Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
594000
|
unkown
|
page execute and read and write
|
||
|
618000
|
unkown
|
page execute and write copy
|
||
|
5CD000
|
unkown
|
page execute and read and write
|
||
|
6F1E000
|
stack
|
page read and write
|
||
|
686000
|
unkown
|
page execute and read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
593000
|
unkown
|
page execute and write copy
|
||
|
473C000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
637000
|
unkown
|
page execute and read and write
|
||
|
4B41000
|
trusted library allocation
|
page read and write
|
||
|
6A4000
|
unkown
|
page execute and read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
5B44000
|
trusted library allocation
|
page read and write
|
||
|
683000
|
unkown
|
page execute and write copy
|
||
|
397F000
|
stack
|
page read and write
|
||
|
5DE000
|
unkown
|
page execute and read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
597000
|
unkown
|
page execute and read and write
|
||
|
57E000
|
unkown
|
page execute and read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
48FF000
|
stack
|
page read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
3F6000
|
unkown
|
page write copy
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
47A0000
|
trusted library allocation
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page execute and read and write
|
||
|
624000
|
unkown
|
page execute and read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
58A000
|
unkown
|
page execute and write copy
|
||
|
6A6000
|
unkown
|
page execute and write copy
|
||
|
608000
|
unkown
|
page execute and read and write
|
||
|
B4F000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
602000
|
unkown
|
page execute and read and write
|
||
|
636000
|
unkown
|
page execute and write copy
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
423F000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
4764000
|
trusted library allocation
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
580000
|
unkown
|
page execute and write copy
|
||
|
B6C000
|
heap
|
page read and write
|
||
|
596000
|
unkown
|
page execute and write copy
|
||
|
3FA000
|
unkown
|
page execute and write copy
|
||
|
68F000
|
unkown
|
page execute and write copy
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
5B65000
|
trusted library allocation
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
695000
|
unkown
|
page execute and write copy
|
||
|
4950000
|
trusted library allocation
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
4700000
|
direct allocation
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
61D000
|
unkown
|
page execute and write copy
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
61C000
|
unkown
|
page execute and read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
262E000
|
stack
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
3F0000
|
unkown
|
page read and write
|
||
|
35E000
|
stack
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
383F000
|
stack
|
page read and write
|
||
|
6A6000
|
unkown
|
page execute and write copy
|
||
|
2A7F000
|
stack
|
page read and write
|
||
|
4770000
|
trusted library allocation
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
279000
|
stack
|
page read and write
|
||
|
475D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
60C000
|
unkown
|
page execute and read and write
|
||
|
5B41000
|
trusted library allocation
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
25AF000
|
stack
|
page read and write
|
||
|
62D000
|
unkown
|
page execute and read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
3F2000
|
unkown
|
page execute and read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
7FC000
|
stack
|
page read and write
|
||
|
701E000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
493C000
|
stack
|
page read and write
|
||
|
609000
|
unkown
|
page execute and write copy
|
||
|
5FB000
|
unkown
|
page execute and write copy
|
||
|
3F6000
|
unkown
|
page write copy
|
||
|
4787000
|
trusted library allocation
|
page execute and read and write
|
||
|
45B0000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
6CDD000
|
stack
|
page read and write
|
||
|
5DD000
|
unkown
|
page execute and write copy
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
56B000
|
unkown
|
page execute and write copy
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
2677000
|
heap
|
page read and write
|
||
|
4754000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
4580000
|
direct allocation
|
page read and write
|
||
|
B58000
|
heap
|
page read and write
|
||
|
45A0000
|
direct allocation
|
page read and write
|
||
|
287F000
|
stack
|
page read and write
|
||
|
4760000
|
trusted library allocation
|
page read and write
|
||
|
3F2000
|
unkown
|
page execute and write copy
|
||
|
4750000
|
direct allocation
|
page execute and read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
B51000
|
heap
|
page read and write
|
||
|
6A4000
|
unkown
|
page execute and write copy
|
||
|
603000
|
unkown
|
page execute and write copy
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
6EDF000
|
stack
|
page read and write
|
||
|
3FA000
|
unkown
|
page execute and read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
582000
|
unkown
|
page execute and read and write
|
||
|
4780000
|
trusted library allocation
|
page read and write
|
||
|
62C000
|
unkown
|
page execute and write copy
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
45B1000
|
heap
|
page read and write
|
||
|
695000
|
unkown
|
page execute and write copy
|
||
|
384000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
3F0000
|
unkown
|
page readonly
|
||
|
477A000
|
trusted library allocation
|
page execute and read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
478B000
|
trusted library allocation
|
page execute and read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
5BA000
|
unkown
|
page execute and write copy
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
49E0000
|
heap
|
page execute and read and write
|
||
|
568000
|
unkown
|
page execute and read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
58B000
|
unkown
|
page execute and read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
46F0000
|
trusted library allocation
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
46B0000
|
trusted library allocation
|
page read and write
|
||
|
4990000
|
heap
|
page execute and read and write
|
||
|
4780000
|
direct allocation
|
page execute and read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
4753000
|
trusted library allocation
|
page execute and read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
There are 189 hidden memdumps, click here to show them.