Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A5F000
|
stack
|
page read and write
|
||
|
4DBF000
|
stack
|
page read and write
|
||
|
7B8E000
|
stack
|
page read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
164E000
|
heap
|
page read and write
|
||
|
584F000
|
stack
|
page read and write
|
||
|
5573000
|
trusted library allocation
|
page execute and read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
68F1000
|
trusted library allocation
|
page read and write
|
||
|
11BC000
|
unkown
|
page execute and write copy
|
||
|
EFE000
|
unkown
|
page execute and read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
11BC000
|
unkown
|
page execute and read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
166D000
|
heap
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
1015000
|
unkown
|
page execute and write copy
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
7E2F000
|
stack
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
D62000
|
unkown
|
page execute and read and write
|
||
|
4CBE000
|
stack
|
page read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
1559000
|
stack
|
page read and write
|
||
|
557D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BCE000
|
stack
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
555C000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
4B3F000
|
stack
|
page read and write
|
||
|
161A000
|
heap
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
3FFF000
|
stack
|
page read and write
|
||
|
559A000
|
trusted library allocation
|
page execute and read and write
|
||
|
588C000
|
stack
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
55AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
55A0000
|
direct allocation
|
page execute and read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
D66000
|
unkown
|
page write copy
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
D6A000
|
unkown
|
page execute and read and write
|
||
|
15E0000
|
heap
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
7CEE000
|
stack
|
page read and write
|
||
|
33BB000
|
stack
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
58F1000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
direct allocation
|
page read and write
|
||
|
53D1000
|
heap
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
1014000
|
unkown
|
page execute and write copy
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
6915000
|
trusted library allocation
|
page read and write
|
||
|
1004000
|
unkown
|
page execute and read and write
|
||
|
5584000
|
trusted library allocation
|
page read and write
|
||
|
5574000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
4EFF000
|
stack
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
403E000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
54D0000
|
trusted library allocation
|
page read and write
|
||
|
1659000
|
heap
|
page read and write
|
||
|
7D2E000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
53A0000
|
direct allocation
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
D62000
|
unkown
|
page execute and write copy
|
||
|
477E000
|
stack
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
5520000
|
direct allocation
|
page read and write
|
||
|
11BE000
|
unkown
|
page execute and write copy
|
||
|
1650000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
58E0000
|
heap
|
page execute and read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
5570000
|
direct allocation
|
page execute and read and write
|
||
|
7A8D000
|
stack
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
11BE000
|
unkown
|
page execute and write copy
|
||
|
D66000
|
unkown
|
page write copy
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
427F000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
55A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
195E000
|
stack
|
page read and write
|
||
|
1661000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
145C000
|
stack
|
page read and write
|
||
|
68F4000
|
trusted library allocation
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
191F000
|
stack
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
4C7F000
|
stack
|
page read and write
|
||
|
560E000
|
stack
|
page read and write
|
||
|
181E000
|
stack
|
page read and write
|
||
|
5520000
|
direct allocation
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
161E000
|
heap
|
page read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
7BE0000
|
heap
|
page execute and read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
D60000
|
unkown
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
3277000
|
heap
|
page read and write
|
||
|
15D4000
|
heap
|
page read and write
|
||
|
53C0000
|
direct allocation
|
page read and write
|
||
|
1014000
|
unkown
|
page execute and read and write
|
There are 157 hidden memdumps, click here to show them.