Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
15.164.165.52.in-addr.arpa
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10E0000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4EAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
480F000
|
stack
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
46CF000
|
stack
|
page read and write
|
||
|
2C47000
|
heap
|
page read and write
|
||
|
3A4F000
|
stack
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
4EA0000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
direct allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
4E40000
|
direct allocation
|
page read and write
|
||
|
4E90000
|
direct allocation
|
page execute and read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
10EA000
|
heap
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
4E9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
769F000
|
stack
|
page read and write
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
2BBB000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
3BCE000
|
stack
|
page read and write
|
||
|
4EC0000
|
direct allocation
|
page execute and read and write
|
||
|
1141000
|
heap
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
3C0000
|
unkown
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
73CE000
|
stack
|
page read and write
|
||
|
507F000
|
stack
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
5240000
|
heap
|
page execute and read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
458F000
|
stack
|
page read and write
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
5251000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
3C6000
|
unkown
|
page write copy
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
7490000
|
heap
|
page execute and read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
4EE0000
|
trusted library allocation
|
page read and write
|
||
|
738D000
|
stack
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
4EA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
4E34000
|
trusted library allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
3C6000
|
unkown
|
page write copy
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
4E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
394E000
|
stack
|
page read and write
|
||
|
670000
|
unkown
|
page execute and write copy
|
||
|
81C000
|
unkown
|
page execute and write copy
|
||
|
3E0F000
|
stack
|
page read and write
|
||
|
4F00000
|
heap
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
3C2000
|
unkown
|
page execute and read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
4CA0000
|
direct allocation
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
3E4E000
|
stack
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
1173000
|
heap
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
B5C000
|
stack
|
page read and write
|
||
|
1132000
|
heap
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
3CCF000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
4EC0000
|
trusted library allocation
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
3D0E000
|
stack
|
page read and write
|
||
|
728C000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
390F000
|
stack
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
744E000
|
stack
|
page read and write
|
||
|
2C40000
|
heap
|
page read and write
|
||
|
380E000
|
stack
|
page read and write
|
||
|
420E000
|
stack
|
page read and write
|
||
|
4E24000
|
trusted library allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
1129000
|
heap
|
page read and write
|
||
|
81C000
|
unkown
|
page execute and write copy
|
||
|
3C2000
|
unkown
|
page execute and write copy
|
||
|
1121000
|
heap
|
page read and write
|
||
|
3C0000
|
unkown
|
page readonly
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
3F4F000
|
stack
|
page read and write
|
||
|
81A000
|
unkown
|
page execute and write copy
|
||
|
6254000
|
trusted library allocation
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4E23000
|
trusted library allocation
|
page execute and read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
779E000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
direct allocation
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
4CF1000
|
heap
|
page read and write
|
||
|
517E000
|
stack
|
page read and write
|
||
|
670000
|
unkown
|
page execute and read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
470E000
|
stack
|
page read and write
|
||
|
6275000
|
trusted library allocation
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
81A000
|
unkown
|
page execute and read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
408F000
|
stack
|
page read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
3CA000
|
unkown
|
page execute and read and write
|
||
|
6251000
|
trusted library allocation
|
page read and write
|
||
|
662000
|
unkown
|
page execute and read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
54A000
|
unkown
|
page execute and read and write
|
||
|
671000
|
unkown
|
page execute and write copy
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
There are 151 hidden memdumps, click here to show them.