Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Proforma Invoice - Order Confirmation S0167655778 - MLS39876 -20242404 (2).pdf.rar
|
RAR archive data, flags: EncryptedBlockHeader
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Proforma Invoice - Order Confirmation S0167655778 - MLS39876
-20242404 (2).pdf.rar"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\0hfur4z5.wan" "C:\Users\user\Desktop\Proforma
Invoice - Order Confirmation S0167655778 - MLS39876 -20242404 (2).pdf.rar"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31C1000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
3268000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
3255000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
3260000
|
trusted library allocation
|
page read and write
|
||
|
3287000
|
trusted library allocation
|
page read and write
|
||
|
323E000
|
trusted library allocation
|
page read and write
|
||
|
2E7F000
|
stack
|
page read and write
|
||
|
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
327C000
|
trusted library allocation
|
page read and write
|
||
|
3247000
|
trusted library allocation
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
55AD000
|
stack
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
EFC000
|
stack
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
32A3000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
1500000
|
heap
|
page execute and read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
FFD000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
32AC000
|
trusted library allocation
|
page read and write
|
||
|
2F38000
|
heap
|
page read and write
|
||
|
320E000
|
trusted library allocation
|
page read and write
|
||
|
130A000
|
trusted library allocation
|
page execute and read and write
|
||
|
588E000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
324F000
|
trusted library allocation
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
32A6000
|
trusted library allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
3239000
|
trusted library allocation
|
page read and write
|
||
|
322D000
|
trusted library allocation
|
page read and write
|
||
|
FFF000
|
heap
|
page read and write
|
||
|
328A000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
32B4000
|
trusted library allocation
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
328D000
|
trusted library allocation
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
326B000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
321C000
|
trusted library allocation
|
page read and write
|
||
|
31FE000
|
trusted library allocation
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
3227000
|
trusted library allocation
|
page read and write
|
||
|
7F390000
|
trusted library allocation
|
page execute and read and write
|
||
|
32BA000
|
trusted library allocation
|
page read and write
|
||
|
B7C000
|
stack
|
page read and write
|
||
|
3295000
|
trusted library allocation
|
page read and write
|
||
|
578E000
|
stack
|
page read and write
|
||
|
3208000
|
trusted library allocation
|
page read and write
|
||
|
12D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
32A9000
|
trusted library allocation
|
page read and write
|
||
|
326E000
|
trusted library allocation
|
page read and write
|
||
|
3298000
|
trusted library allocation
|
page read and write
|
||
|
3276000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
FFC000
|
heap
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
12DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3233000
|
trusted library allocation
|
page read and write
|
||
|
32B7000
|
trusted library allocation
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
3224000
|
trusted library allocation
|
page read and write
|
||
|
1302000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
322A000
|
trusted library allocation
|
page read and write
|
||
|
41C1000
|
trusted library allocation
|
page read and write
|
||
|
327F000
|
trusted library allocation
|
page read and write
|
||
|
52BE000
|
stack
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
1598000
|
heap
|
page read and write
|
||
|
12EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
324C000
|
trusted library allocation
|
page read and write
|
||
|
325A000
|
trusted library allocation
|
page read and write
|
||
|
329B000
|
trusted library allocation
|
page read and write
|
||
|
131B000
|
trusted library allocation
|
page execute and read and write
|
||
|
325D000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
3252000
|
trusted library allocation
|
page read and write
|
||
|
1317000
|
trusted library allocation
|
page execute and read and write
|
||
|
14DF000
|
stack
|
page read and write
|
||
|
3284000
|
trusted library allocation
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
F9B000
|
heap
|
page read and write
|
||
|
313A000
|
heap
|
page read and write
|
||
|
3279000
|
trusted library allocation
|
page read and write
|
There are 100 hidden memdumps, click here to show them.