Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4A50000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
376E000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
49C0000
|
direct allocation
|
page execute and read and write
|
||
|
39AF000
|
stack
|
page read and write
|
||
|
FD0000
|
unkown
|
page read and write
|
||
|
116C000
|
unkown
|
page execute and write copy
|
||
|
113F000
|
unkown
|
page execute and write copy
|
||
|
6EDE000
|
stack
|
page read and write
|
||
|
1273000
|
unkown
|
page execute and write copy
|
||
|
690000
|
heap
|
page read and write
|
||
|
3C6E000
|
stack
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
312E000
|
stack
|
page read and write
|
||
|
128C000
|
unkown
|
page execute and write copy
|
||
|
11F3000
|
unkown
|
page execute and write copy
|
||
|
11A1000
|
unkown
|
page execute and read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
4C21000
|
trusted library allocation
|
page read and write
|
||
|
11C8000
|
unkown
|
page execute and write copy
|
||
|
412F000
|
stack
|
page read and write
|
||
|
4840000
|
direct allocation
|
page read and write
|
||
|
362E000
|
stack
|
page read and write
|
||
|
6D9E000
|
stack
|
page read and write
|
||
|
487C000
|
stack
|
page read and write
|
||
|
1166000
|
unkown
|
page execute and write copy
|
||
|
FD2000
|
unkown
|
page execute and read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
322F000
|
stack
|
page read and write
|
||
|
47F0000
|
trusted library allocation
|
page read and write
|
||
|
11EB000
|
unkown
|
page execute and write copy
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
6FEF000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
49D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
482D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D5D000
|
stack
|
page read and write
|
||
|
4823000
|
trusted library allocation
|
page execute and read and write
|
||
|
1193000
|
unkown
|
page execute and read and write
|
||
|
49A0000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
5C21000
|
trusted library allocation
|
page read and write
|
||
|
117D000
|
unkown
|
page execute and read and write
|
||
|
126A000
|
unkown
|
page execute and read and write
|
||
|
4A30000
|
trusted library allocation
|
page read and write
|
||
|
113C000
|
unkown
|
page execute and read and write
|
||
|
778000
|
heap
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
1192000
|
unkown
|
page execute and write copy
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
386F000
|
stack
|
page read and write
|
||
|
1215000
|
unkown
|
page execute and read and write
|
||
|
34AF000
|
stack
|
page read and write
|
||
|
4824000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
72E000
|
heap
|
page read and write
|
||
|
11F5000
|
unkown
|
page execute and write copy
|
||
|
116D000
|
unkown
|
page execute and read and write
|
||
|
11D4000
|
unkown
|
page execute and write copy
|
||
|
1237000
|
unkown
|
page execute and read and write
|
||
|
1234000
|
unkown
|
page execute and write copy
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
39EE000
|
stack
|
page read and write
|
||
|
1227000
|
unkown
|
page execute and read and write
|
||
|
4834000
|
trusted library allocation
|
page read and write
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
72A000
|
heap
|
page read and write
|
||
|
499A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE0000
|
heap
|
page execute and read and write
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
1204000
|
unkown
|
page execute and write copy
|
||
|
4840000
|
direct allocation
|
page read and write
|
||
|
FDA000
|
unkown
|
page execute and read and write
|
||
|
FD6000
|
unkown
|
page write copy
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
3AEF000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
11F7000
|
unkown
|
page execute and write copy
|
||
|
416E000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
49A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE6000
|
unkown
|
page execute and write copy
|
||
|
11EC000
|
unkown
|
page execute and read and write
|
||
|
117F000
|
unkown
|
page execute and read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
11B9000
|
unkown
|
page execute and read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
4840000
|
direct allocation
|
page read and write
|
||
|
38AE000
|
stack
|
page read and write
|
||
|
F57000
|
heap
|
page read and write
|
||
|
4A40000
|
trusted library allocation
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
3C2F000
|
stack
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
6C5C000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
11DD000
|
unkown
|
page execute and write copy
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
4990000
|
direct allocation
|
page execute and read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
FDA000
|
unkown
|
page execute and write copy
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
710000
|
direct allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
6E9F000
|
stack
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
5C45000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
3FEF000
|
stack
|
page read and write
|
||
|
3EEE000
|
stack
|
page read and write
|
||
|
128C000
|
unkown
|
page execute and read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
3B2E000
|
stack
|
page read and write
|
||
|
4830000
|
trusted library allocation
|
page read and write
|
||
|
49AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
11B3000
|
unkown
|
page execute and write copy
|
||
|
128E000
|
unkown
|
page execute and write copy
|
||
|
600000
|
heap
|
page read and write
|
||
|
11E3000
|
unkown
|
page execute and read and write
|
||
|
FD0000
|
unkown
|
page readonly
|
||
|
11F4000
|
unkown
|
page execute and read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
11F6000
|
unkown
|
page execute and read and write
|
||
|
128E000
|
unkown
|
page execute and write copy
|
||
|
127E000
|
unkown
|
page execute and write copy
|
||
|
4810000
|
trusted library allocation
|
page read and write
|
||
|
4A2E000
|
stack
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
426F000
|
stack
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
4C1F000
|
stack
|
page read and write
|
||
|
3D6F000
|
stack
|
page read and write
|
||
|
43AF000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
11FB000
|
unkown
|
page execute and read and write
|
||
|
3EAF000
|
stack
|
page read and write
|
||
|
117C000
|
unkown
|
page execute and write copy
|
||
|
720000
|
heap
|
page read and write
|
||
|
1164000
|
unkown
|
page execute and read and write
|
||
|
119B000
|
unkown
|
page execute and write copy
|
||
|
326E000
|
stack
|
page read and write
|
||
|
589000
|
stack
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
127E000
|
unkown
|
page execute and write copy
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
5C24000
|
trusted library allocation
|
page read and write
|
||
|
7B6000
|
heap
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
1269000
|
unkown
|
page execute and write copy
|
||
|
35EF000
|
stack
|
page read and write
|
||
|
E7F000
|
stack
|
page read and write
|
||
|
117E000
|
unkown
|
page execute and write copy
|
||
|
1155000
|
unkown
|
page execute and read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
11DC000
|
unkown
|
page execute and read and write
|
||
|
1225000
|
unkown
|
page execute and write copy
|
||
|
FD2000
|
unkown
|
page execute and write copy
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
372F000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
FD6000
|
unkown
|
page write copy
|
||
|
11CC000
|
unkown
|
page execute and read and write
|
||
|
11A2000
|
unkown
|
page execute and write copy
|
||
|
11A7000
|
unkown
|
page execute and read and write
|
||
|
402E000
|
stack
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
FC0000
|
direct allocation
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
120C000
|
unkown
|
page execute and read and write
|
||
|
120D000
|
unkown
|
page execute and write copy
|
||
|
788000
|
heap
|
page read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
heap
|
page execute and read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
48C000
|
stack
|
page read and write
|
||
|
46F0000
|
heap
|
page read and write
|
||
|
1167000
|
unkown
|
page execute and read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
1163000
|
unkown
|
page execute and write copy
|
||
|
33AE000
|
stack
|
page read and write
|
There are 196 hidden memdumps, click here to show them.