000
|
stack
|
page read and write
|
||
BF3000
|
unkown
|
page execute and read and write
|
||
5090000
|
trusted library allocation
|
page execute and read and write
|
||
3F6F000
|
stack
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
BE6000
|
unkown
|
page execute and read and write
|
||
10FF000
|
stack
|
page read and write
|
||
BFC000
|
unkown
|
page execute and read and write
|
||
4CDA000
|
trusted library allocation
|
page execute and read and write
|
||
D9B000
|
stack
|
page read and write
|
||
B9B000
|
unkown
|
page execute and read and write
|
||
BA2000
|
unkown
|
page execute and write copy
|
||
9E4000
|
unkown
|
page execute and write copy
|
||
BE1000
|
unkown
|
page execute and read and write
|
||
3A6F000
|
stack
|
page read and write
|
||
5131000
|
trusted library allocation
|
page read and write
|
||
2F6E000
|
stack
|
page read and write
|
||
4D2B000
|
stack
|
page read and write
|
||
BDA000
|
unkown
|
page execute and write copy
|
||
73AE000
|
stack
|
page read and write
|
||
73B0000
|
heap
|
page execute and read and write
|
||
BAC000
|
unkown
|
page execute and read and write
|
||
45AF000
|
stack
|
page read and write
|
||
32EF000
|
stack
|
page read and write
|
||
4C70000
|
trusted library allocation
|
page read and write
|
||
9B0000
|
heap
|
page read and write
|
||
2D2F000
|
stack
|
page read and write
|
||
2F2F000
|
stack
|
page read and write
|
||
382E000
|
stack
|
page read and write
|
||
11CC000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
482F000
|
stack
|
page read and write
|
||
4E37000
|
trusted library allocation
|
page execute and read and write
|
||
B5F000
|
unkown
|
page execute and read and write
|
||
40AF000
|
stack
|
page read and write
|
||
4F9E000
|
stack
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
C82000
|
unkown
|
page execute and write copy
|
||
BD4000
|
unkown
|
page execute and read and write
|
||
396E000
|
stack
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
44AE000
|
stack
|
page read and write
|
||
4CB4000
|
trusted library allocation
|
page read and write
|
||
C07000
|
unkown
|
page execute and read and write
|
||
136F000
|
stack
|
page read and write
|
||
732F000
|
stack
|
page read and write
|
||
4C70000
|
heap
|
page read and write
|
||
6131000
|
trusted library allocation
|
page read and write
|
||
432F000
|
stack
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
4CB3000
|
trusted library allocation
|
page execute and read and write
|
||
BFE000
|
unkown
|
page execute and write copy
|
||
8FE000
|
stack
|
page read and write
|
||
11AD000
|
heap
|
page read and write
|
||
4CC0000
|
trusted library allocation
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
4E2F000
|
stack
|
page read and write
|
||
B43000
|
unkown
|
page execute and read and write
|
||
B6A000
|
unkown
|
page execute and write copy
|
||
9DA000
|
unkown
|
page execute and read and write
|
||
2C27000
|
heap
|
page read and write
|
||
11B9000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
11BB000
|
heap
|
page read and write
|
||
392F000
|
stack
|
page read and write
|
||
4CB0000
|
direct allocation
|
page execute and read and write
|
||
1170000
|
heap
|
page read and write
|
||
C84000
|
unkown
|
page execute and write copy
|
||
50A0000
|
trusted library allocation
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
B6C000
|
unkown
|
page execute and write copy
|
||
71C000
|
stack
|
page read and write
|
||
3D2E000
|
stack
|
page read and write
|
||
6155000
|
trusted library allocation
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
C09000
|
unkown
|
page execute and write copy
|
||
342F000
|
stack
|
page read and write
|
||
722D000
|
stack
|
page read and write
|
||
736E000
|
stack
|
page read and write
|
||
9DA000
|
unkown
|
page execute and write copy
|
||
944000
|
heap
|
page read and write
|
||
4B81000
|
heap
|
page read and write
|
||
11B7000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
346E000
|
stack
|
page read and write
|
||
880000
|
heap
|
page read and write
|
||
2C0F000
|
stack
|
page read and write
|
||
472E000
|
stack
|
page read and write
|
||
B46000
|
unkown
|
page execute and write copy
|
||
45EE000
|
stack
|
page read and write
|
||
3AAE000
|
stack
|
page read and write
|
||
B6E000
|
unkown
|
page execute and write copy
|
||
36EE000
|
stack
|
page read and write
|
||
31EE000
|
stack
|
page read and write
|
||
422E000
|
stack
|
page read and write
|
||
2C10000
|
direct allocation
|
page read and write
|
||
4CA0000
|
trusted library allocation
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
C10000
|
unkown
|
page execute and read and write
|
||
890000
|
heap
|
page read and write
|
||
4E9E000
|
stack
|
page read and write
|
||
117A000
|
heap
|
page read and write
|
||
117E000
|
heap
|
page read and write
|
||
BD5000
|
unkown
|
page execute and write copy
|
||
940000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
B99000
|
unkown
|
page execute and write copy
|
||
BB6000
|
unkown
|
page execute and write copy
|
||
4E30000
|
direct allocation
|
page execute and read and write
|
||
C23000
|
unkown
|
page execute and write copy
|
||
C82000
|
unkown
|
page execute and read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
3BAF000
|
stack
|
page read and write
|
||
C25000
|
unkown
|
page execute and read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
BEE000
|
unkown
|
page execute and write copy
|
||
50EE000
|
stack
|
page read and write
|
||
46EF000
|
stack
|
page read and write
|
||
BD9000
|
unkown
|
page execute and read and write
|
||
B6F000
|
unkown
|
page execute and read and write
|
||
74BE000
|
stack
|
page read and write
|
||
5120000
|
heap
|
page execute and read and write
|
||
2C20000
|
heap
|
page read and write
|
||
2E2F000
|
stack
|
page read and write
|
||
4B71000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
819000
|
stack
|
page read and write
|
||
93E000
|
stack
|
page read and write
|
||
9D0000
|
unkown
|
page readonly
|
||
9D2000
|
unkown
|
page execute and read and write
|
||
41EF000
|
stack
|
page read and write
|
||
C71000
|
unkown
|
page execute and write copy
|
||
C6B000
|
unkown
|
page execute and write copy
|
||
11AF000
|
heap
|
page read and write
|
||
40EE000
|
stack
|
page read and write
|
||
9E5000
|
unkown
|
page execute and read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
3CEF000
|
stack
|
page read and write
|
||
4B71000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
4CBD000
|
trusted library allocation
|
page execute and read and write
|
||
37EF000
|
stack
|
page read and write
|
||
BB8000
|
unkown
|
page execute and read and write
|
||
944000
|
heap
|
page read and write
|
||
332E000
|
stack
|
page read and write
|
||
4B71000
|
heap
|
page read and write
|
||
50B0000
|
trusted library allocation
|
page read and write
|
||
3E2F000
|
stack
|
page read and write
|
||
30AE000
|
stack
|
page read and write
|
||
2C10000
|
direct allocation
|
page read and write
|
||
BD1000
|
unkown
|
page execute and write copy
|
||
9D2000
|
unkown
|
page execute and write copy
|
||
113E000
|
stack
|
page read and write
|
||
BE2000
|
unkown
|
page execute and write copy
|
||
4CE0000
|
heap
|
page read and write
|
||
9D6000
|
unkown
|
page write copy
|
||
4B71000
|
heap
|
page read and write
|
||
306F000
|
stack
|
page read and write
|
||
4CD0000
|
trusted library allocation
|
page read and write
|
||
B6D000
|
unkown
|
page execute and read and write
|
||
436E000
|
stack
|
page read and write
|
||
4CC4000
|
trusted library allocation
|
page read and write
|
||
35AE000
|
stack
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
31AF000
|
stack
|
page read and write
|
||
4E50000
|
trusted library allocation
|
page read and write
|
||
BFB000
|
unkown
|
page execute and write copy
|
||
944000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
11BF000
|
heap
|
page read and write
|
||
9E6000
|
unkown
|
page execute and write copy
|
||
9D0000
|
unkown
|
page read and write
|
||
6134000
|
trusted library allocation
|
page read and write
|
||
9AE000
|
stack
|
page read and write
|
||
508C000
|
stack
|
page read and write
|
||
C02000
|
unkown
|
page execute and read and write
|
||
C04000
|
unkown
|
page execute and write copy
|
||
4B71000
|
heap
|
page read and write
|
||
9D6000
|
unkown
|
page write copy
|
||
4B71000
|
heap
|
page read and write
|
||
75BE000
|
stack
|
page read and write
|
||
446F000
|
stack
|
page read and write
|
||
C71000
|
unkown
|
page execute and write copy
|
||
944000
|
heap
|
page read and write
|
||
36AF000
|
stack
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
C84000
|
unkown
|
page execute and write copy
|
||
4B70000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
3E6E000
|
stack
|
page read and write
|
||
3FAE000
|
stack
|
page read and write
|
||
1150000
|
direct allocation
|
page read and write
|
||
944000
|
heap
|
page read and write
|
||
11FF000
|
heap
|
page read and write
|
||
4FA0000
|
heap
|
page read and write
|
||
356F000
|
stack
|
page read and write
|
There are 196 hidden memdumps, click here to show them.