Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A41000
|
unkown
|
page execute and read and write
|
||
|
B01000
|
unkown
|
page execute and read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
8B0000
|
unkown
|
page read and write
|
||
|
5BB5000
|
trusted library allocation
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
373F000
|
stack
|
page read and write
|
||
|
273E000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
7B2000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
A35000
|
unkown
|
page execute and read and write
|
||
|
B44000
|
unkown
|
page execute and write copy
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
AFF000
|
unkown
|
page execute and read and write
|
||
|
A9D000
|
unkown
|
page execute and write copy
|
||
|
A89000
|
unkown
|
page execute and read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
427F000
|
stack
|
page read and write
|
||
|
A51000
|
unkown
|
page execute and read and write
|
||
|
A4A000
|
unkown
|
page execute and write copy
|
||
|
AAC000
|
unkown
|
page execute and write copy
|
||
|
584000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
8B2000
|
unkown
|
page execute and read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
A87000
|
unkown
|
page execute and write copy
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
AC7000
|
unkown
|
page execute and read and write
|
||
|
4980000
|
trusted library allocation
|
page execute and read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
717000
|
heap
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
A40000
|
unkown
|
page execute and write copy
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page execute and read and write
|
||
|
475A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A9E000
|
unkown
|
page execute and read and write
|
||
|
4B60000
|
heap
|
page execute and read and write
|
||
|
AA0000
|
unkown
|
page execute and write copy
|
||
|
16C000
|
stack
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
A13000
|
unkown
|
page execute and write copy
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
8B2000
|
unkown
|
page execute and write copy
|
||
|
46FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
5B91000
|
trusted library allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
88B000
|
stack
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
AB3000
|
unkown
|
page execute and read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
46C0000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page execute and read and write
|
||
|
A65000
|
unkown
|
page execute and write copy
|
||
|
283F000
|
stack
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
6C8D000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
403E000
|
stack
|
page read and write
|
||
|
AE5000
|
unkown
|
page execute and read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
B56000
|
unkown
|
page execute and write copy
|
||
|
69E000
|
stack
|
page read and write
|
||
|
B56000
|
unkown
|
page execute and write copy
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
487B000
|
trusted library allocation
|
page execute and read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
ADB000
|
unkown
|
page execute and read and write
|
||
|
4877000
|
trusted library allocation
|
page execute and read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
4AF0000
|
trusted library allocation
|
page read and write
|
||
|
4B91000
|
trusted library allocation
|
page read and write
|
||
|
4870000
|
trusted library allocation
|
page read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
A68000
|
unkown
|
page execute and write copy
|
||
|
46E0000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
2AFE000
|
stack
|
page read and write
|
||
|
A66000
|
unkown
|
page execute and read and write
|
||
|
8C6000
|
unkown
|
page execute and write copy
|
||
|
6D8E000
|
stack
|
page read and write
|
||
|
A8B000
|
unkown
|
page execute and write copy
|
||
|
297F000
|
stack
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
4750000
|
trusted library allocation
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
A34000
|
unkown
|
page execute and write copy
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
B54000
|
unkown
|
page execute and write copy
|
||
|
8BA000
|
unkown
|
page execute and read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
A6D000
|
unkown
|
page execute and read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
4890000
|
trusted library allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
25FF000
|
stack
|
page read and write
|
||
|
473B000
|
stack
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
700E000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
A7A000
|
unkown
|
page execute and read and write
|
||
|
4760000
|
heap
|
page read and write
|
||
|
B44000
|
unkown
|
page execute and write copy
|
||
|
794000
|
heap
|
page read and write
|
||
|
46F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
4740000
|
trusted library allocation
|
page read and write
|
||
|
B54000
|
unkown
|
page execute and read and write
|
||
|
A8D000
|
unkown
|
page execute and read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
4AE0000
|
trusted library allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
8B6000
|
unkown
|
page write copy
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page execute and write copy
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
A2A000
|
unkown
|
page execute and read and write
|
||
|
29BE000
|
stack
|
page read and write
|
||
|
AE3000
|
unkown
|
page execute and write copy
|
||
|
710000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
A6F000
|
unkown
|
page execute and write copy
|
||
|
AFD000
|
unkown
|
page execute and write copy
|
||
|
4870000
|
direct allocation
|
page execute and read and write
|
||
|
AC9000
|
unkown
|
page execute and write copy
|
||
|
B3D000
|
unkown
|
page execute and write copy
|
||
|
54D000
|
stack
|
page read and write
|
||
|
AC6000
|
unkown
|
page execute and write copy
|
||
|
8BA000
|
unkown
|
page execute and write copy
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
700000
|
direct allocation
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
4744000
|
trusted library allocation
|
page read and write
|
||
|
AA5000
|
unkown
|
page execute and read and write
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
AD9000
|
unkown
|
page execute and write copy
|
||
|
3FFF000
|
stack
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
8B0000
|
unkown
|
page readonly
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
730000
|
direct allocation
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
890000
|
direct allocation
|
page read and write
|
||
|
46F4000
|
trusted library allocation
|
page read and write
|
||
|
8B6000
|
unkown
|
page write copy
|
||
|
A11000
|
unkown
|
page execute and read and write
|
||
|
5B94000
|
trusted library allocation
|
page read and write
|
||
|
486F000
|
stack
|
page read and write
|
||
|
AD2000
|
unkown
|
page execute and read and write
|
There are 195 hidden memdumps, click here to show them.