Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1534000
|
heap
|
page read and write
|
||
|
497F000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
5340000
|
direct allocation
|
page read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
54A0000
|
direct allocation
|
page execute and read and write
|
||
|
3E7E000
|
stack
|
page read and write
|
||
|
191F000
|
stack
|
page read and write
|
||
|
55B0000
|
heap
|
page execute and read and write
|
||
|
127C000
|
stack
|
page read and write
|
||
|
447F000
|
stack
|
page read and write
|
||
|
54A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A50000
|
heap
|
page execute and read and write
|
||
|
54AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BFE000
|
stack
|
page read and write
|
||
|
8CA000
|
unkown
|
page execute and read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
67A1000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
423E000
|
stack
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C3E000
|
stack
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
54D0000
|
direct allocation
|
page execute and read and write
|
||
|
1761000
|
heap
|
page read and write
|
||
|
79DF000
|
stack
|
page read and write
|
||
|
B6C000
|
unkown
|
page execute and read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
4D3F000
|
stack
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
A52000
|
unkown
|
page execute and read and write
|
||
|
8C2000
|
unkown
|
page execute and read and write
|
||
|
31F7000
|
heap
|
page read and write
|
||
|
3CFF000
|
stack
|
page read and write
|
||
|
17AE000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
8C6000
|
unkown
|
page write copy
|
||
|
1534000
|
heap
|
page read and write
|
||
|
54A4000
|
trusted library allocation
|
page read and write
|
||
|
3ABE000
|
stack
|
page read and write
|
||
|
167E000
|
stack
|
page read and write
|
||
|
1771000
|
heap
|
page read and write
|
||
|
393F000
|
stack
|
page read and write
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
171C000
|
stack
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
54DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
4BFF000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
3F7F000
|
stack
|
page read and write
|
||
|
7A1E000
|
stack
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
54D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
1769000
|
heap
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
44BE000
|
stack
|
page read and write
|
||
|
483F000
|
stack
|
page read and write
|
||
|
8C2000
|
unkown
|
page execute and write copy
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
36BF000
|
stack
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
7B5E000
|
stack
|
page read and write
|
||
|
8C0000
|
unkown
|
page read and write
|
||
|
433F000
|
stack
|
page read and write
|
||
|
177D000
|
heap
|
page read and write
|
||
|
172E000
|
heap
|
page read and write
|
||
|
7C9E000
|
stack
|
page read and write
|
||
|
5340000
|
direct allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
57A1000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
D10000
|
unkown
|
page execute and write copy
|
||
|
4ABF000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
D10000
|
unkown
|
page execute and write copy
|
||
|
37FF000
|
stack
|
page read and write
|
||
|
41FF000
|
stack
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
54CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
8C6000
|
unkown
|
page write copy
|
||
|
579E000
|
stack
|
page read and write
|
||
|
5390000
|
heap
|
page read and write
|
||
|
1379000
|
stack
|
page read and write
|
||
|
B5D000
|
unkown
|
page execute and read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
557C000
|
stack
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
B6D000
|
unkown
|
page execute and write copy
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
67C5000
|
trusted library allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
549E000
|
stack
|
page read and write
|
||
|
54B4000
|
trusted library allocation
|
page read and write
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
40BF000
|
stack
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
direct allocation
|
page read and write
|
||
|
172A000
|
heap
|
page read and write
|
||
|
537C000
|
stack
|
page read and write
|
||
|
51C0000
|
direct allocation
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
67A4000
|
trusted library allocation
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
B4F000
|
unkown
|
page execute and read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
B6C000
|
unkown
|
page execute and write copy
|
||
|
D0E000
|
unkown
|
page execute and read and write
|
||
|
D0E000
|
unkown
|
page execute and write copy
|
||
|
473E000
|
stack
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
3FBE000
|
stack
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
789D000
|
stack
|
page read and write
|
||
|
5340000
|
direct allocation
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
4E7F000
|
stack
|
page read and write
|
There are 158 hidden memdumps, click here to show them.