Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_445c634e78ec63ccb3a39ee5f6e81a7b46f3a7e5.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_445c634e78ec63ccb3a39ee5f6e81a7b46f3a7e5.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\zr5e5itz.egn" "C:\Users\user\Desktop\MDE_File_Sample_445c634e78ec63ccb3a39ee5f6e81a7b46f3a7e5.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30C000
|
stack
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
28DC000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2911000
|
trusted library allocation
|
page read and write
|
||
|
8EA000
|
heap
|
page read and write
|
||
|
293B000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
2841000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
trusted library allocation
|
page read and write
|
||
|
86A000
|
trusted library allocation
|
page execute and read and write
|
||
|
491E000
|
stack
|
page read and write
|
||
|
94F000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
C1E000
|
stack
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
2410000
|
trusted library allocation
|
page read and write
|
||
|
3F0000
|
heap
|
page execute and read and write
|
||
|
28D6000
|
trusted library allocation
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
28B6000
|
trusted library allocation
|
page read and write
|
||
|
28EF000
|
trusted library allocation
|
page read and write
|
||
|
6F9000
|
stack
|
page read and write
|
||
|
28E4000
|
trusted library allocation
|
page read and write
|
||
|
4BFD000
|
stack
|
page read and write
|
||
|
8A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
28F2000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
292D000
|
trusted library allocation
|
page read and write
|
||
|
2875000
|
trusted library allocation
|
page read and write
|
||
|
2908000
|
trusted library allocation
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
892000
|
trusted library allocation
|
page execute and read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
2897000
|
trusted library allocation
|
page read and write
|
||
|
87C000
|
trusted library allocation
|
page execute and read and write
|
||
|
28D3000
|
trusted library allocation
|
page read and write
|
||
|
4A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
28C5000
|
trusted library allocation
|
page read and write
|
||
|
28E1000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
395000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
501F000
|
stack
|
page read and write
|
||
|
2938000
|
trusted library allocation
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
2916000
|
trusted library allocation
|
page read and write
|
||
|
28F5000
|
trusted library allocation
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
3841000
|
trusted library allocation
|
page read and write
|
||
|
28E7000
|
trusted library allocation
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
heap
|
page read and write
|
||
|
28CE000
|
trusted library allocation
|
page read and write
|
||
|
6FB000
|
stack
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
28EA000
|
trusted library allocation
|
page read and write
|
||
|
290B000
|
trusted library allocation
|
page read and write
|
||
|
89A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2932000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
288F000
|
trusted library allocation
|
page read and write
|
||
|
2903000
|
trusted library allocation
|
page read and write
|
||
|
7EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
872000
|
trusted library allocation
|
page execute and read and write
|
||
|
2919000
|
trusted library allocation
|
page read and write
|
||
|
291C000
|
trusted library allocation
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
28AA000
|
trusted library allocation
|
page read and write
|
||
|
2927000
|
trusted library allocation
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
291F000
|
trusted library allocation
|
page read and write
|
||
|
28FD000
|
trusted library allocation
|
page read and write
|
||
|
24A5000
|
heap
|
page read and write
|
||
|
2935000
|
trusted library allocation
|
page read and write
|
||
|
28A5000
|
trusted library allocation
|
page read and write
|
||
|
2943000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
2894000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
28CB000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
28D9000
|
trusted library allocation
|
page read and write
|
||
|
28A2000
|
trusted library allocation
|
page read and write
|
||
|
28A8000
|
trusted library allocation
|
page read and write
|
||
|
292A000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
862000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C8000
|
trusted library allocation
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
28B9000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
2946000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
8AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
24A0000
|
heap
|
page read and write
|
There are 102 hidden memdumps, click here to show them.