Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C5A000
|
unkown
|
page execute and write copy
|
||
|
D59000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
6085000
|
trusted library allocation
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
4CB0000
|
direct allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
4E40000
|
direct allocation
|
page execute and read and write
|
||
|
AB8000
|
unkown
|
page execute and write copy
|
||
|
E84000
|
heap
|
page read and write
|
||
|
C5C000
|
unkown
|
page execute and write copy
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
816000
|
unkown
|
page write copy
|
||
|
AA9000
|
unkown
|
page execute and read and write
|
||
|
117F000
|
stack
|
page read and write
|
||
|
480F000
|
stack
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
4CB0000
|
direct allocation
|
page read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
C5C000
|
unkown
|
page execute and write copy
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
71FD000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
737E000
|
stack
|
page read and write
|
||
|
4B70000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
812000
|
unkown
|
page execute and write copy
|
||
|
727E000
|
stack
|
page read and write
|
||
|
3F4F000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
810000
|
unkown
|
page readonly
|
||
|
4E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
FD2000
|
heap
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
5061000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
4E3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
127F000
|
stack
|
page read and write
|
||
|
4CB0000
|
direct allocation
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
816000
|
unkown
|
page write copy
|
||
|
4E14000
|
trusted library allocation
|
page read and write
|
||
|
3E4D000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
3A4F000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
3E0F000
|
stack
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
46CF000
|
stack
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
81A000
|
unkown
|
page execute and read and write
|
||
|
3BCE000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
4E03000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
F8A000
|
heap
|
page read and write
|
||
|
C5A000
|
unkown
|
page execute and read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
73BE000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
4E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
812000
|
unkown
|
page execute and read and write
|
||
|
7230000
|
heap
|
page execute and read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
4E00000
|
direct allocation
|
page execute and read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
2B5C000
|
stack
|
page read and write
|
||
|
420E000
|
stack
|
page read and write
|
||
|
FBE000
|
heap
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
380E000
|
stack
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
458F000
|
stack
|
page read and write
|
||
|
4CEB000
|
stack
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
4E04000
|
trusted library allocation
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
AB9000
|
unkown
|
page execute and write copy
|
||
|
E84000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
390F000
|
stack
|
page read and write
|
||
|
74FE000
|
stack
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
2B60000
|
direct allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
6064000
|
trusted library allocation
|
page read and write
|
||
|
4B61000
|
heap
|
page read and write
|
||
|
3CCF000
|
stack
|
page read and write
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
998000
|
unkown
|
page execute and read and write
|
||
|
3D0E000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
2B87000
|
heap
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
394E000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
4EAE000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
AB8000
|
unkown
|
page execute and read and write
|
||
|
4FAF000
|
stack
|
page read and write
|
||
|
408F000
|
stack
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
5030000
|
heap
|
page execute and read and write
|
||
|
810000
|
unkown
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
6061000
|
trusted library allocation
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
4B60000
|
heap
|
page read and write
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
F8E000
|
heap
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
4E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32CF000
|
stack
|
page read and write
|
There are 156 hidden memdumps, click here to show them.