Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
level2.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\level2.exe
|
"C:\Users\user\Desktop\level2.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DE0000
|
heap
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1B9F0000
|
heap
|
page execute and read and write
|
||
|
1435000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
1114000
|
heap
|
page read and write
|
||
|
1BAFE000
|
stack
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
C40000
|
unkown
|
page execute and read and write
|
||
|
1132000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
C53000
|
unkown
|
page execute and read and write
|
||
|
115E000
|
heap
|
page read and write
|
||
|
7FFD9B7DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
111F000
|
heap
|
page read and write
|
||
|
7FFD9B792000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
C58000
|
unkown
|
page execute and read and write
|
||
|
D93000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FD1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
C42000
|
unkown
|
page execute and read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
C5A000
|
unkown
|
page readonly
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page execute and read and write
|
||
|
10FC000
|
heap
|
page read and write
|
||
|
C42000
|
unkown
|
page readonly
|
||
|
2FD1000
|
trusted library allocation
|
page read and write
|
||
|
1B9AB000
|
stack
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
13A3000
|
trusted library allocation
|
page read and write
|
||
|
1B56C000
|
stack
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
1124000
|
heap
|
page read and write
|
||
|
7FFD9B866000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
10F6000
|
heap
|
page read and write
|
||
|
12FD8000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
trusted library allocation
|
page read and write
|
||
|
1121000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page execute and read and write
|
||
|
7FF46A580000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FD3000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1134000
|
heap
|
page read and write
|
There are 49 hidden memdumps, click here to show them.