Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
53E000
|
unkown
|
page execute and write copy
|
||
|
5CC000
|
unkown
|
page execute and read and write
|
||
|
3C5000
|
unkown
|
page execute and read and write
|
||
|
3B2000
|
unkown
|
page execute and write copy
|
||
|
7140000
|
heap
|
page execute and read and write
|
||
|
E79000
|
heap
|
page read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page execute and read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
28D7000
|
heap
|
page read and write
|
||
|
4A5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
58C000
|
unkown
|
page execute and write copy
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
38DE000
|
stack
|
page read and write
|
||
|
518000
|
unkown
|
page execute and read and write
|
||
|
E6F000
|
heap
|
page read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
405E000
|
stack
|
page read and write
|
||
|
39DF000
|
stack
|
page read and write
|
||
|
5EB1000
|
trusted library allocation
|
page read and write
|
||
|
4A80000
|
trusted library allocation
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
5DD000
|
unkown
|
page execute and read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
4880000
|
direct allocation
|
page read and write
|
||
|
5A7000
|
unkown
|
page execute and read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
4EA0000
|
heap
|
page execute and read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
3C5F000
|
stack
|
page read and write
|
||
|
48B9000
|
heap
|
page read and write
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
63F000
|
unkown
|
page execute and write copy
|
||
|
4A54000
|
trusted library allocation
|
page read and write
|
||
|
4BEF000
|
stack
|
page read and write
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page execute and read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
53E000
|
unkown
|
page execute and read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
6FAD000
|
stack
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
595000
|
unkown
|
page execute and read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
5C9000
|
unkown
|
page execute and read and write
|
||
|
4AA0000
|
trusted library allocation
|
page read and write
|
||
|
401F000
|
stack
|
page read and write
|
||
|
5ED5000
|
trusted library allocation
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
49F0000
|
trusted library allocation
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
5B8000
|
unkown
|
page execute and read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
E3E000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
70AE000
|
stack
|
page read and write
|
||
|
4EB1000
|
trusted library allocation
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
42DE000
|
stack
|
page read and write
|
||
|
3C9E000
|
stack
|
page read and write
|
||
|
E81000
|
heap
|
page read and write
|
||
|
4A87000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
576000
|
unkown
|
page execute and write copy
|
||
|
5CA000
|
unkown
|
page execute and write copy
|
||
|
53F000
|
unkown
|
page execute and write copy
|
||
|
4A3C000
|
stack
|
page read and write
|
||
|
3C6000
|
unkown
|
page execute and write copy
|
||
|
5EB4000
|
trusted library allocation
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
3B1F000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
656000
|
unkown
|
page execute and write copy
|
||
|
51A000
|
unkown
|
page execute and write copy
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
5AF000
|
unkown
|
page execute and write copy
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
592000
|
unkown
|
page execute and write copy
|
||
|
48B3000
|
heap
|
page read and write
|
||
|
734E000
|
stack
|
page read and write
|
||
|
4AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
5A5000
|
unkown
|
page execute and write copy
|
||
|
379E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
631000
|
unkown
|
page execute and write copy
|
||
|
301E000
|
stack
|
page read and write
|
||
|
43DF000
|
stack
|
page read and write
|
||
|
580000
|
unkown
|
page execute and read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
102F000
|
stack
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
70EE000
|
stack
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page read and write
|
||
|
E71000
|
heap
|
page read and write
|
||
|
48C1000
|
heap
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
5E5000
|
unkown
|
page execute and read and write
|
||
|
E8E000
|
heap
|
page read and write
|
||
|
724F000
|
stack
|
page read and write
|
||
|
654000
|
unkown
|
page execute and read and write
|
||
|
3EDF000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
654000
|
unkown
|
page execute and write copy
|
||
|
5D7000
|
unkown
|
page execute and write copy
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
4A64000
|
trusted library allocation
|
page read and write
|
||
|
3B6000
|
unkown
|
page write copy
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
451F000
|
stack
|
page read and write
|
||
|
3C4000
|
unkown
|
page execute and write copy
|
||
|
339F000
|
stack
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
4A7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
419E000
|
stack
|
page read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
3DDE000
|
stack
|
page read and write
|
||
|
4E4C000
|
stack
|
page read and write
|
||
|
73C000
|
stack
|
page read and write
|
||
|
4A8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
429F000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
DDC000
|
stack
|
page read and write
|
||
|
3B6000
|
unkown
|
page write copy
|
||
|
3B0000
|
unkown
|
page read and write
|
||
|
55A000
|
unkown
|
page execute and read and write
|
||
|
63E000
|
unkown
|
page execute and read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
553000
|
unkown
|
page execute and write copy
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
4A53000
|
trusted library allocation
|
page execute and read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
656000
|
unkown
|
page execute and write copy
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
3BA000
|
unkown
|
page execute and read and write
|
||
|
63D000
|
unkown
|
page execute and write copy
|
||
|
415F000
|
stack
|
page read and write
|
||
|
591000
|
unkown
|
page execute and read and write
|
||
|
4A00000
|
direct allocation
|
page read and write
|
||
|
4E0F000
|
stack
|
page read and write
|
||
|
3D9F000
|
stack
|
page read and write
|
||
|
645000
|
unkown
|
page execute and write copy
|
||
|
C54000
|
heap
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
E3A000
|
heap
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
3B2000
|
unkown
|
page execute and read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
3B0000
|
unkown
|
page readonly
|
||
|
48A0000
|
direct allocation
|
page read and write
|
||
|
3BA000
|
unkown
|
page execute and write copy
|
||
|
645000
|
unkown
|
page execute and write copy
|
||
|
4A50000
|
direct allocation
|
page execute and read and write
|
||
|
533000
|
unkown
|
page execute and read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
5C7000
|
unkown
|
page execute and write copy
|
||
|
5E3000
|
unkown
|
page execute and write copy
|
There are 192 hidden memdumps, click here to show them.