Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
431E000
|
stack
|
page read and write
|
||
|
7A2000
|
unkown
|
page execute and read and write
|
||
|
78AF000
|
stack
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5050000
|
heap
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
A4C000
|
unkown
|
page execute and write copy
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
772D000
|
stack
|
page read and write
|
||
|
5160000
|
direct allocation
|
page read and write
|
||
|
5337000
|
trusted library allocation
|
page execute and read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
419F000
|
stack
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
5150000
|
trusted library allocation
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
7A6000
|
unkown
|
page write copy
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
direct allocation
|
page execute and read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
77A0000
|
heap
|
page execute and read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
776E000
|
stack
|
page read and write
|
||
|
51C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
79EE000
|
stack
|
page read and write
|
||
|
51C4000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
391E000
|
stack
|
page read and write
|
||
|
5580000
|
heap
|
page execute and read and write
|
||
|
A4C000
|
unkown
|
page execute and read and write
|
||
|
3017000
|
heap
|
page read and write
|
||
|
5160000
|
direct allocation
|
page read and write
|
||
|
12CC000
|
heap
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
554E000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page read and write
|
||
|
53DC000
|
stack
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5500000
|
trusted library allocation
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
65B5000
|
trusted library allocation
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
160E000
|
stack
|
page read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
7A2000
|
unkown
|
page execute and write copy
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
12E3000
|
heap
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
7AA000
|
unkown
|
page execute and read and write
|
||
|
7AEE000
|
stack
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
934000
|
unkown
|
page execute and read and write
|
||
|
6594000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
FD9000
|
stack
|
page read and write
|
||
|
6591000
|
trusted library allocation
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
51CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
1291000
|
heap
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5160000
|
direct allocation
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
5314000
|
trusted library allocation
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
1299000
|
heap
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
125E000
|
heap
|
page read and write
|
||
|
533B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
125A000
|
heap
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
A4D000
|
unkown
|
page execute and write copy
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
305C000
|
stack
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
BF0000
|
unkown
|
page execute and read and write
|
||
|
5170000
|
direct allocation
|
page execute and read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
EDC000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
5051000
|
heap
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5591000
|
trusted library allocation
|
page read and write
|
||
|
7A6000
|
unkown
|
page write copy
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
532A000
|
trusted library allocation
|
page execute and read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
5020000
|
direct allocation
|
page read and write
|
||
|
5040000
|
direct allocation
|
page read and write
|
||
|
13F4000
|
heap
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
A3D000
|
unkown
|
page execute and read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
7A0000
|
unkown
|
page readonly
|
||
|
128F000
|
heap
|
page read and write
|
There are 156 hidden memdumps, click here to show them.