Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
upload (1).zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\upload (1).zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\faox30la.tjv" "C:\Users\user\Desktop\upload
(1).zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3231000
|
trusted library allocation
|
page read and write
|
||
|
327A000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
31E5000
|
trusted library allocation
|
page read and write
|
||
|
145A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1472000
|
trusted library allocation
|
page execute and read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
321E000
|
trusted library allocation
|
page read and write
|
||
|
31F5000
|
trusted library allocation
|
page read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
3242000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
147A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4191000
|
trusted library allocation
|
page read and write
|
||
|
327D000
|
trusted library allocation
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
144A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
3229000
|
trusted library allocation
|
page read and write
|
||
|
3234000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3218000
|
trusted library allocation
|
page read and write
|
||
|
323A000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
3299000
|
trusted library allocation
|
page read and write
|
||
|
3206000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
11CA000
|
heap
|
page read and write
|
||
|
BDC000
|
stack
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page execute and read and write
|
||
|
3272000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
151E000
|
stack
|
page read and write
|
||
|
31EE000
|
trusted library allocation
|
page read and write
|
||
|
148B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F710000
|
trusted library allocation
|
page execute and read and write
|
||
|
78C000
|
stack
|
page read and write
|
||
|
532F000
|
stack
|
page read and write
|
||
|
31D7000
|
trusted library allocation
|
page read and write
|
||
|
3277000
|
trusted library allocation
|
page read and write
|
||
|
326C000
|
trusted library allocation
|
page read and write
|
||
|
31FB000
|
trusted library allocation
|
page read and write
|
||
|
3215000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
1442000
|
trusted library allocation
|
page execute and read and write
|
||
|
3223000
|
trusted library allocation
|
page read and write
|
||
|
31F3000
|
trusted library allocation
|
page read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
328B000
|
trusted library allocation
|
page read and write
|
||
|
3209000
|
trusted library allocation
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
3288000
|
trusted library allocation
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
3237000
|
trusted library allocation
|
page read and write
|
||
|
326F000
|
trusted library allocation
|
page read and write
|
||
|
145C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
1236000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
3248000
|
trusted library allocation
|
page read and write
|
||
|
1487000
|
trusted library allocation
|
page execute and read and write
|
||
|
3256000
|
trusted library allocation
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
1452000
|
trusted library allocation
|
page execute and read and write
|
||
|
322C000
|
trusted library allocation
|
page read and write
|
||
|
11E6000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
11FD000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
325E000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
3264000
|
trusted library allocation
|
page read and write
|
||
|
321B000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
325B000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
heap
|
page execute and read and write
|
||
|
3293000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
trusted library allocation
|
page read and write
|
||
|
3191000
|
trusted library allocation
|
page read and write
|
||
|
54DD000
|
stack
|
page read and write
|
||
|
3285000
|
trusted library allocation
|
page read and write
|
||
|
3296000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
3261000
|
trusted library allocation
|
page read and write
|
||
|
28E5000
|
heap
|
page read and write
|
||
|
3245000
|
trusted library allocation
|
page read and write
|
||
|
3226000
|
trusted library allocation
|
page read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
3253000
|
trusted library allocation
|
page read and write
|
||
|
3269000
|
trusted library allocation
|
page read and write
|
||
|
31DF000
|
trusted library allocation
|
page read and write
|
There are 101 hidden memdumps, click here to show them.