Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
CDB000
|
unkown
|
page execute and write copy
|
||
|
419F000
|
stack
|
page read and write
|
||
|
DD5000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D12000
|
unkown
|
page execute and write copy
|
||
|
D6E000
|
unkown
|
page execute and read and write
|
||
|
D0A000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
7820000
|
heap
|
page execute and read and write
|
||
|
53E0000
|
heap
|
page execute and read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
77CF000
|
stack
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
7A6F000
|
stack
|
page read and write
|
||
|
D00000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
52D0000
|
direct allocation
|
page execute and read and write
|
||
|
B7A000
|
unkown
|
page execute and read and write
|
||
|
D01000
|
unkown
|
page execute and read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
7690000
|
trusted library allocation
|
page read and write
|
||
|
DB5000
|
unkown
|
page execute and write copy
|
||
|
CF8000
|
unkown
|
page execute and write copy
|
||
|
128E000
|
stack
|
page read and write
|
||
|
D95000
|
unkown
|
page execute and write copy
|
||
|
5021000
|
heap
|
page read and write
|
||
|
D3F000
|
unkown
|
page execute and read and write
|
||
|
B76000
|
unkown
|
page write copy
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
148E000
|
heap
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
140A000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
54F1000
|
trusted library allocation
|
page read and write
|
||
|
64F4000
|
trusted library allocation
|
page read and write
|
||
|
E14000
|
unkown
|
page execute and write copy
|
||
|
51AB000
|
stack
|
page read and write
|
||
|
B70000
|
unkown
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
51B0000
|
heap
|
page read and write
|
||
|
D74000
|
unkown
|
page execute and read and write
|
||
|
53BC000
|
stack
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
D69000
|
unkown
|
page execute and write copy
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
CFF000
|
unkown
|
page execute and read and write
|
||
|
5300000
|
direct allocation
|
page execute and read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
D75000
|
unkown
|
page execute and write copy
|
||
|
530B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B86000
|
unkown
|
page execute and write copy
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
D2E000
|
unkown
|
page execute and write copy
|
||
|
FA9000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
DA3000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
D9B000
|
unkown
|
page execute and read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
6515000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
1449000
|
heap
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
5170000
|
direct allocation
|
page read and write
|
||
|
5030000
|
heap
|
page read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
D4F000
|
unkown
|
page execute and read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
445E000
|
stack
|
page read and write
|
||
|
52FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E14000
|
unkown
|
page execute and read and write
|
||
|
B72000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
E16000
|
unkown
|
page execute and write copy
|
||
|
1294000
|
heap
|
page read and write
|
||
|
DD6000
|
unkown
|
page execute and read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
140E000
|
heap
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
B7A000
|
unkown
|
page execute and write copy
|
||
|
52D4000
|
trusted library allocation
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
DA7000
|
unkown
|
page execute and read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
D87000
|
unkown
|
page execute and write copy
|
||
|
5307000
|
trusted library allocation
|
page execute and read and write
|
||
|
D4C000
|
unkown
|
page execute and write copy
|
||
|
CEC000
|
unkown
|
page execute and read and write
|
||
|
D94000
|
unkown
|
page execute and read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
5160000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
2F1C000
|
stack
|
page read and write
|
||
|
4BDE000
|
stack
|
page read and write
|
||
|
D88000
|
unkown
|
page execute and read and write
|
||
|
145D000
|
heap
|
page read and write
|
||
|
DFF000
|
unkown
|
page execute and write copy
|
||
|
379F000
|
stack
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
D6F000
|
unkown
|
page execute and write copy
|
||
|
329F000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
52E4000
|
trusted library allocation
|
page read and write
|
||
|
CF9000
|
unkown
|
page execute and read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
D50000
|
unkown
|
page execute and write copy
|
||
|
D13000
|
unkown
|
page execute and read and write
|
||
|
796E000
|
stack
|
page read and write
|
||
|
2F20000
|
direct allocation
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
52D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0B000
|
unkown
|
page execute and read and write
|
||
|
391E000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
52DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
64F1000
|
trusted library allocation
|
page read and write
|
||
|
4B9F000
|
stack
|
page read and write
|
||
|
D52000
|
unkown
|
page execute and read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
536E000
|
stack
|
page read and write
|
||
|
E05000
|
unkown
|
page execute and write copy
|
||
|
EAC000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
2F57000
|
heap
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
CD9000
|
unkown
|
page execute and read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
5370000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
5021000
|
heap
|
page read and write
|
||
|
DB7000
|
unkown
|
page execute and read and write
|
||
|
B72000
|
unkown
|
page execute and read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
144E000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
CFC000
|
unkown
|
page execute and write copy
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
B76000
|
unkown
|
page write copy
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
780E000
|
stack
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
76CE000
|
stack
|
page read and write
|
||
|
D79000
|
unkown
|
page execute and read and write
|
||
|
E05000
|
unkown
|
page execute and write copy
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
D8F000
|
unkown
|
page execute and write copy
|
||
|
2F40000
|
direct allocation
|
page read and write
|
||
|
E16000
|
unkown
|
page execute and write copy
|
||
|
768D000
|
stack
|
page read and write
|
There are 194 hidden memdumps, click here to show them.