Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4B81000
|
heap
|
page read and write
|
||
|
16000
|
unkown
|
page write copy
|
||
|
7250000
|
heap
|
page execute and read and write
|
||
|
4D0B000
|
stack
|
page read and write
|
||
|
466000
|
unkown
|
page execute and write copy
|
||
|
3E0F000
|
stack
|
page read and write
|
||
|
390F000
|
stack
|
page read and write
|
||
|
394E000
|
stack
|
page read and write
|
||
|
2B47000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
4F0C000
|
stack
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page execute and read and write
|
||
|
722E000
|
stack
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
12000
|
unkown
|
page execute and write copy
|
||
|
E64000
|
heap
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
2BE000
|
unkown
|
page execute and write copy
|
||
|
470E000
|
stack
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
735E000
|
stack
|
page read and write
|
||
|
3D0E000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
12000
|
unkown
|
page execute and read and write
|
||
|
444F000
|
stack
|
page read and write
|
||
|
45CE000
|
stack
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
37CF000
|
stack
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
4E67000
|
trusted library allocation
|
page execute and read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
739E000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
4CD0000
|
direct allocation
|
page read and write
|
||
|
749F000
|
stack
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
3A4F000
|
stack
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
4CD0000
|
direct allocation
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
4F10000
|
heap
|
page execute and read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
75DF000
|
stack
|
page read and write
|
||
|
466000
|
unkown
|
page execute and write copy
|
||
|
41CF000
|
stack
|
page read and write
|
||
|
4E60000
|
trusted library allocation
|
page read and write
|
||
|
380E000
|
stack
|
page read and write
|
||
|
10DF000
|
stack
|
page read and write
|
||
|
197000
|
unkown
|
page execute and read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
46CF000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
74DE000
|
stack
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
5051000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
464000
|
unkown
|
page execute and read and write
|
||
|
2B8B000
|
stack
|
page read and write
|
||
|
6075000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
448E000
|
stack
|
page read and write
|
||
|
3BCE000
|
stack
|
page read and write
|
||
|
4D23000
|
trusted library allocation
|
page execute and read and write
|
||
|
40CE000
|
stack
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
458F000
|
stack
|
page read and write
|
||
|
32CF000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
3E4E000
|
stack
|
page read and write
|
||
|
2BF000
|
unkown
|
page execute and write copy
|
||
|
480F000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
2F0F000
|
stack
|
page read and write
|
||
|
4D34000
|
trusted library allocation
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
6054000
|
trusted library allocation
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
EFC000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
4E4F000
|
stack
|
page read and write
|
||
|
16000
|
unkown
|
page write copy
|
||
|
4E5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A000
|
unkown
|
page execute and read and write
|
||
|
3F4F000
|
stack
|
page read and write
|
||
|
EE7000
|
heap
|
page read and write
|
||
|
3CCF000
|
stack
|
page read and write
|
||
|
4D24000
|
trusted library allocation
|
page read and write
|
||
|
408F000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
6051000
|
trusted library allocation
|
page read and write
|
||
|
2AE000
|
unkown
|
page execute and read and write
|
||
|
4D20000
|
direct allocation
|
page execute and read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
D39000
|
stack
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
71ED000
|
stack
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
4D2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
4CD0000
|
direct allocation
|
page read and write
|
||
|
71F0000
|
trusted library allocation
|
page read and write
|
||
|
EAA000
|
heap
|
page read and write
|
||
|
4B98000
|
heap
|
page read and write
|
||
|
4E6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
4B50000
|
direct allocation
|
page read and write
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
10000
|
unkown
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
direct allocation
|
page execute and read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
EED000
|
heap
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
2BE000
|
unkown
|
page execute and read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
318F000
|
stack
|
page read and write
|
||
|
420E000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page read and write
|
||
|
368F000
|
stack
|
page read and write
|
||
|
5040000
|
heap
|
page read and write
|
There are 157 hidden memdumps, click here to show them.