Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4F60000
|
heap
|
page execute and read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
D15000
|
unkown
|
page execute and read and write
|
||
|
3D7F000
|
stack
|
page read and write
|
||
|
B10000
|
unkown
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
CED000
|
unkown
|
page execute and write copy
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
CB8000
|
unkown
|
page execute and read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
2C77000
|
heap
|
page read and write
|
||
|
4DE4000
|
trusted library allocation
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
337F000
|
stack
|
page read and write
|
||
|
D9B000
|
unkown
|
page execute and read and write
|
||
|
4DF4000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
unkown
|
page execute and write copy
|
||
|
1054000
|
heap
|
page read and write
|
||
|
CA7000
|
unkown
|
page execute and read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
B10000
|
unkown
|
page readonly
|
||
|
1054000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
5111000
|
trusted library allocation
|
page read and write
|
||
|
75AE000
|
stack
|
page read and write
|
||
|
C9A000
|
unkown
|
page execute and read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
D1A000
|
unkown
|
page execute and read and write
|
||
|
D29000
|
unkown
|
page execute and read and write
|
||
|
B12000
|
unkown
|
page execute and write copy
|
||
|
C99000
|
unkown
|
page execute and write copy
|
||
|
D31000
|
unkown
|
page execute and write copy
|
||
|
F59000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
CD4000
|
unkown
|
page execute and write copy
|
||
|
1054000
|
heap
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
323F000
|
stack
|
page read and write
|
||
|
4DCC000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
D99000
|
unkown
|
page execute and write copy
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
DA3000
|
unkown
|
page execute and write copy
|
||
|
C8F000
|
unkown
|
page execute and read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
D27000
|
unkown
|
page execute and write copy
|
||
|
4D80000
|
trusted library allocation
|
page read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
F6D000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
CA4000
|
unkown
|
page execute and write copy
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
CC8000
|
unkown
|
page execute and write copy
|
||
|
373F000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
DB4000
|
unkown
|
page execute and write copy
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4F50000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
CB7000
|
unkown
|
page execute and write copy
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
DB2000
|
unkown
|
page execute and write copy
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
B12000
|
unkown
|
page execute and read and write
|
||
|
72EE000
|
stack
|
page read and write
|
||
|
CA6000
|
unkown
|
page execute and write copy
|
||
|
35FF000
|
stack
|
page read and write
|
||
|
3FFF000
|
stack
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
F1E000
|
heap
|
page read and write
|
||
|
CFF000
|
unkown
|
page execute and write copy
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
CCB000
|
unkown
|
page execute and write copy
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
D5F000
|
unkown
|
page execute and read and write
|
||
|
C80000
|
unkown
|
page execute and write copy
|
||
|
413F000
|
stack
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
B16000
|
unkown
|
page write copy
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
FA2000
|
heap
|
page read and write
|
||
|
D09000
|
unkown
|
page execute and read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
4F20000
|
direct allocation
|
page execute and read and write
|
||
|
D9C000
|
unkown
|
page execute and write copy
|
||
|
DB2000
|
unkown
|
page execute and read and write
|
||
|
6135000
|
trusted library allocation
|
page read and write
|
||
|
F1A000
|
heap
|
page read and write
|
||
|
2C0C000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
732E000
|
stack
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
7360000
|
heap
|
page execute and read and write
|
||
|
34BF000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
CCC000
|
unkown
|
page execute and read and write
|
||
|
4F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA5000
|
unkown
|
page execute and read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
746E000
|
stack
|
page read and write
|
||
|
132F000
|
stack
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
CDE000
|
unkown
|
page execute and read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
D11000
|
unkown
|
page execute and write copy
|
||
|
2FBF000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
B16000
|
unkown
|
page write copy
|
||
|
72AD000
|
stack
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
C7E000
|
unkown
|
page execute and read and write
|
||
|
122F000
|
stack
|
page read and write
|
||
|
D42000
|
unkown
|
page execute and read and write
|
||
|
4F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
B1A000
|
unkown
|
page execute and write copy
|
||
|
D16000
|
unkown
|
page execute and write copy
|
||
|
4DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
B1A000
|
unkown
|
page execute and read and write
|
||
|
F51000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
6111000
|
trusted library allocation
|
page read and write
|
||
|
4DE0000
|
direct allocation
|
page execute and read and write
|
||
|
4C10000
|
direct allocation
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
D35000
|
unkown
|
page execute and read and write
|
||
|
363E000
|
stack
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
CC9000
|
unkown
|
page execute and read and write
|
||
|
39BF000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
4D90000
|
direct allocation
|
page read and write
|
||
|
2EBE000
|
stack
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
463F000
|
stack
|
page read and write
|
||
|
D26000
|
unkown
|
page execute and read and write
|
||
|
4F0E000
|
stack
|
page read and write
|
||
|
6114000
|
trusted library allocation
|
page read and write
|
||
|
D3A000
|
unkown
|
page execute and write copy
|
||
|
4DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
756E000
|
stack
|
page read and write
|
||
|
CEF000
|
unkown
|
page execute and read and write
|
||
|
427F000
|
stack
|
page read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
34FE000
|
stack
|
page read and write
|
||
|
B26000
|
unkown
|
page execute and write copy
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
EB9000
|
stack
|
page read and write
|
||
|
4F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
403E000
|
stack
|
page read and write
|
||
|
1054000
|
heap
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
DB4000
|
unkown
|
page execute and write copy
|
||
|
D36000
|
unkown
|
page execute and write copy
|
||
|
4DF0000
|
trusted library allocation
|
page read and write
|
||
|
327E000
|
stack
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
direct allocation
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
2C70000
|
heap
|
page read and write
|
||
|
D23000
|
unkown
|
page execute and write copy
|
||
|
DA3000
|
unkown
|
page execute and write copy
|
||
|
104E000
|
stack
|
page read and write
|
||
|
D39000
|
unkown
|
page execute and read and write
|
There are 195 hidden memdumps, click here to show them.