Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
70EE000
|
stack
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
4947000
|
trusted library allocation
|
page execute and read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
3B4E000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
46000
|
unkown
|
page write copy
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
5E71000
|
trusted library allocation
|
page read and write
|
||
|
400F000
|
stack
|
page read and write
|
||
|
328E000
|
stack
|
page read and write
|
||
|
260E000
|
stack
|
page read and write
|
||
|
49E000
|
unkown
|
page execute and write copy
|
||
|
4771000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
25CE000
|
stack
|
page read and write
|
||
|
6FAE000
|
stack
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
4740000
|
direct allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
3ECF000
|
stack
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
2F6000
|
unkown
|
page execute and write copy
|
||
|
2F7000
|
unkown
|
page execute and write copy
|
||
|
4781000
|
heap
|
page read and write
|
||
|
BCE000
|
heap
|
page read and write
|
||
|
3C8E000
|
stack
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
5E95000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
49E000
|
unkown
|
page execute and write copy
|
||
|
274C000
|
stack
|
page read and write
|
||
|
493A000
|
trusted library allocation
|
page execute and read and write
|
||
|
46000
|
unkown
|
page write copy
|
||
|
BBF000
|
stack
|
page read and write
|
||
|
4940000
|
direct allocation
|
page execute and read and write
|
||
|
310F000
|
stack
|
page read and write
|
||
|
4A000
|
unkown
|
page execute and read and write
|
||
|
48C0000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
4010000
|
heap
|
page read and write
|
||
|
4914000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
338F000
|
stack
|
page read and write
|
||
|
2ECE000
|
stack
|
page read and write
|
||
|
364E000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
324F000
|
stack
|
page read and write
|
||
|
284F000
|
stack
|
page read and write
|
||
|
71EE000
|
stack
|
page read and write
|
||
|
3B0F000
|
stack
|
page read and write
|
||
|
298F000
|
stack
|
page read and write
|
||
|
3A0E000
|
stack
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
42000
|
unkown
|
page execute and write copy
|
||
|
378E000
|
stack
|
page read and write
|
||
|
419E000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
4E71000
|
trusted library allocation
|
page read and write
|
||
|
494B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
C51000
|
heap
|
page read and write
|
||
|
4910000
|
direct allocation
|
page execute and read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
24AD000
|
stack
|
page read and write
|
||
|
43DF000
|
stack
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
4924000
|
trusted library allocation
|
page read and write
|
||
|
C53000
|
heap
|
page read and write
|
||
|
42DE000
|
stack
|
page read and write
|
||
|
360F000
|
stack
|
page read and write
|
||
|
42000
|
unkown
|
page execute and read and write
|
||
|
49C000
|
unkown
|
page execute and read and write
|
||
|
1DC000
|
unkown
|
page execute and read and write
|
||
|
4DCD000
|
stack
|
page read and write
|
||
|
38CE000
|
stack
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
48C0000
|
direct allocation
|
page read and write
|
||
|
415F000
|
stack
|
page read and write
|
||
|
2F6000
|
unkown
|
page execute and read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
48FB000
|
stack
|
page read and write
|
||
|
3D8F000
|
stack
|
page read and write
|
||
|
40000
|
unkown
|
page read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
48B0000
|
trusted library allocation
|
page read and write
|
||
|
405E000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
4DD0000
|
trusted library allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
3C4F000
|
stack
|
page read and write
|
||
|
48C0000
|
direct allocation
|
page read and write
|
||
|
2E9000
|
unkown
|
page execute and read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
429F000
|
stack
|
page read and write
|
||
|
24C7000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page execute and read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
4930000
|
trusted library allocation
|
page read and write
|
||
|
3DCE000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
350E000
|
stack
|
page read and write
|
||
|
C1D000
|
heap
|
page read and write
|
||
|
3F0E000
|
stack
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
491D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
4771000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
374F000
|
stack
|
page read and write
|
||
|
39CF000
|
stack
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
5E74000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4770000
|
heap
|
page read and write
|
||
|
4870000
|
heap
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
388F000
|
stack
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
4BCF000
|
stack
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
4913000
|
trusted library allocation
|
page execute and read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
5FC000
|
stack
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
4DF0000
|
heap
|
page execute and read and write
|
||
|
34CF000
|
stack
|
page read and write
|
There are 159 hidden memdumps, click here to show them.