Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ax-0001.ax-msedge.net
|
150.171.27.10
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
|
tse1.mm.bing.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
306F000
|
stack
|
page read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
C98000
|
heap
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
5CD4000
|
trusted library allocation
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
556000
|
unkown
|
page execute and write copy
|
||
|
C91000
|
heap
|
page read and write
|
||
|
47D1000
|
heap
|
page read and write
|
||
|
7E3000
|
unkown
|
page execute and write copy
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
2727000
|
heap
|
page read and write
|
||
|
741000
|
unkown
|
page execute and write copy
|
||
|
7A4000
|
unkown
|
page execute and read and write
|
||
|
768000
|
unkown
|
page execute and read and write
|
||
|
762000
|
unkown
|
page execute and write copy
|
||
|
B14000
|
heap
|
page read and write
|
||
|
499A000
|
trusted library allocation
|
page execute and read and write
|
||
|
725000
|
unkown
|
page execute and write copy
|
||
|
436E000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
3AAE000
|
stack
|
page read and write
|
||
|
7FA000
|
unkown
|
page execute and write copy
|
||
|
4AB0000
|
direct allocation
|
page execute and read and write
|
||
|
54A000
|
unkown
|
page execute and read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
4CD1000
|
trusted library allocation
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
5CD1000
|
trusted library allocation
|
page read and write
|
||
|
7F8000
|
unkown
|
page execute and read and write
|
||
|
72A000
|
unkown
|
page execute and read and write
|
||
|
6F20000
|
heap
|
page execute and read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
4973000
|
trusted library allocation
|
page execute and read and write
|
||
|
727000
|
unkown
|
page execute and write copy
|
||
|
B14000
|
heap
|
page read and write
|
||
|
346E000
|
stack
|
page read and write
|
||
|
6CC000
|
unkown
|
page execute and read and write
|
||
|
2B6F000
|
stack
|
page read and write
|
||
|
6EEE000
|
stack
|
page read and write
|
||
|
542000
|
unkown
|
page execute and write copy
|
||
|
7E8000
|
unkown
|
page execute and write copy
|
||
|
54A000
|
unkown
|
page execute and write copy
|
||
|
6EAE000
|
stack
|
page read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
3E2F000
|
stack
|
page read and write
|
||
|
30AE000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
6BB000
|
unkown
|
page execute and read and write
|
||
|
787000
|
unkown
|
page execute and read and write
|
||
|
3BEE000
|
stack
|
page read and write
|
||
|
4920000
|
direct allocation
|
page read and write
|
||
|
332E000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
4B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
497D000
|
trusted library allocation
|
page execute and read and write
|
||
|
48D0000
|
trusted library allocation
|
page read and write
|
||
|
546000
|
unkown
|
page write copy
|
||
|
4970000
|
direct allocation
|
page execute and read and write
|
||
|
4AB0000
|
trusted library allocation
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
777000
|
unkown
|
page execute and read and write
|
||
|
422E000
|
stack
|
page read and write
|
||
|
4984000
|
trusted library allocation
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
36AF000
|
stack
|
page read and write
|
||
|
3E6E000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
2710000
|
direct allocation
|
page read and write
|
||
|
711000
|
unkown
|
page execute and write copy
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
7FA000
|
unkown
|
page execute and write copy
|
||
|
4974000
|
trusted library allocation
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
49A0000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page execute and read and write
|
||
|
6F4000
|
unkown
|
page execute and read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page read and write
|
||
|
47D1000
|
heap
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
4BA0000
|
heap
|
page execute and read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
784000
|
unkown
|
page execute and write copy
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
6F0000
|
unkown
|
page execute and read and write
|
||
|
499000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
392F000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
6E6D000
|
stack
|
page read and write
|
||
|
382E000
|
stack
|
page read and write
|
||
|
3BAF000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
C5E000
|
heap
|
page read and write
|
||
|
6E0000
|
unkown
|
page execute and write copy
|
||
|
7F8000
|
unkown
|
page execute and write copy
|
||
|
396E000
|
stack
|
page read and write
|
||
|
3CEF000
|
stack
|
page read and write
|
||
|
446F000
|
stack
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
554000
|
unkown
|
page execute and write copy
|
||
|
6D7000
|
unkown
|
page execute and write copy
|
||
|
2BAE000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
4920000
|
direct allocation
|
page read and write
|
||
|
7A2000
|
unkown
|
page execute and read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
74C000
|
unkown
|
page execute and write copy
|
||
|
356F000
|
stack
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
40AF000
|
stack
|
page read and write
|
||
|
4B5C000
|
stack
|
page read and write
|
||
|
6BD000
|
unkown
|
page execute and write copy
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
47D1000
|
heap
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
252E000
|
stack
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
47E0000
|
heap
|
page read and write
|
||
|
7A3000
|
unkown
|
page execute and write copy
|
||
|
726E000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
4AD0000
|
trusted library allocation
|
page read and write
|
||
|
77C000
|
unkown
|
page execute and read and write
|
||
|
3FAE000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
432F000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
770000
|
unkown
|
page execute and write copy
|
||
|
3A6F000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
4AB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
555000
|
unkown
|
page execute and read and write
|
||
|
758000
|
unkown
|
page execute and read and write
|
||
|
4920000
|
direct allocation
|
page read and write
|
||
|
765000
|
unkown
|
page execute and read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
546000
|
unkown
|
page write copy
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
48D0000
|
heap
|
page read and write
|
||
|
3F6F000
|
stack
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
6E2000
|
unkown
|
page execute and read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
6EE000
|
unkown
|
page execute and write copy
|
||
|
262E000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
2A6E000
|
stack
|
page read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
752000
|
unkown
|
page execute and read and write
|
||
|
5CF5000
|
trusted library allocation
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and read and write
|
||
|
7E8000
|
unkown
|
page execute and write copy
|
||
|
4ABB000
|
trusted library allocation
|
page execute and read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
39C000
|
stack
|
page read and write
|
||
|
4910000
|
trusted library allocation
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
6D7000
|
unkown
|
page execute and read and write
|
||
|
47D1000
|
heap
|
page read and write
|
||
|
41EF000
|
stack
|
page read and write
|
||
|
292F000
|
stack
|
page read and write
|
||
|
716E000
|
stack
|
page read and write
|
||
|
495B000
|
stack
|
page read and write
|
||
|
6F3000
|
unkown
|
page execute and write copy
|
||
|
702E000
|
stack
|
page read and write
|
||
|
778000
|
unkown
|
page execute and write copy
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
47C0000
|
direct allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
3D2E000
|
stack
|
page read and write
|
||
|
766000
|
unkown
|
page execute and write copy
|
||
|
47D1000
|
heap
|
page read and write
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
753000
|
unkown
|
page execute and write copy
|
||
|
744000
|
unkown
|
page execute and read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
726000
|
unkown
|
page execute and read and write
|
||
|
4AAF000
|
stack
|
page read and write
|
||
|
B0E000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
7A1000
|
unkown
|
page execute and write copy
|
||
|
2F2F000
|
stack
|
page read and write
|
||
|
26AC000
|
stack
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
There are 195 hidden memdumps, click here to show them.