Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5120000
|
direct allocation
|
page read and write
|
||
|
450E000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page execute and read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
53ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
428E000
|
stack
|
page read and write
|
||
|
162E000
|
heap
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
1671000
|
heap
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
799F000
|
stack
|
page read and write
|
||
|
4B1F000
|
stack
|
page read and write
|
||
|
53F4000
|
trusted library allocation
|
page read and write
|
||
|
AC2000
|
unkown
|
page execute and read and write
|
||
|
6815000
|
trusted library allocation
|
page read and write
|
||
|
4A1E000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
D76000
|
unkown
|
page execute and write copy
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
15DF000
|
stack
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
53E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
ACA000
|
unkown
|
page execute and read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
53E0000
|
direct allocation
|
page execute and read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
D77000
|
unkown
|
page execute and write copy
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
3ACF000
|
stack
|
page read and write
|
||
|
4D9F000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
D76000
|
unkown
|
page execute and read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5280000
|
direct allocation
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
53E4000
|
trusted library allocation
|
page read and write
|
||
|
35CF000
|
stack
|
page read and write
|
||
|
3E8F000
|
stack
|
page read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
57F1000
|
trusted library allocation
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
7890000
|
heap
|
page execute and read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
D67000
|
unkown
|
page execute and read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
direct allocation
|
page read and write
|
||
|
AC6000
|
unkown
|
page write copy
|
||
|
3D4F000
|
stack
|
page read and write
|
||
|
AC2000
|
unkown
|
page execute and write copy
|
||
|
540A000
|
trusted library allocation
|
page execute and read and write
|
||
|
398F000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
direct allocation
|
page execute and read and write
|
||
|
F22000
|
unkown
|
page execute and write copy
|
||
|
7BDE000
|
stack
|
page read and write
|
||
|
488F000
|
stack
|
page read and write
|
||
|
414E000
|
stack
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
3ECE000
|
stack
|
page read and write
|
||
|
55C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A9F000
|
stack
|
page read and write
|
||
|
146D000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
F22000
|
unkown
|
page execute and write copy
|
||
|
2FFC000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
410F000
|
stack
|
page read and write
|
||
|
165F000
|
heap
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
F20000
|
unkown
|
page execute and read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
541B000
|
trusted library allocation
|
page execute and read and write
|
||
|
162A000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
474F000
|
stack
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
AC0000
|
unkown
|
page read and write
|
||
|
5280000
|
direct allocation
|
page read and write
|
||
|
1661000
|
heap
|
page read and write
|
||
|
AC6000
|
unkown
|
page write copy
|
||
|
167E000
|
heap
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
374E000
|
stack
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
460F000
|
stack
|
page read and write
|
||
|
181F000
|
stack
|
page read and write
|
||
|
348F000
|
stack
|
page read and write
|
||
|
3B0E000
|
stack
|
page read and write
|
||
|
16B2000
|
heap
|
page read and write
|
||
|
44CF000
|
stack
|
page read and write
|
||
|
3FCF000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
7ADE000
|
stack
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
4890000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
55BC000
|
stack
|
page read and write
|
||
|
FBC000
|
stack
|
page read and write
|
||
|
438F000
|
stack
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
370F000
|
stack
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
3C0F000
|
stack
|
page read and write
|
||
|
67F4000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
52BB000
|
stack
|
page read and write
|
||
|
338E000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
3047000
|
heap
|
page read and write
|
||
|
C5A000
|
unkown
|
page execute and read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
388E000
|
stack
|
page read and write
|
||
|
39CE000
|
stack
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
3D8E000
|
stack
|
page read and write
|
||
|
424F000
|
stack
|
page read and write
|
||
|
384F000
|
stack
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
||
|
400E000
|
stack
|
page read and write
|
||
|
4C5F000
|
stack
|
page read and write
|
||
|
5280000
|
direct allocation
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
5417000
|
trusted library allocation
|
page execute and read and write
|
||
|
67F1000
|
trusted library allocation
|
page read and write
|
||
|
1669000
|
heap
|
page read and write
|
||
|
3C4E000
|
stack
|
page read and write
|
||
|
5120000
|
direct allocation
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
14D4000
|
heap
|
page read and write
|
There are 158 hidden memdumps, click here to show them.