Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://go.microsoft.c
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
66A000
|
unkown
|
page execute and read and write
|
||
|
668000
|
unkown
|
page execute and write copy
|
||
|
427F000
|
stack
|
page read and write
|
||
|
67C000
|
unkown
|
page execute and write copy
|
||
|
313E000
|
stack
|
page read and write
|
||
|
70D000
|
unkown
|
page execute and write copy
|
||
|
650000
|
unkown
|
page execute and write copy
|
||
|
E24000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
403E000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
F1A000
|
heap
|
page read and write
|
||
|
6B6000
|
unkown
|
page execute and read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
715000
|
unkown
|
page execute and write copy
|
||
|
699000
|
unkown
|
page execute and read and write
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
4D80000
|
direct allocation
|
page read and write
|
||
|
4D80000
|
direct allocation
|
page read and write
|
||
|
F51000
|
heap
|
page read and write
|
||
|
60E000
|
unkown
|
page execute and read and write
|
||
|
F9C000
|
heap
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
696000
|
unkown
|
page execute and write copy
|
||
|
724000
|
unkown
|
page execute and write copy
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
486000
|
unkown
|
page write copy
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
2C3B000
|
stack
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
724000
|
unkown
|
page execute and read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
6D4000
|
unkown
|
page execute and read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
68C000
|
unkown
|
page execute and write copy
|
||
|
6A5000
|
unkown
|
page execute and write copy
|
||
|
67A000
|
unkown
|
page execute and read and write
|
||
|
107D000
|
stack
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4D80000
|
direct allocation
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
726000
|
unkown
|
page execute and write copy
|
||
|
4E07000
|
trusted library allocation
|
page execute and read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
480000
|
unkown
|
page readonly
|
||
|
1010000
|
heap
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
5F4000
|
unkown
|
page execute and write copy
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
482000
|
unkown
|
page execute and read and write
|
||
|
72CD000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
BB9000
|
stack
|
page read and write
|
||
|
70C000
|
unkown
|
page execute and read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
6D3000
|
unkown
|
page execute and write copy
|
||
|
643000
|
unkown
|
page execute and write copy
|
||
|
F4F000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
48A000
|
unkown
|
page execute and read and write
|
||
|
608000
|
unkown
|
page execute and read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
683000
|
unkown
|
page execute and read and write
|
||
|
61A000
|
unkown
|
page execute and write copy
|
||
|
662000
|
unkown
|
page execute and read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
4DE4000
|
trusted library allocation
|
page read and write
|
||
|
F5A000
|
heap
|
page read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
69C000
|
unkown
|
page execute and read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
5131000
|
trusted library allocation
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
61B000
|
unkown
|
page execute and read and write
|
||
|
661000
|
unkown
|
page execute and write copy
|
||
|
F6E000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
2AB7000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
726000
|
unkown
|
page execute and write copy
|
||
|
603000
|
unkown
|
page execute and read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
68F000
|
unkown
|
page execute and read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
4E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E00000
|
direct allocation
|
page execute and read and write
|
||
|
6C4000
|
unkown
|
page execute and read and write
|
||
|
ABC000
|
stack
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
6AC000
|
unkown
|
page execute and read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
76CE000
|
stack
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
642000
|
unkown
|
page execute and read and write
|
||
|
64F000
|
unkown
|
page execute and read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
607000
|
unkown
|
page execute and write copy
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
4DFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
F62000
|
heap
|
page read and write
|
||
|
656000
|
unkown
|
page execute and read and write
|
||
|
4DBC000
|
stack
|
page read and write
|
||
|
496000
|
unkown
|
page execute and write copy
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
6C3000
|
unkown
|
page execute and write copy
|
||
|
6155000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
5F1000
|
unkown
|
page execute and read and write
|
||
|
6B4000
|
unkown
|
page execute and write copy
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
69A000
|
unkown
|
page execute and write copy
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4DD4000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
730E000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
715000
|
unkown
|
page execute and write copy
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
unkown
|
page execute and write copy
|
||
|
663000
|
unkown
|
page execute and write copy
|
||
|
4D30000
|
heap
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
60E000
|
unkown
|
page execute and write copy
|
||
|
674000
|
unkown
|
page execute and write copy
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
5120000
|
heap
|
page execute and read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
4DDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
480000
|
unkown
|
page read and write
|
||
|
641000
|
unkown
|
page execute and write copy
|
||
|
E24000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
482000
|
unkown
|
page execute and write copy
|
||
|
758F000
|
stack
|
page read and write
|
||
|
6134000
|
trusted library allocation
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
50DC000
|
stack
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
4DE0000
|
trusted library allocation
|
page read and write
|
||
|
4C00000
|
direct allocation
|
page read and write
|
||
|
486000
|
unkown
|
page write copy
|
||
|
667000
|
unkown
|
page execute and read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
7440000
|
heap
|
page execute and read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
6131000
|
trusted library allocation
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
48A000
|
unkown
|
page execute and write copy
|
||
|
E24000
|
heap
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
509E000
|
stack
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
There are 200 hidden memdumps, click here to show them.