Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\amqnf5nx.bdo" "C:\Users\user\Desktop\MDE_File_Sample_bcdc0b75df7c481568c48ae5a8f1d75305b5fc22.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B97000
|
trusted library allocation
|
page read and write
|
||
|
2C0A000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
2BFC000
|
trusted library allocation
|
page read and write
|
||
|
2C04000
|
trusted library allocation
|
page read and write
|
||
|
2BA8000
|
trusted library allocation
|
page read and write
|
||
|
ABE000
|
heap
|
page read and write
|
||
|
2BAB000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
297F000
|
stack
|
page read and write
|
||
|
4FEA000
|
stack
|
page read and write
|
||
|
2B81000
|
trusted library allocation
|
page read and write
|
||
|
3B11000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
E1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FCB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2BDD000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C0F000
|
trusted library allocation
|
page read and write
|
||
|
2C18000
|
trusted library allocation
|
page read and write
|
||
|
2B56000
|
trusted library allocation
|
page read and write
|
||
|
2875000
|
heap
|
page read and write
|
||
|
2B5E000
|
trusted library allocation
|
page read and write
|
||
|
2BCC000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
heap
|
page execute and read and write
|
||
|
2B74000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2C07000
|
trusted library allocation
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
2B88000
|
trusted library allocation
|
page read and write
|
||
|
2B94000
|
trusted library allocation
|
page read and write
|
||
|
2B9A000
|
trusted library allocation
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
2BF6000
|
trusted library allocation
|
page read and write
|
||
|
2B8B000
|
trusted library allocation
|
page read and write
|
||
|
2B7C000
|
trusted library allocation
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
2B45000
|
trusted library allocation
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
2B4E000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
2BC1000
|
trusted library allocation
|
page read and write
|
||
|
E12000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B11000
|
trusted library allocation
|
page read and write
|
||
|
5BC000
|
stack
|
page read and write
|
||
|
E2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
2B64000
|
trusted library allocation
|
page read and write
|
||
|
AD6000
|
heap
|
page read and write
|
||
|
2BD2000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
2BE3000
|
trusted library allocation
|
page read and write
|
||
|
2BDA000
|
trusted library allocation
|
page read and write
|
||
|
AED000
|
heap
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
2BF9000
|
trusted library allocation
|
page read and write
|
||
|
2BC7000
|
trusted library allocation
|
page read and write
|
||
|
2B76000
|
trusted library allocation
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
2B7F000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
E22000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B4C000
|
trusted library allocation
|
page read and write
|
||
|
2BCF000
|
trusted library allocation
|
page read and write
|
||
|
E2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E57000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B9D000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
trusted library allocation
|
page read and write
|
||
|
B22000
|
heap
|
page read and write
|
||
|
72C000
|
stack
|
page read and write
|
||
|
4EED000
|
stack
|
page read and write
|
||
|
2C15000
|
trusted library allocation
|
page read and write
|
||
|
2BBE000
|
trusted library allocation
|
page read and write
|
||
|
2BB6000
|
trusted library allocation
|
page read and write
|
||
|
2C12000
|
trusted library allocation
|
page read and write
|
||
|
B28000
|
heap
|
page read and write
|
||
|
E42000
|
trusted library allocation
|
page execute and read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
27CF000
|
stack
|
page read and write
|
||
|
2BD5000
|
trusted library allocation
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
2B6C000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
E00000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
2BB3000
|
trusted library allocation
|
page read and write
|
||
|
2BA5000
|
trusted library allocation
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2BB9000
|
trusted library allocation
|
page read and write
|
||
|
E5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA2000
|
trusted library allocation
|
page read and write
|
||
|
2BEB000
|
trusted library allocation
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
2BC4000
|
trusted library allocation
|
page read and write
|
||
|
E4A000
|
trusted library allocation
|
page execute and read and write
|
There are 105 hidden memdumps, click here to show them.