Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quarantined Messages (12).zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages (12).zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\mlkax1j3.a2v" "C:\Users\user\Desktop\Quarantined
Messages (12).zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
2DD7000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
7EB000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
2E2B000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D7000
|
heap
|
page read and write
|
||
|
2DCF000
|
trusted library allocation
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
2DF3000
|
trusted library allocation
|
page read and write
|
||
|
DFD000
|
stack
|
page read and write
|
||
|
E5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
2DE8000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
heap
|
page read and write
|
||
|
6EC000
|
stack
|
page read and write
|
||
|
2E34000
|
trusted library allocation
|
page read and write
|
||
|
2D41000
|
trusted library allocation
|
page read and write
|
||
|
12BE000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
C3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E39000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
2DB6000
|
trusted library allocation
|
page read and write
|
||
|
C4E000
|
heap
|
page read and write
|
||
|
2DC1000
|
trusted library allocation
|
page read and write
|
||
|
7F230000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E18000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
E6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
2E12000
|
trusted library allocation
|
page read and write
|
||
|
2E23000
|
trusted library allocation
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page read and write
|
||
|
2D94000
|
trusted library allocation
|
page read and write
|
||
|
2DCC000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2E3F000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
C66000
|
heap
|
page read and write
|
||
|
530E000
|
stack
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
12C0000
|
heap
|
page read and write
|
||
|
C22000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DEB000
|
trusted library allocation
|
page read and write
|
||
|
2E0A000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
12AF000
|
stack
|
page read and write
|
||
|
2E04000
|
trusted library allocation
|
page read and write
|
||
|
2DBA000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2DD2000
|
trusted library allocation
|
page read and write
|
||
|
C4B000
|
heap
|
page read and write
|
||
|
150F000
|
stack
|
page read and write
|
||
|
2E47000
|
trusted library allocation
|
page read and write
|
||
|
2DA2000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
heap
|
page execute and read and write
|
||
|
2E1D000
|
trusted library allocation
|
page read and write
|
||
|
3D41000
|
trusted library allocation
|
page read and write
|
||
|
2DDD000
|
trusted library allocation
|
page read and write
|
||
|
2E42000
|
trusted library allocation
|
page read and write
|
||
|
2E01000
|
trusted library allocation
|
page read and write
|
||
|
2DC9000
|
trusted library allocation
|
page read and write
|
||
|
2E07000
|
trusted library allocation
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
CB7000
|
heap
|
page read and write
|
||
|
2DF9000
|
trusted library allocation
|
page read and write
|
||
|
2E15000
|
trusted library allocation
|
page read and write
|
||
|
2DC4000
|
trusted library allocation
|
page read and write
|
||
|
4EED000
|
stack
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
2DFC000
|
trusted library allocation
|
page read and write
|
||
|
2E0F000
|
trusted library allocation
|
page read and write
|
||
|
E52000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DEE000
|
trusted library allocation
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
7E6000
|
stack
|
page read and write
|
||
|
2D8F000
|
trusted library allocation
|
page read and write
|
||
|
2DF6000
|
trusted library allocation
|
page read and write
|
||
|
2DE5000
|
trusted library allocation
|
page read and write
|
||
|
2E2E000
|
trusted library allocation
|
page read and write
|
||
|
7E9000
|
stack
|
page read and write
|
||
|
2E3C000
|
trusted library allocation
|
page read and write
|
||
|
2DAA000
|
trusted library allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
4FEA000
|
stack
|
page read and write
|
||
|
540E000
|
stack
|
page read and write
|
||
|
2E31000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
C30000
|
trusted library allocation
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
2E26000
|
trusted library allocation
|
page read and write
|
||
|
2D97000
|
trusted library allocation
|
page read and write
|
||
|
C32000
|
trusted library allocation
|
page execute and read and write
|
||
|
E67000
|
trusted library allocation
|
page execute and read and write
|
There are 98 hidden memdumps, click here to show them.