Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
72EE000
|
stack
|
page read and write
|
||
|
43AF000
|
stack
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
5E75000
|
trusted library allocation
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
416E000
|
stack
|
page read and write
|
||
|
38C000
|
stack
|
page read and write
|
||
|
8A1000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
12CA000
|
unkown
|
page execute and write copy
|
||
|
38AE000
|
stack
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
4C24000
|
trusted library allocation
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
896000
|
heap
|
page read and write
|
||
|
39EE000
|
stack
|
page read and write
|
||
|
4984000
|
heap
|
page read and write
|
||
|
3C6E000
|
stack
|
page read and write
|
||
|
4C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
4C10000
|
direct allocation
|
page execute and read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
35EF000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page execute and read and write
|
||
|
4C3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
111B000
|
unkown
|
page execute and write copy
|
||
|
452E000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
386F000
|
stack
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
426F000
|
stack
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
3EAF000
|
stack
|
page read and write
|
||
|
372F000
|
stack
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
3FEF000
|
stack
|
page read and write
|
||
|
E62000
|
unkown
|
page execute and read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page read and write
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
2A67000
|
heap
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
111A000
|
unkown
|
page execute and read and write
|
||
|
39AF000
|
stack
|
page read and write
|
||
|
4C40000
|
direct allocation
|
page execute and read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
376E000
|
stack
|
page read and write
|
||
|
E60000
|
unkown
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
E62000
|
unkown
|
page execute and write copy
|
||
|
110A000
|
unkown
|
page execute and read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
4C4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E66000
|
unkown
|
page write copy
|
||
|
754000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
44EF000
|
stack
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
72AE000
|
stack
|
page read and write
|
||
|
462F000
|
stack
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
4970000
|
heap
|
page read and write
|
||
|
7160000
|
heap
|
page execute and read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4980000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
6FED000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
E3B000
|
stack
|
page read and write
|
||
|
E66000
|
unkown
|
page write copy
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
4C47000
|
trusted library allocation
|
page execute and read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
882000
|
heap
|
page read and write
|
||
|
322F000
|
stack
|
page read and write
|
||
|
402E000
|
stack
|
page read and write
|
||
|
33AE000
|
stack
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
3EEE000
|
stack
|
page read and write
|
||
|
4C14000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
1000000
|
unkown
|
page execute and read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
5E54000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
754000
|
heap
|
page read and write
|
||
|
4E51000
|
trusted library allocation
|
page read and write
|
||
|
4971000
|
heap
|
page read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
712F000
|
stack
|
page read and write
|
||
|
88D000
|
heap
|
page read and write
|
||
|
3D6E000
|
stack
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
884000
|
heap
|
page read and write
|
||
|
4CFC000
|
stack
|
page read and write
|
||
|
12CA000
|
unkown
|
page execute and read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
6F9000
|
stack
|
page read and write
|
||
|
84A000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
12CC000
|
unkown
|
page execute and write copy
|
||
|
3C2F000
|
stack
|
page read and write
|
||
|
3AEF000
|
stack
|
page read and write
|
||
|
4C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
3B2E000
|
stack
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
E6A000
|
unkown
|
page execute and read and write
|
||
|
362E000
|
stack
|
page read and write
|
||
|
5E51000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
direct allocation
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
4AC0000
|
direct allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
892000
|
heap
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
111A000
|
unkown
|
page execute and write copy
|
||
|
754000
|
heap
|
page read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
71AE000
|
stack
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
4AFB000
|
stack
|
page read and write
|
||
|
12CC000
|
unkown
|
page execute and write copy
|
||
|
412F000
|
stack
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
There are 162 hidden memdumps, click here to show them.