Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\s1im4k2h.s1l" "C:\Users\user\Desktop\MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip"
|
 |
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWow64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_9325dd111d7e1367f293dfb028879208fd3ed9b9.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
3684000
|
trusted library allocation
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
158D000
|
heap
|
page read and write
|
||
|
368C000
|
trusted library allocation
|
page read and write
|
||
|
2665000
|
heap
|
page read and write
|
||
|
1AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
3673000
|
trusted library allocation
|
page read and write
|
||
|
36B9000
|
trusted library allocation
|
page read and write
|
||
|
177C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D3E000
|
stack
|
page read and write
|
||
|
35D1000
|
trusted library allocation
|
page read and write
|
||
|
36BC000
|
trusted library allocation
|
page read and write
|
||
|
18AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
366B000
|
trusted library allocation
|
page read and write
|
||
|
3634000
|
trusted library allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
36CF000
|
trusted library allocation
|
page read and write
|
||
|
1A6E000
|
stack
|
page read and write
|
||
|
1750000
|
trusted library allocation
|
page read and write
|
||
|
3692000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
3695000
|
trusted library allocation
|
page read and write
|
||
|
7F0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
366E000
|
trusted library allocation
|
page read and write
|
||
|
3679000
|
trusted library allocation
|
page read and write
|
||
|
36C4000
|
trusted library allocation
|
page read and write
|
||
|
360C000
|
trusted library allocation
|
page read and write
|
||
|
36A3000
|
trusted library allocation
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
36B6000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
36C7000
|
trusted library allocation
|
page read and write
|
||
|
3616000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
3637000
|
trusted library allocation
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
1AAE000
|
stack
|
page read and write
|
||
|
576F000
|
stack
|
page read and write
|
||
|
133B000
|
stack
|
page read and write
|
||
|
367E000
|
trusted library allocation
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
36D5000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
36A8000
|
trusted library allocation
|
page read and write
|
||
|
1336000
|
stack
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
360E000
|
trusted library allocation
|
page read and write
|
||
|
3676000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
3629000
|
trusted library allocation
|
page read and write
|
||
|
362F000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
3657000
|
trusted library allocation
|
page read and write
|
||
|
15B8000
|
heap
|
page read and write
|
||
|
1772000
|
trusted library allocation
|
page execute and read and write
|
||
|
155A000
|
heap
|
page read and write
|
||
|
591D000
|
stack
|
page read and write
|
||
|
18FE000
|
stack
|
page read and write
|
||
|
3665000
|
trusted library allocation
|
page read and write
|
||
|
36D8000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
155E000
|
heap
|
page read and write
|
||
|
368F000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
361E000
|
trusted library allocation
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
3652000
|
trusted library allocation
|
page read and write
|
||
|
3687000
|
trusted library allocation
|
page read and write
|
||
|
36AE000
|
trusted library allocation
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
36B1000
|
trusted library allocation
|
page read and write
|
||
|
3626000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
5BD000
|
stack
|
page read and write
|
||
|
363C000
|
trusted library allocation
|
page read and write
|
||
|
1762000
|
trusted library allocation
|
page execute and read and write
|
||
|
176A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3600000
|
trusted library allocation
|
page read and write
|
||
|
36C1000
|
trusted library allocation
|
page read and write
|
||
|
36AB000
|
trusted library allocation
|
page read and write
|
||
|
18A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
369D000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
3642000
|
trusted library allocation
|
page read and write
|
||
|
18BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
364B000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
3668000
|
trusted library allocation
|
page read and write
|
||
|
365D000
|
trusted library allocation
|
page read and write
|
||
|
18B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
36CA000
|
trusted library allocation
|
page read and write
|
||
|
36D2000
|
trusted library allocation
|
page read and write
|
||
|
1339000
|
stack
|
page read and write
|
||
|
1AE0000
|
heap
|
page execute and read and write
|
||
|
369A000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
trusted library allocation
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
45D1000
|
trusted library allocation
|
page read and write
|
||
|
1576000
|
heap
|
page read and write
|
||
|
3648000
|
trusted library allocation
|
page read and write
|
||
|
3621000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
365A000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
123C000
|
stack
|
page read and write
|
||
|
177A000
|
trusted library allocation
|
page execute and read and write
|
There are 105 hidden memdumps, click here to show them.