Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CITY OF PETERBOROUGH - 458869.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\CITY OF PETERBOROUGH - 458869.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\fadbomdn.g5u" "C:\Users\user\Desktop\CITY
OF PETERBOROUGH - 458869.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31D000
|
stack
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
3132000
|
trusted library allocation
|
page read and write
|
||
|
314E000
|
trusted library allocation
|
page read and write
|
||
|
1072000
|
trusted library allocation
|
page execute and read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
B0C000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
3102000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
trusted library allocation
|
page read and write
|
||
|
30F4000
|
trusted library allocation
|
page read and write
|
||
|
1257000
|
heap
|
page read and write
|
||
|
30F7000
|
trusted library allocation
|
page read and write
|
||
|
225F000
|
stack
|
page read and write
|
||
|
1206000
|
heap
|
page read and write
|
||
|
11EA000
|
heap
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
312C000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
3129000
|
trusted library allocation
|
page read and write
|
||
|
3124000
|
trusted library allocation
|
page read and write
|
||
|
3116000
|
trusted library allocation
|
page read and write
|
||
|
310D000
|
trusted library allocation
|
page read and write
|
||
|
311B000
|
trusted library allocation
|
page read and write
|
||
|
3121000
|
trusted library allocation
|
page read and write
|
||
|
21C000
|
stack
|
page read and write
|
||
|
11CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
3113000
|
trusted library allocation
|
page read and write
|
||
|
30DB000
|
trusted library allocation
|
page read and write
|
||
|
4051000
|
trusted library allocation
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
3105000
|
trusted library allocation
|
page read and write
|
||
|
10A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
30FA000
|
trusted library allocation
|
page read and write
|
||
|
30E6000
|
trusted library allocation
|
page read and write
|
||
|
313A000
|
trusted library allocation
|
page read and write
|
||
|
522E000
|
stack
|
page read and write
|
||
|
30EC000
|
trusted library allocation
|
page read and write
|
||
|
30DE000
|
trusted library allocation
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
3148000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
311E000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
313D000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
3153000
|
trusted library allocation
|
page read and write
|
||
|
1082000
|
trusted library allocation
|
page execute and read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
8C8000
|
heap
|
page read and write
|
||
|
2C0E000
|
stack
|
page read and write
|
||
|
30C6000
|
trusted library allocation
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
2275000
|
heap
|
page read and write
|
||
|
3108000
|
trusted library allocation
|
page read and write
|
||
|
108C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page execute and read and write
|
||
|
30A7000
|
trusted library allocation
|
page read and write
|
||
|
11C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
30FF000
|
trusted library allocation
|
page read and write
|
||
|
121F000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page execute and read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
10AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
30E9000
|
trusted library allocation
|
page read and write
|
||
|
30B2000
|
trusted library allocation
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
30E3000
|
trusted library allocation
|
page read and write
|
||
|
108A000
|
trusted library allocation
|
page execute and read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
30BA000
|
trusted library allocation
|
page read and write
|
||
|
3145000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
2280000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
EFB000
|
stack
|
page read and write
|
||
|
3137000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
30C9000
|
trusted library allocation
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
30A4000
|
trusted library allocation
|
page read and write
|
||
|
107A000
|
trusted library allocation
|
page execute and read and write
|
||
|
314B000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
30B5000
|
trusted library allocation
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
30D8000
|
trusted library allocation
|
page read and write
|
||
|
30AD000
|
trusted library allocation
|
page read and write
|
There are 100 hidden memdumps, click here to show them.