Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\nea5db15.3oa" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
126C000
|
stack
|
page read and write
|
||
|
166B000
|
heap
|
page read and write
|
||
|
CCF000
|
stack
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
3685000
|
trusted library allocation
|
page read and write
|
||
|
36A4000
|
trusted library allocation
|
page read and write
|
||
|
15D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
36BD000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
3657000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
3662000
|
trusted library allocation
|
page read and write
|
||
|
36AF000
|
trusted library allocation
|
page read and write
|
||
|
15DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1900000
|
trusted library allocation
|
page read and write
|
||
|
36A7000
|
trusted library allocation
|
page read and write
|
||
|
4601000
|
trusted library allocation
|
page read and write
|
||
|
364F000
|
trusted library allocation
|
page read and write
|
||
|
1631000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
19F0000
|
trusted library allocation
|
page read and write
|
||
|
18FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3670000
|
trusted library allocation
|
page read and write
|
||
|
1A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1678000
|
heap
|
page read and write
|
||
|
18F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
19CE000
|
stack
|
page read and write
|
||
|
36E7000
|
trusted library allocation
|
page read and write
|
||
|
15FA000
|
heap
|
page read and write
|
||
|
36B5000
|
trusted library allocation
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
5C7E000
|
stack
|
page read and write
|
||
|
36F8000
|
trusted library allocation
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
3665000
|
trusted library allocation
|
page read and write
|
||
|
3700000
|
trusted library allocation
|
page read and write
|
||
|
15CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
1647000
|
heap
|
page read and write
|
||
|
36EF000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
36F2000
|
trusted library allocation
|
page read and write
|
||
|
36A1000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
3654000
|
trusted library allocation
|
page read and write
|
||
|
3703000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page read and write
|
||
|
369E000
|
trusted library allocation
|
page read and write
|
||
|
1366000
|
stack
|
page read and write
|
||
|
36B2000
|
trusted library allocation
|
page read and write
|
||
|
1673000
|
heap
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
36D6000
|
trusted library allocation
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
36C3000
|
trusted library allocation
|
page read and write
|
||
|
368B000
|
trusted library allocation
|
page read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
163D000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
36E4000
|
trusted library allocation
|
page read and write
|
||
|
3696000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
162D000
|
heap
|
page read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
3693000
|
trusted library allocation
|
page read and write
|
||
|
3630000
|
trusted library allocation
|
page read and write
|
||
|
194E000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
1960000
|
heap
|
page execute and read and write
|
||
|
36FD000
|
trusted library allocation
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
7EFF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1616000
|
heap
|
page read and write
|
||
|
36DC000
|
trusted library allocation
|
page read and write
|
||
|
15DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
36F5000
|
trusted library allocation
|
page read and write
|
||
|
3688000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
15FE000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
1369000
|
stack
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
36CB000
|
trusted library allocation
|
page read and write
|
||
|
190B000
|
trusted library allocation
|
page execute and read and write
|
||
|
36CE000
|
trusted library allocation
|
page read and write
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
3699000
|
trusted library allocation
|
page read and write
|
||
|
36C8000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
3676000
|
trusted library allocation
|
page read and write
|
||
|
36D9000
|
trusted library allocation
|
page read and write
|
||
|
1907000
|
trusted library allocation
|
page execute and read and write
|
||
|
3635000
|
trusted library allocation
|
page read and write
|
||
|
3682000
|
trusted library allocation
|
page read and write
|
||
|
36BA000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
3706000
|
trusted library allocation
|
page read and write
|
||
|
15C2000
|
trusted library allocation
|
page execute and read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
366A000
|
trusted library allocation
|
page read and write
|
||
|
9AE000
|
stack
|
page read and write
|
||
|
5D7E000
|
stack
|
page read and write
|
||
|
3679000
|
trusted library allocation
|
page read and write
|
||
|
36AC000
|
trusted library allocation
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
36DF000
|
trusted library allocation
|
page read and write
|
||
|
36D1000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
36EA000
|
trusted library allocation
|
page read and write
|
||
|
136B000
|
stack
|
page read and write
|
||
|
1633000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
There are 107 hidden memdumps, click here to show them.