Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4C30000
|
direct allocation
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
5101000
|
trusted library allocation
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
822000
|
unkown
|
page execute and read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
4E17000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE9000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
4E10000
|
direct allocation
|
page execute and read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
44EF000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
743F000
|
stack
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
826000
|
unkown
|
page write copy
|
||
|
ABF000
|
unkown
|
page execute and read and write
|
||
|
4DCB000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4DE4000
|
trusted library allocation
|
page read and write
|
||
|
4C52000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page execute and read and write
|
||
|
C74000
|
unkown
|
page execute and write copy
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
4E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FDE000
|
stack
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
6104000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
75BE000
|
stack
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
757E000
|
stack
|
page read and write
|
||
|
747E000
|
stack
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
371F000
|
stack
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
4DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
9B0000
|
unkown
|
page execute and read and write
|
||
|
826000
|
unkown
|
page write copy
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
ACE000
|
unkown
|
page execute and read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
50CF000
|
stack
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
6101000
|
trusted library allocation
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
731E000
|
stack
|
page read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
direct allocation
|
page execute and read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
6125000
|
trusted library allocation
|
page read and write
|
||
|
822000
|
unkown
|
page execute and write copy
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
4FCF000
|
stack
|
page read and write
|
||
|
4DF4000
|
trusted library allocation
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
FDE000
|
heap
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
C72000
|
unkown
|
page execute and read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
ACE000
|
unkown
|
page execute and write copy
|
||
|
4DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
425F000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
FFD000
|
heap
|
page read and write
|
||
|
119E000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
3D9E000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
DD9000
|
stack
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
CDC000
|
stack
|
page read and write
|
||
|
820000
|
unkown
|
page read and write
|
||
|
4C10000
|
direct allocation
|
page read and write
|
||
|
466E000
|
stack
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
102C000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
48AF000
|
stack
|
page read and write
|
||
|
4E0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D5F000
|
stack
|
page read and write
|
||
|
7330000
|
heap
|
page execute and read and write
|
||
|
375E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
3E9F000
|
stack
|
page read and write
|
||
|
462F000
|
stack
|
page read and write
|
||
|
3C5E000
|
stack
|
page read and write
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
76BE000
|
stack
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
FAA000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
43A0000
|
heap
|
page read and write
|
||
|
411F000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
ACF000
|
unkown
|
page execute and write copy
|
||
|
E14000
|
heap
|
page read and write
|
||
|
476F000
|
stack
|
page read and write
|
||
|
2AD7000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
439F000
|
stack
|
page read and write
|
||
|
71DC000
|
stack
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
72DD000
|
stack
|
page read and write
|
||
|
82A000
|
unkown
|
page execute and read and write
|
||
|
C74000
|
unkown
|
page execute and write copy
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
820000
|
unkown
|
page readonly
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
2C1C000
|
stack
|
page read and write
|
There are 157 hidden memdumps, click here to show them.