Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QuarantineDownload.zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\QuarantineDownload.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\qxqkxgrf.j4o" "C:\Users\user\Desktop\QuarantineDownload.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A0000
|
heap
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
2803000
|
trusted library allocation
|
page read and write
|
||
|
285F000
|
trusted library allocation
|
page read and write
|
||
|
6AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
trusted library allocation
|
page read and write
|
||
|
284E000
|
trusted library allocation
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
282D000
|
trusted library allocation
|
page read and write
|
||
|
286D000
|
trusted library allocation
|
page read and write
|
||
|
2881000
|
trusted library allocation
|
page read and write
|
||
|
2827000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
123F000
|
stack
|
page read and write
|
||
|
2873000
|
trusted library allocation
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
27C8000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
2865000
|
trusted library allocation
|
page read and write
|
||
|
283B000
|
trusted library allocation
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
2851000
|
trusted library allocation
|
page read and write
|
||
|
4D0E000
|
stack
|
page read and write
|
||
|
2832000
|
trusted library allocation
|
page read and write
|
||
|
2857000
|
trusted library allocation
|
page read and write
|
||
|
2886000
|
trusted library allocation
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
2814000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
282A000
|
trusted library allocation
|
page read and write
|
||
|
287B000
|
trusted library allocation
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
2854000
|
trusted library allocation
|
page read and write
|
||
|
27C4000
|
trusted library allocation
|
page read and write
|
||
|
27EC000
|
trusted library allocation
|
page read and write
|
||
|
6BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3781000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page read and write
|
||
|
27D6000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
2878000
|
trusted library allocation
|
page read and write
|
||
|
6A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
690000
|
trusted library allocation
|
page read and write
|
||
|
2889000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
4D4E000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
281F000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
7F560000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
6D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
2838000
|
trusted library allocation
|
page read and write
|
||
|
2862000
|
trusted library allocation
|
page read and write
|
||
|
2819000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page execute and read and write
|
||
|
2781000
|
trusted library allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
6B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
243E000
|
stack
|
page read and write
|
||
|
285C000
|
trusted library allocation
|
page read and write
|
||
|
27E6000
|
trusted library allocation
|
page read and write
|
||
|
280B000
|
trusted library allocation
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page read and write
|
||
|
286A000
|
trusted library allocation
|
page read and write
|
||
|
27DA000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
27F8000
|
trusted library allocation
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
2843000
|
trusted library allocation
|
page read and write
|
||
|
27E4000
|
trusted library allocation
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
27BE000
|
trusted library allocation
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
4C0E000
|
stack
|
page read and write
|
||
|
281C000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
1025000
|
heap
|
page read and write
|
||
|
6E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
27FC000
|
trusted library allocation
|
page read and write
|
||
|
2806000
|
trusted library allocation
|
page read and write
|
||
|
27BC000
|
trusted library allocation
|
page read and write
|
||
|
6B0000
|
trusted library allocation
|
page read and write
|
||
|
2846000
|
trusted library allocation
|
page read and write
|
||
|
1048000
|
heap
|
page read and write
|
||
|
6DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2849000
|
trusted library allocation
|
page read and write
|
||
|
6EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
280E000
|
trusted library allocation
|
page read and write
|
||
|
287E000
|
trusted library allocation
|
page read and write
|
||
|
595000
|
heap
|
page read and write
|
||
|
F7F000
|
stack
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
There are 103 hidden memdumps, click here to show them.