Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quarantined Messages (3).zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages (3).zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5en31z4t.51p" "C:\Users\user\Desktop\Quarantined
Messages (3).zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28A0000
|
heap
|
page read and write
|
||
|
327E000
|
trusted library allocation
|
page read and write
|
||
|
2895000
|
heap
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
3217000
|
trusted library allocation
|
page read and write
|
||
|
1557000
|
trusted library allocation
|
page execute and read and write
|
||
|
3292000
|
trusted library allocation
|
page read and write
|
||
|
3276000
|
trusted library allocation
|
page read and write
|
||
|
1006000
|
heap
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
329A000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
151A000
|
trusted library allocation
|
page execute and read and write
|
||
|
53A0000
|
trusted library allocation
|
page read and write
|
||
|
3249000
|
trusted library allocation
|
page read and write
|
||
|
328C000
|
trusted library allocation
|
page read and write
|
||
|
329D000
|
trusted library allocation
|
page read and write
|
||
|
3295000
|
trusted library allocation
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
153A000
|
trusted library allocation
|
page execute and read and write
|
||
|
32B6000
|
trusted library allocation
|
page read and write
|
||
|
3284000
|
trusted library allocation
|
page read and write
|
||
|
3279000
|
trusted library allocation
|
page read and write
|
||
|
3225000
|
trusted library allocation
|
page read and write
|
||
|
104F000
|
heap
|
page read and write
|
||
|
32AB000
|
trusted library allocation
|
page read and write
|
||
|
539F000
|
stack
|
page read and write
|
||
|
325D000
|
trusted library allocation
|
page read and write
|
||
|
32C4000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
3273000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
7FB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
3222000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1512000
|
trusted library allocation
|
page execute and read and write
|
||
|
3281000
|
trusted library allocation
|
page read and write
|
||
|
41C1000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
F89000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
328F000
|
trusted library allocation
|
page read and write
|
||
|
325A000
|
trusted library allocation
|
page read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
324C000
|
trusted library allocation
|
page read and write
|
||
|
3265000
|
trusted library allocation
|
page read and write
|
||
|
32B9000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
FCF000
|
stack
|
page read and write
|
||
|
151C000
|
trusted library allocation
|
page execute and read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
FEA000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
324F000
|
trusted library allocation
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
104C000
|
heap
|
page read and write
|
||
|
1056000
|
heap
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
101D000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
322A000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
F86000
|
stack
|
page read and write
|
||
|
1026000
|
heap
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
3252000
|
trusted library allocation
|
page read and write
|
||
|
32A8000
|
trusted library allocation
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
32AE000
|
trusted library allocation
|
page read and write
|
||
|
E8C000
|
stack
|
page read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
1532000
|
trusted library allocation
|
page execute and read and write
|
||
|
159E000
|
stack
|
page read and write
|
||
|
31C1000
|
trusted library allocation
|
page read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
599F000
|
stack
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
32A3000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
1502000
|
trusted library allocation
|
page execute and read and write
|
||
|
547E000
|
stack
|
page read and write
|
||
|
53B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
3257000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
589E000
|
stack
|
page read and write
|
||
|
150A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
557D000
|
stack
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
1023000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
323A000
|
trusted library allocation
|
page read and write
|
||
|
32BC000
|
trusted library allocation
|
page read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
11A5000
|
heap
|
page read and write
|
||
|
155B000
|
trusted library allocation
|
page execute and read and write
|
||
|
F8B000
|
stack
|
page read and write
|
||
|
3268000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
trusted library allocation
|
page read and write
|
||
|
320F000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
3287000
|
trusted library allocation
|
page read and write
|
||
|
3214000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page execute and read and write
|
There are 104 hidden memdumps, click here to show them.