Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications
|
DisableNotifications
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AUOptions
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AutoInstallMinorUpdates
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
NoAutoRebootWithLoggedOnUsers
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
UseWUServer
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DoNotConnectToWindowsUpdateInternetLocations
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features
|
TamperProtection
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
206000
|
unkown
|
page write copy
|
||
6F00000
|
heap
|
page execute and read and write
|
||
46B0000
|
direct allocation
|
page read and write
|
||
4990000
|
trusted library allocation
|
page read and write
|
||
2ACF000
|
stack
|
page read and write
|
||
273E000
|
stack
|
page read and write
|
||
420F000
|
stack
|
page read and write
|
||
2CCF000
|
stack
|
page read and write
|
||
5BB5000
|
trusted library allocation
|
page read and write
|
||
46C1000
|
heap
|
page read and write
|
||
330F000
|
stack
|
page read and write
|
||
46B0000
|
direct allocation
|
page read and write
|
||
402000
|
unkown
|
page execute and read and write
|
||
410E000
|
stack
|
page read and write
|
||
5C0000
|
heap
|
page read and write
|
||
47D0000
|
direct allocation
|
page read and write
|
||
4B2000
|
unkown
|
page execute and read and write
|
||
A4E000
|
stack
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
431000
|
unkown
|
page execute and read and write
|
||
A74000
|
heap
|
page read and write
|
||
2BCF000
|
stack
|
page read and write
|
||
320E000
|
stack
|
page read and write
|
||
4B91000
|
trusted library allocation
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
A74000
|
heap
|
page read and write
|
||
47D0000
|
direct allocation
|
page read and write
|
||
4A50000
|
heap
|
page execute and read and write
|
||
3BCF000
|
stack
|
page read and write
|
||
6EEE000
|
stack
|
page read and write
|
||
5B94000
|
trusted library allocation
|
page read and write
|
||
6D2D000
|
stack
|
page read and write
|
||
4B8E000
|
stack
|
page read and write
|
||
3E9000
|
unkown
|
page execute and write copy
|
||
334E000
|
stack
|
page read and write
|
||
46D0000
|
heap
|
page read and write
|
||
36E000
|
unkown
|
page execute and write copy
|
||
4980000
|
trusted library allocation
|
page read and write
|
||
A74000
|
heap
|
page read and write
|
||
31CF000
|
stack
|
page read and write
|
||
200000
|
unkown
|
page readonly
|
||
2F4F000
|
stack
|
page read and write
|
||
47D0000
|
direct allocation
|
page read and write
|
||
3CF000
|
unkown
|
page execute and write copy
|
||
49C000
|
unkown
|
page execute and write copy
|
||
277E000
|
stack
|
page read and write
|
||
29CF000
|
stack
|
page read and write
|
||
46C1000
|
heap
|
page read and write
|
||
35CE000
|
stack
|
page read and write
|
||
3A8F000
|
stack
|
page read and write
|
||
4973000
|
trusted library allocation
|
page execute and read and write
|
||
3FA000
|
unkown
|
page execute and write copy
|
||
2F8E000
|
stack
|
page read and write
|
||
36CF000
|
stack
|
page read and write
|
||
3D7000
|
unkown
|
page execute and read and write
|
||
2D0E000
|
stack
|
page read and write
|
||
46B0000
|
direct allocation
|
page read and write
|
||
424E000
|
stack
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
A74000
|
heap
|
page read and write
|
||
443000
|
unkown
|
page execute and read and write
|
||
216000
|
unkown
|
page execute and write copy
|
||
A74000
|
heap
|
page read and write
|
||
47C0000
|
trusted library allocation
|
page read and write
|
||
4A70000
|
trusted library allocation
|
page read and write
|
||
46B0000
|
direct allocation
|
page read and write
|
||
496E000
|
stack
|
page read and write
|
||
4690000
|
direct allocation
|
page read and write
|
||
8F9000
|
stack
|
page read and write
|
||
4984000
|
trusted library allocation
|
page read and write
|
||
46B0000
|
direct allocation
|
page read and write
|
||
4820000
|
trusted library allocation
|
page read and write
|
||
3D4E000
|
stack
|
page read and write
|
||
30CE000
|
stack
|
page read and write
|
||
38F000
|
unkown
|
page execute and read and write
|
||
4A3000
|
unkown
|
page execute and write copy
|
||
3CA000
|
unkown
|
page execute and write copy
|
||
3EC000
|
unkown
|
page execute and read and write
|
||
3E8E000
|
stack
|
page read and write
|
||
3F8F000
|
stack
|
page read and write
|
||
3F9000
|
unkown
|
page execute and read and write
|
||
A74000
|
heap
|
page read and write
|
||
410000
|
unkown
|
page execute and write copy
|
||
3F6000
|
unkown
|
page execute and write copy
|
||
26FF000
|
stack
|
page read and write
|
||
5B91000
|
trusted library allocation
|
page read and write
|
||
54C000
|
stack
|
page read and write
|
||
46B0000
|
direct allocation
|
page read and write
|