Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18822.1315.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
52A0000
|
direct allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FB3000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
102F000
|
unkown
|
page execute and read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
6781000
|
trusted library allocation
|
page read and write
|
||
|
4BBE000
|
stack
|
page read and write
|
||
|
52D1000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52D1000
|
heap
|
page read and write
|
||
|
541D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1048000
|
unkown
|
page execute and read and write
|
||
|
55FE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
196F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
FA0000
|
unkown
|
page execute and read and write
|
||
|
104D000
|
unkown
|
page execute and write copy
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
E26000
|
unkown
|
page write copy
|
||
|
6784000
|
trusted library allocation
|
page read and write
|
||
|
1055000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10AB000
|
unkown
|
page execute and write copy
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
178D000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FB8000
|
unkown
|
page execute and read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
1049000
|
unkown
|
page execute and write copy
|
||
|
E22000
|
unkown
|
page execute and write copy
|
||
|
F90000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
FC7000
|
unkown
|
page execute and read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
7ABE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
791D000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
559B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
466F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
7BBE000
|
stack
|
page read and write
|
||
|
FA3000
|
unkown
|
page execute and write copy
|
||
|
1615000
|
heap
|
page read and write
|
||
|
186E000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
546C000
|
stack
|
page read and write
|
||
|
E2A000
|
unkown
|
page execute and read and write
|
||
|
797E000
|
stack
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
14F9000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
1020000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
E2A000
|
unkown
|
page execute and write copy
|
||
|
7930000
|
heap
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
5430000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
FE5000
|
unkown
|
page execute and write copy
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
574C000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10C4000
|
unkown
|
page execute and read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
52D1000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
104C000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
456D000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
558A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1015000
|
unkown
|
page execute and write copy
|
||
|
362F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1039000
|
unkown
|
page execute and read and write
|
||
|
102E000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1771000
|
heap
|
page read and write
|
||
|
5424000
|
trusted library allocation
|
page read and write
|
||
|
FD9000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page execute and read and write
|
||
|
329B000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10C4000
|
unkown
|
page execute and write copy
|
||
|
1615000
|
heap
|
page read and write
|
||
|
FAB000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1045000
|
unkown
|
page execute and write copy
|
||
|
FC0000
|
unkown
|
page execute and write copy
|
||
|
1018000
|
unkown
|
page execute and read and write
|
||
|
10AD000
|
unkown
|
page execute and write copy
|
||
|
160E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1005000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
4CBF000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1065000
|
unkown
|
page execute and write copy
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1778000
|
heap
|
page read and write
|
||
|
55B0000
|
direct allocation
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1002000
|
unkown
|
page execute and read and write
|
||
|
173A000
|
heap
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
E26000
|
unkown
|
page write copy
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
416F000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10C6000
|
unkown
|
page execute and write copy
|
||
|
5430000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
E22000
|
unkown
|
page execute and read and write
|
||
|
176F000
|
heap
|
page read and write
|
||
|
F8E000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
173E000
|
heap
|
page read and write
|
||
|
32E7000
|
heap
|
page read and write
|
||
|
10B6000
|
unkown
|
page execute and write copy
|
||
|
FE8000
|
unkown
|
page execute and read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
E36000
|
unkown
|
page execute and write copy
|
||
|
5430000
|
direct allocation
|
page read and write
|
||
|
7BFE000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
67A5000
|
trusted library allocation
|
page read and write
|
||
|
10AC000
|
unkown
|
page execute and read and write
|
||
|
5600000
|
heap
|
page execute and read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
115C000
|
stack
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
53D0000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FF2000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
7CFE000
|
stack
|
page read and write
|
||
|
452F000
|
stack
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10B6000
|
unkown
|
page execute and write copy
|
||
|
5413000
|
trusted library allocation
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FFF000
|
unkown
|
page execute and write copy
|
||
|
7A7E000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
FE9000
|
unkown
|
page execute and write copy
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FD8000
|
unkown
|
page execute and write copy
|
||
|
1066000
|
unkown
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
FA4000
|
unkown
|
page execute and read and write
|
||
|
5781000
|
trusted library allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
47FE000
|
stack
|
page read and write
|
||
|
5580000
|
direct allocation
|
page execute and read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
10C6000
|
unkown
|
page execute and write copy
|
||
|
1614000
|
heap
|
page read and write
|
||
|
FAB000
|
unkown
|
page execute and write copy
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1019000
|
unkown
|
page execute and write copy
|
||
|
4DFF000
|
stack
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
1004000
|
unkown
|
page execute and write copy
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
5414000
|
trusted library allocation
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
1614000
|
heap
|
page read and write
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
1036000
|
unkown
|
page execute and write copy
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
52C0000
|
direct allocation
|
page read and write
|
||
|
5597000
|
trusted library allocation
|
page execute and read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
There are 286 hidden memdumps, click here to show them.