Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
17298331876234923754630425067_eccfa1bca3084c.rar
|
RAR archive data, v4, os: Win32
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\plvl2yqm.ftw" "C:\Users\user\Desktop\17298331876234923754630425067_eccfa1bca3084c.rar"
|
 |
|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\17298331876234923754630425067_eccfa1bca3084c.rar"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
241.42.69.40.in-addr.arpa
|
unknown
|
||
|
212.20.149.52.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1270000
|
heap
|
page read and write
|
||
|
F3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
2F56000
|
trusted library allocation
|
page read and write
|
||
|
F52000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FF7000
|
trusted library allocation
|
page read and write
|
||
|
FCF000
|
heap
|
page read and write
|
||
|
2F67000
|
trusted library allocation
|
page read and write
|
||
|
2F75000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
2FFF000
|
trusted library allocation
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
2795000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
2FF4000
|
trusted library allocation
|
page read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2FA9000
|
trusted library allocation
|
page read and write
|
||
|
2F11000
|
trusted library allocation
|
page read and write
|
||
|
2FC7000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page execute and read and write
|
||
|
DD5000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2F85000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FCD000
|
trusted library allocation
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
2F93000
|
trusted library allocation
|
page read and write
|
||
|
9CB000
|
stack
|
page read and write
|
||
|
9C9000
|
stack
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
2FCA000
|
trusted library allocation
|
page read and write
|
||
|
3034000
|
trusted library allocation
|
page read and write
|
||
|
7F1E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB6000
|
heap
|
page read and write
|
||
|
300D000
|
trusted library allocation
|
page read and write
|
||
|
303A000
|
trusted library allocation
|
page read and write
|
||
|
2F4E000
|
trusted library allocation
|
page read and write
|
||
|
3029000
|
trusted library allocation
|
page read and write
|
||
|
F2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
9C6000
|
stack
|
page read and write
|
||
|
F67000
|
trusted library allocation
|
page execute and read and write
|
||
|
F5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3045000
|
trusted library allocation
|
page read and write
|
||
|
2FD2000
|
trusted library allocation
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
2FB5000
|
trusted library allocation
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
F9B000
|
heap
|
page read and write
|
||
|
301B000
|
trusted library allocation
|
page read and write
|
||
|
2F96000
|
trusted library allocation
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
2CA0000
|
trusted library allocation
|
page read and write
|
||
|
2FDB000
|
trusted library allocation
|
page read and write
|
||
|
302F000
|
trusted library allocation
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
3018000
|
trusted library allocation
|
page read and write
|
||
|
2FE9000
|
trusted library allocation
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
2F4C000
|
trusted library allocation
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
300A000
|
trusted library allocation
|
page read and write
|
||
|
F6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD8000
|
trusted library allocation
|
page read and write
|
||
|
51FD000
|
stack
|
page read and write
|
||
|
F32000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FE3000
|
trusted library allocation
|
page read and write
|
||
|
27E8000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
303D000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
2FE6000
|
trusted library allocation
|
page read and write
|
||
|
2F45000
|
trusted library allocation
|
page read and write
|
||
|
3013000
|
trusted library allocation
|
page read and write
|
||
|
3037000
|
trusted library allocation
|
page read and write
|
||
|
2FBC000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2FB2000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2FFC000
|
trusted library allocation
|
page read and write
|
||
|
3002000
|
trusted library allocation
|
page read and write
|
||
|
2FAC000
|
trusted library allocation
|
page read and write
|
||
|
2FD5000
|
trusted library allocation
|
page read and write
|
||
|
FCF000
|
stack
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
301E000
|
trusted library allocation
|
page read and write
|
||
|
2FEE000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
3F11000
|
trusted library allocation
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
3021000
|
trusted library allocation
|
page read and write
|
||
|
CD8000
|
heap
|
page read and write
|
||
|
3042000
|
trusted library allocation
|
page read and write
|
||
|
2FBF000
|
trusted library allocation
|
page read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
302C000
|
trusted library allocation
|
page read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FC4000
|
trusted library allocation
|
page read and write
|
||
|
2FA4000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
79C000
|
stack
|
page read and write
|
||
|
2F88000
|
trusted library allocation
|
page read and write
|
||
|
52FD000
|
stack
|
page read and write
|
||
|
3005000
|
trusted library allocation
|
page read and write
|
||
|
2F8B000
|
trusted library allocation
|
page read and write
|
There are 112 hidden memdumps, click here to show them.