Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
34EF000
|
stack
|
page read and write
|
||
|
B01000
|
unkown
|
page execute and write copy
|
||
|
AF5000
|
unkown
|
page execute and read and write
|
||
|
315C000
|
stack
|
page read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
B8F000
|
unkown
|
page execute and read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
BC0000
|
unkown
|
page execute and read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
B3B000
|
unkown
|
page execute and read and write
|
||
|
B73000
|
unkown
|
page execute and read and write
|
||
|
AD4000
|
unkown
|
page execute and write copy
|
||
|
5191000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
16D2000
|
heap
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
976000
|
unkown
|
page execute and write copy
|
||
|
5191000
|
heap
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
543F000
|
stack
|
page read and write
|
||
|
5720000
|
heap
|
page execute and read and write
|
||
|
16C3000
|
heap
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
416F000
|
stack
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
B98000
|
unkown
|
page execute and read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
BA2000
|
unkown
|
page execute and read and write
|
||
|
466F000
|
stack
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
52A0000
|
direct allocation
|
page read and write
|
||
|
962000
|
unkown
|
page execute and write copy
|
||
|
3167000
|
heap
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
48EF000
|
stack
|
page read and write
|
||
|
6734000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
B4C000
|
unkown
|
page execute and write copy
|
||
|
5191000
|
heap
|
page read and write
|
||
|
960000
|
unkown
|
page readonly
|
||
|
366E000
|
stack
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
966000
|
unkown
|
page write copy
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
B66000
|
unkown
|
page execute and write copy
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
187F000
|
stack
|
page read and write
|
||
|
BA0000
|
unkown
|
page execute and write copy
|
||
|
544A000
|
trusted library allocation
|
page execute and read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
7BFE000
|
stack
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
7ABF000
|
stack
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
AED000
|
unkown
|
page execute and read and write
|
||
|
B81000
|
unkown
|
page execute and write copy
|
||
|
406E000
|
stack
|
page read and write
|
||
|
5140000
|
direct allocation
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
AD2000
|
unkown
|
page execute and read and write
|
||
|
C12000
|
unkown
|
page execute and write copy
|
||
|
5191000
|
heap
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
52A0000
|
direct allocation
|
page read and write
|
||
|
962000
|
unkown
|
page execute and read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
BBD000
|
unkown
|
page execute and write copy
|
||
|
492E000
|
stack
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
4B6F000
|
stack
|
page read and write
|
||
|
5440000
|
direct allocation
|
page execute and read and write
|
||
|
AEB000
|
unkown
|
page execute and read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
C12000
|
unkown
|
page execute and read and write
|
||
|
C14000
|
unkown
|
page execute and write copy
|
||
|
452E000
|
stack
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
52E4000
|
trusted library allocation
|
page read and write
|
||
|
B33000
|
unkown
|
page execute and write copy
|
||
|
5500000
|
trusted library allocation
|
page execute and read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
AEC000
|
unkown
|
page execute and write copy
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
AF5000
|
unkown
|
page execute and write copy
|
||
|
BFA000
|
unkown
|
page execute and write copy
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
16CA000
|
heap
|
page read and write
|
||
|
52A0000
|
direct allocation
|
page read and write
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
5190000
|
heap
|
page read and write
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
B71000
|
unkown
|
page execute and write copy
|
||
|
5731000
|
trusted library allocation
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
5457000
|
trusted library allocation
|
page execute and read and write
|
||
|
B6A000
|
unkown
|
page execute and read and write
|
||
|
B65000
|
unkown
|
page execute and read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
C02000
|
unkown
|
page execute and write copy
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
6731000
|
trusted library allocation
|
page read and write
|
||
|
5550000
|
heap
|
page read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
96A000
|
unkown
|
page execute and write copy
|
||
|
51A1000
|
heap
|
page read and write
|
||
|
52ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
C02000
|
unkown
|
page execute and write copy
|
||
|
79B0000
|
heap
|
page execute and read and write
|
||
|
168A000
|
heap
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
966000
|
unkown
|
page write copy
|
||
|
BEF000
|
unkown
|
page execute and read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
BEE000
|
unkown
|
page execute and write copy
|
||
|
5191000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
960000
|
unkown
|
page read and write
|
||
|
B02000
|
unkown
|
page execute and read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
52E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
B5D000
|
unkown
|
page execute and write copy
|
||
|
33AF000
|
stack
|
page read and write
|
||
|
796F000
|
stack
|
page read and write
|
||
|
54FC000
|
stack
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
B3F000
|
unkown
|
page execute and read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
AFD000
|
unkown
|
page execute and write copy
|
||
|
5290000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
533C000
|
stack
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
782D000
|
stack
|
page read and write
|
||
|
5180000
|
direct allocation
|
page read and write
|
||
|
52F4000
|
trusted library allocation
|
page read and write
|
||
|
6755000
|
trusted library allocation
|
page read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
7AFE000
|
stack
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
B83000
|
unkown
|
page execute and read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
786E000
|
stack
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
B96000
|
unkown
|
page execute and write copy
|
||
|
5470000
|
direct allocation
|
page execute and read and write
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
545B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B8A000
|
unkown
|
page execute and write copy
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
1525000
|
heap
|
page read and write
|
||
|
B4F000
|
unkown
|
page execute and read and write
|
||
|
C14000
|
unkown
|
page execute and write copy
|
||
|
96A000
|
unkown
|
page execute and read and write
|
||
|
5191000
|
heap
|
page read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
B3C000
|
unkown
|
page execute and write copy
|
||
|
168E000
|
heap
|
page read and write
|
There are 184 hidden memdumps, click here to show them.