Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
72AE000
|
stack
|
page read and write
|
||
|
CBD000
|
unkown
|
page execute and write copy
|
||
|
5011000
|
trusted library allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
4D5E000
|
stack
|
page read and write
|
||
|
AA0000
|
unkown
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
CCA000
|
unkown
|
page execute and read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
44CE000
|
stack
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
DEC000
|
heap
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
D9A000
|
heap
|
page read and write
|
||
|
C4A000
|
unkown
|
page execute and read and write
|
||
|
460E000
|
stack
|
page read and write
|
||
|
710D000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
AB6000
|
unkown
|
page execute and write copy
|
||
|
726E000
|
stack
|
page read and write
|
||
|
CD4000
|
unkown
|
page execute and read and write
|
||
|
3D4E000
|
stack
|
page read and write
|
||
|
D50000
|
unkown
|
page execute and write copy
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
370E000
|
stack
|
page read and write
|
||
|
C74000
|
unkown
|
page execute and read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
7160000
|
heap
|
page execute and read and write
|
||
|
6014000
|
trusted library allocation
|
page read and write
|
||
|
438E000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
D4E000
|
unkown
|
page execute and read and write
|
||
|
CBA000
|
unkown
|
page execute and write copy
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
424E000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
AA2000
|
unkown
|
page execute and write copy
|
||
|
CBC000
|
unkown
|
page execute and read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
4DA0000
|
trusted library allocation
|
page read and write
|
||
|
C3A000
|
unkown
|
page execute and read and write
|
||
|
115F000
|
stack
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
40CF000
|
stack
|
page read and write
|
||
|
3D0F000
|
stack
|
page read and write
|
||
|
DDE000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
E21000
|
heap
|
page read and write
|
||
|
4BF4000
|
trusted library allocation
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CFE000
|
unkown
|
page execute and write copy
|
||
|
470F000
|
stack
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
CAF000
|
unkown
|
page execute and write copy
|
||
|
4C14000
|
trusted library allocation
|
page read and write
|
||
|
AA6000
|
unkown
|
page write copy
|
||
|
D40000
|
unkown
|
page execute and write copy
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
CC7000
|
unkown
|
page execute and write copy
|
||
|
AA6000
|
unkown
|
page write copy
|
||
|
C60000
|
unkown
|
page execute and write copy
|
||
|
CAE000
|
unkown
|
page execute and read and write
|
||
|
297C000
|
stack
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
4BFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
CAB000
|
unkown
|
page execute and write copy
|
||
|
4D70000
|
direct allocation
|
page execute and read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
4A70000
|
direct allocation
|
page read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
D38000
|
unkown
|
page execute and write copy
|
||
|
4AC0000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
C9D000
|
unkown
|
page execute and read and write
|
||
|
C39000
|
unkown
|
page execute and write copy
|
||
|
448F000
|
stack
|
page read and write
|
||
|
C23000
|
unkown
|
page execute and read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
CDE000
|
unkown
|
page execute and read and write
|
||
|
C2E000
|
unkown
|
page execute and read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
714E000
|
stack
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
420F000
|
stack
|
page read and write
|
||
|
C88000
|
unkown
|
page execute and read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
C37000
|
unkown
|
page execute and read and write
|
||
|
2987000
|
heap
|
page read and write
|
||
|
3BCF000
|
stack
|
page read and write
|
||
|
CFF000
|
unkown
|
page execute and read and write
|
||
|
4D7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
3FCE000
|
stack
|
page read and write
|
||
|
384E000
|
stack
|
page read and write
|
||
|
6011000
|
trusted library allocation
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
4C20000
|
direct allocation
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
4D8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
AAA000
|
unkown
|
page execute and read and write
|
||
|
C2D000
|
unkown
|
page execute and write copy
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page execute and read and write
|
||
|
3C0E000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
3F8F000
|
stack
|
page read and write
|
||
|
C0E000
|
unkown
|
page execute and write copy
|
||
|
AA2000
|
unkown
|
page execute and read and write
|
||
|
4D87000
|
trusted library allocation
|
page execute and read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
CB2000
|
unkown
|
page execute and read and write
|
||
|
4A90000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
CC0000
|
unkown
|
page execute and read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
4DA0000
|
direct allocation
|
page execute and read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
6035000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
unkown
|
page readonly
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
AB5000
|
unkown
|
page execute and read and write
|
||
|
D50000
|
unkown
|
page execute and write copy
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
969000
|
stack
|
page read and write
|
||
|
D4E000
|
unkown
|
page execute and write copy
|
||
|
380F000
|
stack
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
4BF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0C000
|
unkown
|
page execute and read and write
|
||
|
D40000
|
unkown
|
page execute and write copy
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
DD7000
|
heap
|
page read and write
|
||
|
3E8E000
|
stack
|
page read and write
|
||
|
2A8F000
|
stack
|
page read and write
|
||
|
C35000
|
unkown
|
page execute and write copy
|
||
|
C82000
|
unkown
|
page execute and write copy
|
||
|
AB4000
|
unkown
|
page execute and write copy
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
358F000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
CD2000
|
unkown
|
page execute and write copy
|
||
|
C45000
|
unkown
|
page execute and write copy
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
434F000
|
stack
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
D9E000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
3E4E000
|
stack
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
45CF000
|
stack
|
page read and write
|
||
|
4FDC000
|
stack
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
4F9F000
|
stack
|
page read and write
|
||
|
4AC1000
|
heap
|
page read and write
|
||
|
4DEE000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
AAA000
|
unkown
|
page execute and write copy
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
3ACE000
|
stack
|
page read and write
|
||
|
4C5B000
|
stack
|
page read and write
|
||
|
C97000
|
unkown
|
page execute and write copy
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
CD5000
|
unkown
|
page execute and write copy
|
||
|
398E000
|
stack
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
||
|
4AB0000
|
direct allocation
|
page read and write
|
There are 187 hidden memdumps, click here to show them.