Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
542000
|
heap
|
page read and write
|
||
|
6D20000
|
heap
|
page execute and read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
3D4E000
|
stack
|
page read and write
|
||
|
398E000
|
stack
|
page read and write
|
||
|
F2A000
|
unkown
|
page execute and read and write
|
||
|
D26000
|
unkown
|
page write copy
|
||
|
F58000
|
unkown
|
page execute and read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
F26000
|
unkown
|
page execute and write copy
|
||
|
EC1000
|
unkown
|
page execute and write copy
|
||
|
334E000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
46ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4767000
|
trusted library allocation
|
page execute and read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
FB7000
|
unkown
|
page execute and write copy
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
46F4000
|
trusted library allocation
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
46F0000
|
trusted library allocation
|
page read and write
|
||
|
ED5000
|
unkown
|
page execute and write copy
|
||
|
F70000
|
unkown
|
page execute and write copy
|
||
|
2E0F000
|
stack
|
page read and write
|
||
|
D35000
|
unkown
|
page execute and read and write
|
||
|
4750000
|
trusted library allocation
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
4B0F000
|
stack
|
page read and write
|
||
|
FC1000
|
unkown
|
page execute and write copy
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
FB9000
|
unkown
|
page execute and write copy
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
F72000
|
unkown
|
page execute and read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
D2A000
|
unkown
|
page execute and write copy
|
||
|
50E000
|
heap
|
page read and write
|
||
|
F0E000
|
unkown
|
page execute and read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
5B11000
|
trusted library allocation
|
page read and write
|
||
|
D2A000
|
unkown
|
page execute and read and write
|
||
|
F25000
|
unkown
|
page execute and read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
2447000
|
heap
|
page read and write
|
||
|
46E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB8000
|
unkown
|
page execute and write copy
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
D22000
|
unkown
|
page execute and write copy
|
||
|
2440000
|
heap
|
page read and write
|
||
|
47A0000
|
trusted library allocation
|
page read and write
|
||
|
3E4F000
|
stack
|
page read and write
|
||
|
3E8E000
|
stack
|
page read and write
|
||
|
EFC000
|
unkown
|
page execute and read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
E97000
|
unkown
|
page execute and write copy
|
||
|
F38000
|
unkown
|
page execute and write copy
|
||
|
D20000
|
unkown
|
page read and write
|
||
|
473C000
|
stack
|
page read and write
|
||
|
3F8F000
|
stack
|
page read and write
|
||
|
45B0000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
3ACE000
|
stack
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
6B4C000
|
stack
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
FC1000
|
unkown
|
page execute and write copy
|
||
|
242E000
|
stack
|
page read and write
|
||
|
46B0000
|
trusted library allocation
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
EB8000
|
unkown
|
page execute and read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
3C0E000
|
stack
|
page read and write
|
||
|
EAE000
|
unkown
|
page execute and read and write
|
||
|
E95000
|
unkown
|
page execute and read and write
|
||
|
5B14000
|
trusted library allocation
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
F4F000
|
unkown
|
page execute and read and write
|
||
|
4A00000
|
heap
|
page execute and read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
F46000
|
unkown
|
page execute and write copy
|
||
|
6E2E000
|
stack
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
4790000
|
trusted library allocation
|
page execute and read and write
|
||
|
4760000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
unkown
|
page execute and write copy
|
||
|
3BCF000
|
stack
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page execute and read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
3FCE000
|
stack
|
page read and write
|
||
|
D20000
|
unkown
|
page readonly
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
4B11000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
unkown
|
page execute and write copy
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
15C000
|
stack
|
page read and write
|
||
|
F3A000
|
unkown
|
page execute and read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
370E000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
D22000
|
unkown
|
page execute and read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
F56000
|
unkown
|
page execute and write copy
|
||
|
358F000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
46E4000
|
trusted library allocation
|
page read and write
|
||
|
EDB000
|
unkown
|
page execute and read and write
|
||
|
3D0F000
|
stack
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and read and write
|
||
|
ED6000
|
unkown
|
page execute and read and write
|
||
|
380F000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
EC5000
|
unkown
|
page execute and read and write
|
||
|
254F000
|
stack
|
page read and write
|
||
|
F59000
|
unkown
|
page execute and write copy
|
||
|
FD0000
|
unkown
|
page execute and read and write
|
||
|
475A000
|
trusted library allocation
|
page execute and read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
D36000
|
unkown
|
page execute and write copy
|
||
|
26CE000
|
stack
|
page read and write
|
||
|
F49000
|
unkown
|
page execute and write copy
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
EDA000
|
unkown
|
page execute and write copy
|
||
|
420F000
|
stack
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
D26000
|
unkown
|
page write copy
|
||
|
50A000
|
heap
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
5B35000
|
trusted library allocation
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
384E000
|
stack
|
page read and write
|
||
|
4750000
|
direct allocation
|
page execute and read and write
|
||
|
46D0000
|
trusted library allocation
|
page read and write
|
||
|
D34000
|
unkown
|
page execute and write copy
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
4780000
|
direct allocation
|
page execute and read and write
|
||
|
36CF000
|
stack
|
page read and write
|
||
|
96E000
|
stack
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
6F2F000
|
stack
|
page read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
258C000
|
stack
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
FB8000
|
unkown
|
page execute and read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
EEB000
|
unkown
|
page execute and write copy
|
||
|
54D000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
47B0000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
40CF000
|
stack
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
561000
|
heap
|
page read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
268F000
|
stack
|
page read and write
|
||
|
476B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
6D0E000
|
stack
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
F09000
|
unkown
|
page execute and write copy
|
||
|
45A0000
|
direct allocation
|
page read and write
|
There are 183 hidden memdumps, click here to show them.