Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A24000
|
heap
|
page read and write
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
D98000
|
unkown
|
page execute and write copy
|
||
|
A24000
|
heap
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
D7F000
|
unkown
|
page execute and write copy
|
||
|
AF2000
|
unkown
|
page execute and read and write
|
||
|
CE7000
|
unkown
|
page execute and write copy
|
||
|
4EAB000
|
stack
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
778E000
|
stack
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
CEF000
|
unkown
|
page execute and read and write
|
||
|
D85000
|
unkown
|
page execute and write copy
|
||
|
4FCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
107C000
|
stack
|
page read and write
|
||
|
4D21000
|
heap
|
page read and write
|
||
|
112F000
|
heap
|
page read and write
|
||
|
5140000
|
heap
|
page read and write
|
||
|
CCD000
|
unkown
|
page execute and write copy
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
CC8000
|
unkown
|
page execute and write copy
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
10FD000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
112C000
|
heap
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
CCC000
|
unkown
|
page execute and read and write
|
||
|
427E000
|
stack
|
page read and write
|
||
|
C53000
|
unkown
|
page execute and read and write
|
||
|
473F000
|
stack
|
page read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
AF6000
|
unkown
|
page write copy
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
CD0000
|
unkown
|
page execute and read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
4E70000
|
direct allocation
|
page read and write
|
||
|
4FC0000
|
direct allocation
|
page execute and read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
D98000
|
unkown
|
page execute and write copy
|
||
|
C91000
|
unkown
|
page execute and read and write
|
||
|
513C000
|
stack
|
page read and write
|
||
|
D1D000
|
unkown
|
page execute and read and write
|
||
|
CBE000
|
unkown
|
page execute and read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
D0B000
|
unkown
|
page execute and read and write
|
||
|
AF2000
|
unkown
|
page execute and write copy
|
||
|
4FC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
4FF0000
|
direct allocation
|
page execute and read and write
|
||
|
4D11000
|
heap
|
page read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
4FE0000
|
trusted library allocation
|
page read and write
|
||
|
C55000
|
unkown
|
page execute and write copy
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
2DD0000
|
direct allocation
|
page read and write
|
||
|
C79000
|
unkown
|
page execute and read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
D05000
|
unkown
|
page execute and write copy
|
||
|
2D0F000
|
stack
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
AFA000
|
unkown
|
page execute and write copy
|
||
|
5340000
|
heap
|
page execute and read and write
|
||
|
5351000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
C85000
|
unkown
|
page execute and read and write
|
||
|
744D000
|
stack
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
2DF7000
|
heap
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
CF0000
|
unkown
|
page execute and write copy
|
||
|
B06000
|
unkown
|
page execute and write copy
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
B04000
|
unkown
|
page execute and write copy
|
||
|
D96000
|
unkown
|
page execute and write copy
|
||
|
CF5000
|
unkown
|
page execute and read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
D24000
|
unkown
|
page execute and write copy
|
||
|
383F000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
4FEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
10AA000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
C6D000
|
unkown
|
page execute and read and write
|
||
|
4FC4000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
4E70000
|
direct allocation
|
page read and write
|
||
|
4FF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
8EC000
|
stack
|
page read and write
|
||
|
CAD000
|
unkown
|
page execute and write copy
|
||
|
AF0000
|
unkown
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
D96000
|
unkown
|
page execute and read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
10E9000
|
heap
|
page read and write
|
||
|
10DE000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
4FD4000
|
trusted library allocation
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
C92000
|
unkown
|
page execute and write copy
|
||
|
146E000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
D26000
|
unkown
|
page execute and read and write
|
||
|
D12000
|
unkown
|
page execute and write copy
|
||
|
A70000
|
heap
|
page read and write
|
||
|
4E70000
|
direct allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page execute and read and write
|
||
|
5290000
|
heap
|
page execute and read and write
|
||
|
9E9000
|
stack
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
768E000
|
stack
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
C95000
|
unkown
|
page execute and read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
AF6000
|
unkown
|
page write copy
|
||
|
323E000
|
stack
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
6375000
|
trusted library allocation
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
C8E000
|
unkown
|
page execute and write copy
|
||
|
6354000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
unkown
|
page readonly
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
D18000
|
unkown
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
423F000
|
stack
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
C82000
|
unkown
|
page execute and write copy
|
||
|
6351000
|
trusted library allocation
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
C78000
|
unkown
|
page execute and write copy
|
||
|
AFA000
|
unkown
|
page execute and read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
4D00000
|
direct allocation
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
D19000
|
unkown
|
page execute and write copy
|
||
|
D85000
|
unkown
|
page execute and write copy
|
||
|
B05000
|
unkown
|
page execute and read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
There are 192 hidden memdumps, click here to show them.