Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4A10000
|
direct allocation
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
55D000
|
unkown
|
page execute and write copy
|
||
|
4CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
2ECF000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
CFE000
|
heap
|
page read and write
|
||
|
49F0000
|
heap
|
page read and write
|
||
|
440F000
|
stack
|
page read and write
|
||
|
441000
|
unkown
|
page execute and read and write
|
||
|
4F60000
|
trusted library allocation
|
page read and write
|
||
|
54D000
|
unkown
|
page execute and read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
4FB1000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
heap
|
page execute and read and write
|
||
|
2B2000
|
unkown
|
page execute and read and write
|
||
|
4B60000
|
trusted library allocation
|
page read and write
|
||
|
5FB4000
|
trusted library allocation
|
page read and write
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
4CEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page execute and read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
702000
|
unkown
|
page execute and write copy
|
||
|
4CD0000
|
direct allocation
|
page execute and read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
F4F000
|
stack
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
4B64000
|
trusted library allocation
|
page read and write
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
38CF000
|
stack
|
page read and write
|
||
|
55C000
|
unkown
|
page execute and read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
55C000
|
unkown
|
page execute and write copy
|
||
|
4B5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B6000
|
unkown
|
page write copy
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
3E0E000
|
stack
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
unkown
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
D39000
|
heap
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
D3B000
|
heap
|
page read and write
|
||
|
444E000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
4BAC000
|
stack
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
4CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
70AD000
|
stack
|
page read and write
|
||
|
2C8E000
|
stack
|
page read and write
|
||
|
702000
|
unkown
|
page execute and write copy
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
2B0000
|
unkown
|
page readonly
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
D31000
|
heap
|
page read and write
|
||
|
4D8C000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
D41000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
49D0000
|
direct allocation
|
page read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
F8E000
|
stack
|
page read and write
|
||
|
2B6000
|
unkown
|
page write copy
|
||
|
354E000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
2BA000
|
unkown
|
page execute and read and write
|
||
|
3CCD000
|
stack
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
B89000
|
stack
|
page read and write
|
||
|
3A0F000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
3C8F000
|
stack
|
page read and write
|
||
|
3B8E000
|
stack
|
page read and write
|
||
|
350F000
|
stack
|
page read and write
|
||
|
4B54000
|
trusted library allocation
|
page read and write
|
||
|
2A0B000
|
stack
|
page read and write
|
||
|
404F000
|
stack
|
page read and write
|
||
|
408E000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
454F000
|
stack
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
5FB1000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
4B40000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
418F000
|
stack
|
page read and write
|
||
|
D4D000
|
heap
|
page read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
3F0F000
|
stack
|
page read and write
|
||
|
7280000
|
heap
|
page execute and read and write
|
||
|
2B2000
|
unkown
|
page execute and write copy
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
738F000
|
stack
|
page read and write
|
||
|
748F000
|
stack
|
page read and write
|
||
|
3DCE000
|
stack
|
page read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
700000
|
unkown
|
page execute and read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
5FD5000
|
trusted library allocation
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
CFA000
|
heap
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
29C7000
|
heap
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
42CF000
|
stack
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
390E000
|
stack
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
4A21000
|
heap
|
page read and write
|
||
|
364F000
|
stack
|
page read and write
|
||
|
4B53000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A10000
|
direct allocation
|
page read and write
|
||
|
458E000
|
stack
|
page read and write
|
There are 149 hidden memdumps, click here to show them.