Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
574000
|
heap
|
page read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
E66000
|
unkown
|
page execute and write copy
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
3ABE000
|
stack
|
page read and write
|
||
|
E67000
|
unkown
|
page execute and write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
4AE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
37FF000
|
stack
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
49AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3FBE000
|
stack
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
47D0000
|
direct allocation
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
4DC1000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
3CFF000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
6EBD000
|
stack
|
page read and write
|
||
|
3BFE000
|
stack
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
433F000
|
stack
|
page read and write
|
||
|
A2F000
|
stack
|
page read and write
|
||
|
6FBE000
|
stack
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
4D3C000
|
stack
|
page read and write
|
||
|
BB6000
|
unkown
|
page write copy
|
||
|
574000
|
heap
|
page read and write
|
||
|
727E000
|
stack
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
4DB0000
|
heap
|
page execute and read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
447F000
|
stack
|
page read and write
|
||
|
4B00000
|
trusted library allocation
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
BB0000
|
unkown
|
page readonly
|
||
|
574000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
BB2000
|
unkown
|
page execute and write copy
|
||
|
423E000
|
stack
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
3F7F000
|
stack
|
page read and write
|
||
|
5DC4000
|
trusted library allocation
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
1010000
|
unkown
|
page execute and read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
703E000
|
stack
|
page read and write
|
||
|
49A4000
|
trusted library allocation
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
4810000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
5DC1000
|
trusted library allocation
|
page read and write
|
||
|
7070000
|
heap
|
page execute and read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
36BF000
|
stack
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
4ADA000
|
trusted library allocation
|
page execute and read and write
|
||
|
BBA000
|
unkown
|
page execute and read and write
|
||
|
49A0000
|
direct allocation
|
page execute and read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
BB6000
|
unkown
|
page write copy
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
E66000
|
unkown
|
page execute and read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
4950000
|
direct allocation
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
4AEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
4900000
|
trusted library allocation
|
page read and write
|
||
|
5DE5000
|
trusted library allocation
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
539000
|
stack
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
29BF000
|
stack
|
page read and write
|
||
|
E56000
|
unkown
|
page execute and read and write
|
||
|
D44000
|
unkown
|
page execute and read and write
|
||
|
77D000
|
heap
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
4D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
41FF000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
4C4E000
|
stack
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
4950000
|
direct allocation
|
page read and write
|
||
|
4AE0000
|
direct allocation
|
page execute and read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
40BF000
|
stack
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
4950000
|
direct allocation
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
49A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
498C000
|
stack
|
page read and write
|
||
|
574000
|
heap
|
page read and write
|
||
|
BB2000
|
unkown
|
page execute and read and write
|
||
|
47F0000
|
direct allocation
|
page read and write
|
||
|
4801000
|
heap
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
393F000
|
stack
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
1010000
|
unkown
|
page execute and write copy
|
||
|
49B4000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
unkown
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
3E7E000
|
stack
|
page read and write
|
There are 156 hidden memdumps, click here to show them.