Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
18.31.95.13.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2ABE000
|
stack
|
page read and write
|
||
|
336000
|
unkown
|
page write copy
|
||
|
33A000
|
unkown
|
page execute and read and write
|
||
|
2937000
|
heap
|
page read and write
|
||
|
5E71000
|
trusted library allocation
|
page read and write
|
||
|
5E2000
|
unkown
|
page execute and read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
4B2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
4C6F000
|
stack
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page execute and read and write
|
||
|
4B03000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
D4A000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
4B6B000
|
stack
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
383F000
|
stack
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
336000
|
unkown
|
page write copy
|
||
|
73CF000
|
stack
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
423F000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
330000
|
unkown
|
page read and write
|
||
|
D7F000
|
heap
|
page read and write
|
||
|
4B14000
|
trusted library allocation
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
3C3D000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
4B04000
|
trusted library allocation
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
5E2000
|
unkown
|
page execute and write copy
|
||
|
332000
|
unkown
|
page execute and write copy
|
||
|
C75000
|
heap
|
page read and write
|
||
|
5E3000
|
unkown
|
page execute and write copy
|
||
|
332000
|
unkown
|
page execute and read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4960000
|
direct allocation
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
4C77000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
C60000
|
heap
|
page read and write
|
||
|
B39000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
5E95000
|
trusted library allocation
|
page read and write
|
||
|
4C7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
78C000
|
unkown
|
page execute and write copy
|
||
|
373E000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
728E000
|
stack
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
5E74000
|
trusted library allocation
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
4C3000
|
unkown
|
page execute and read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
4D50000
|
heap
|
page execute and read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
78C000
|
unkown
|
page execute and write copy
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
D4E000
|
heap
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
D89000
|
heap
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
4D1C000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
718E000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
5D3000
|
unkown
|
page execute and read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
4B0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
4C90000
|
direct allocation
|
page execute and read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
297B000
|
stack
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
427E000
|
stack
|
page read and write
|
||
|
4E71000
|
trusted library allocation
|
page read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
49A0000
|
direct allocation
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
78A000
|
unkown
|
page execute and read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
700D000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
49B1000
|
heap
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
There are 149 hidden memdumps, click here to show them.