Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
MDE_File_Sample_30892aa18b807e9fb9de4629f9c00a495f7152e7.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\MDE_File_Sample_30892aa18b807e9fb9de4629f9c00a495f7152e7.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\2at1sd53.cxd" "C:\Users\user\Desktop\MDE_File_Sample_30892aa18b807e9fb9de4629f9c00a495f7152e7.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F45000
|
trusted library allocation
|
page read and write
|
||
|
2F53000
|
trusted library allocation
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page read and write
|
||
|
2F3A000
|
trusted library allocation
|
page read and write
|
||
|
2F7A000
|
trusted library allocation
|
page read and write
|
||
|
2EBE000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
2F5E000
|
trusted library allocation
|
page read and write
|
||
|
E4D000
|
heap
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
2F07000
|
trusted library allocation
|
page read and write
|
||
|
2EF2000
|
trusted library allocation
|
page read and write
|
||
|
F12000
|
trusted library allocation
|
page execute and read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
2EDE000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
2F6F000
|
trusted library allocation
|
page read and write
|
||
|
2F02000
|
trusted library allocation
|
page read and write
|
||
|
9C6000
|
stack
|
page read and write
|
||
|
F2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F0D000
|
trusted library allocation
|
page read and write
|
||
|
174F000
|
stack
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
51C9000
|
stack
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F82000
|
trusted library allocation
|
page read and write
|
||
|
1558000
|
heap
|
page read and write
|
||
|
2F1E000
|
trusted library allocation
|
page read and write
|
||
|
2EB5000
|
trusted library allocation
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
2F5B000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
31D5000
|
heap
|
page read and write
|
||
|
2EBC000
|
trusted library allocation
|
page read and write
|
||
|
2F2C000
|
trusted library allocation
|
page read and write
|
||
|
F4A000
|
trusted library allocation
|
page execute and read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
2EEC000
|
trusted library allocation
|
page read and write
|
||
|
2ED4000
|
trusted library allocation
|
page read and write
|
||
|
2EFB000
|
trusted library allocation
|
page read and write
|
||
|
2F69000
|
trusted library allocation
|
page read and write
|
||
|
E1E000
|
heap
|
page read and write
|
||
|
501F000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
2F3F000
|
trusted library allocation
|
page read and write
|
||
|
2F26000
|
trusted library allocation
|
page read and write
|
||
|
2ECE000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
2EDC000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
2F15000
|
trusted library allocation
|
page read and write
|
||
|
3E81000
|
trusted library allocation
|
page read and write
|
||
|
2F66000
|
trusted library allocation
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
F5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
2F31000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page execute and read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
2F48000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
2EF8000
|
trusted library allocation
|
page read and write
|
||
|
2F4D000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F29000
|
trusted library allocation
|
page read and write
|
||
|
2F1B000
|
trusted library allocation
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
E36000
|
heap
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
2EDA000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
stack
|
page read and write
|
||
|
2F61000
|
trusted library allocation
|
page read and write
|
||
|
2F77000
|
trusted library allocation
|
page read and write
|
||
|
F57000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1B000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
FAC000
|
stack
|
page read and write
|
||
|
2E81000
|
trusted library allocation
|
page read and write
|
||
|
2F34000
|
trusted library allocation
|
page read and write
|
||
|
2F74000
|
trusted library allocation
|
page read and write
|
||
|
2F0A000
|
trusted library allocation
|
page read and write
|
||
|
F42000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F18000
|
trusted library allocation
|
page read and write
|
||
|
2EC6000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
2F6C000
|
trusted library allocation
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
F2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2EE7000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
2F42000
|
trusted library allocation
|
page read and write
|
||
|
7EE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F8B000
|
trusted library allocation
|
page read and write
|
||
|
2F23000
|
trusted library allocation
|
page read and write
|
||
|
2F85000
|
trusted library allocation
|
page read and write
|
||
|
E75000
|
heap
|
page read and write
|
||
|
2F37000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
146E000
|
stack
|
page read and write
|
||
|
2F88000
|
trusted library allocation
|
page read and write
|
||
|
2EE4000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
9C9000
|
stack
|
page read and write
|
There are 107 hidden memdumps, click here to show them.