Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
357F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4BB4000
|
trusted library allocation
|
page read and write
|
||
|
36BF000
|
stack
|
page read and write
|
||
|
1163000
|
unkown
|
page execute and read and write
|
||
|
4D3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
113B000
|
unkown
|
page execute and write copy
|
||
|
4BC0000
|
direct allocation
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
11E0000
|
unkown
|
page execute and read and write
|
||
|
117A000
|
unkown
|
page execute and read and write
|
||
|
1264000
|
unkown
|
page execute and write copy
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
11B7000
|
unkown
|
page execute and write copy
|
||
|
1150000
|
unkown
|
page execute and write copy
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
4D20000
|
trusted library allocation
|
page read and write
|
||
|
4BAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
939000
|
stack
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
1181000
|
unkown
|
page execute and write copy
|
||
|
96A000
|
heap
|
page read and write
|
||
|
1266000
|
unkown
|
page execute and write copy
|
||
|
423E000
|
stack
|
page read and write
|
||
|
45FE000
|
stack
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
124E000
|
unkown
|
page execute and write copy
|
||
|
70A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
FB2000
|
unkown
|
page execute and read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
1145000
|
unkown
|
page execute and write copy
|
||
|
46FF000
|
stack
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
CDF000
|
stack
|
page read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
4D37000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB6000
|
unkown
|
page write copy
|
||
|
FB6000
|
unkown
|
page write copy
|
||
|
112A000
|
unkown
|
page execute and write copy
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
41FF000
|
stack
|
page read and write
|
||
|
1264000
|
unkown
|
page execute and read and write
|
||
|
4BA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
40BF000
|
stack
|
page read and write
|
||
|
4BC0000
|
direct allocation
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
71A0000
|
heap
|
page execute and read and write
|
||
|
1255000
|
unkown
|
page execute and write copy
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
1204000
|
unkown
|
page execute and read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
70C0000
|
trusted library allocation
|
page read and write
|
||
|
2BB7000
|
heap
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
9AC000
|
heap
|
page read and write
|
||
|
433F000
|
stack
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
5EE5000
|
trusted library allocation
|
page read and write
|
||
|
113A000
|
unkown
|
page execute and read and write
|
||
|
9A5000
|
heap
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
11E8000
|
unkown
|
page execute and write copy
|
||
|
3ABE000
|
stack
|
page read and write
|
||
|
3E7E000
|
stack
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
2A4B000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
FC5000
|
unkown
|
page execute and read and write
|
||
|
5EC4000
|
trusted library allocation
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
1159000
|
unkown
|
page execute and write copy
|
||
|
F80000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
11C7000
|
unkown
|
page execute and write copy
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
3CFF000
|
stack
|
page read and write
|
||
|
1162000
|
unkown
|
page execute and write copy
|
||
|
3FBE000
|
stack
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
73AE000
|
stack
|
page read and write
|
||
|
4A40000
|
heap
|
page read and write
|
||
|
1255000
|
unkown
|
page execute and write copy
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1145000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
2B4F000
|
stack
|
page read and write
|
||
|
3BFE000
|
stack
|
page read and write
|
||
|
11BB000
|
unkown
|
page execute and write copy
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
115A000
|
unkown
|
page execute and read and write
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
1266000
|
unkown
|
page execute and write copy
|
||
|
4D20000
|
direct allocation
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
1197000
|
unkown
|
page execute and read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
11BA000
|
unkown
|
page execute and read and write
|
||
|
5EC1000
|
trusted library allocation
|
page read and write
|
||
|
1128000
|
unkown
|
page execute and read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
FB2000
|
unkown
|
page execute and write copy
|
||
|
44BE000
|
stack
|
page read and write
|
||
|
713E000
|
stack
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
4BC0000
|
direct allocation
|
page read and write
|
||
|
2B90000
|
direct allocation
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
FBA000
|
unkown
|
page execute and write copy
|
||
|
11CA000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
3F7F000
|
stack
|
page read and write
|
||
|
11F3000
|
unkown
|
page execute and write copy
|
||
|
4D50000
|
direct allocation
|
page execute and read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
96E000
|
heap
|
page read and write
|
||
|
1151000
|
unkown
|
page execute and read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
11DC000
|
unkown
|
page execute and write copy
|
||
|
113C000
|
unkown
|
page execute and read and write
|
||
|
447F000
|
stack
|
page read and write
|
||
|
4D2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
A65000
|
heap
|
page read and write
|
||
|
FC6000
|
unkown
|
page execute and write copy
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4BA4000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
11F6000
|
unkown
|
page execute and read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
717E000
|
stack
|
page read and write
|
||
|
1195000
|
unkown
|
page execute and write copy
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
4A60000
|
direct allocation
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
11D5000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
FC4000
|
unkown
|
page execute and write copy
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
9C1000
|
heap
|
page read and write
|
||
|
1178000
|
unkown
|
page execute and write copy
|
||
|
72AF000
|
stack
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
6F9C000
|
stack
|
page read and write
|
||
|
11EB000
|
unkown
|
page execute and read and write
|
||
|
11C6000
|
unkown
|
page execute and read and write
|
||
|
709D000
|
stack
|
page read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
393F000
|
stack
|
page read and write
|
||
|
11D1000
|
unkown
|
page execute and write copy
|
||
|
1202000
|
unkown
|
page execute and write copy
|
||
|
37FF000
|
stack
|
page read and write
|
||
|
4BFB000
|
stack
|
page read and write
|
||
|
FB0000
|
unkown
|
page read and write
|
||
|
118B000
|
unkown
|
page execute and read and write
|
||
|
FBA000
|
unkown
|
page execute and read and write
|
||
|
70B0000
|
trusted library allocation
|
page read and write
|
||
|
74AF000
|
stack
|
page read and write
|
||
|
4EC1000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
There are 188 hidden memdumps, click here to show them.