IOC Report
Quarantined Messages.zip

loading gif

Files

File Path
Type
Category
Malicious
Quarantined Messages.zip
Zip archive data, at least v4.5 to extract, compression method=deflate
initial sample
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\unarchiver.exe
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages.zip"
C:\Windows\SysWOW64\7za.exe
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined Messages.zip"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Memdumps

Base Address
Regiontype
Protect
Malicious
7F990000
trusted library allocation
page execute and read and write
3164000
trusted library allocation
page read and write
3104000
trusted library allocation
page read and write
EFB000
stack
page read and write
15A0000
trusted library allocation
page execute and read and write
585E000
stack
page read and write
313D000
trusted library allocation
page read and write
F30000
heap
page read and write
12FB000
trusted library allocation
page execute and read and write
314B000
trusted library allocation
page read and write
3186000
trusted library allocation
page read and write
3183000
trusted library allocation
page read and write
318E000
trusted library allocation
page read and write
155F000
stack
page read and write
2985000
heap
page read and write
3156000
trusted library allocation
page read and write
1310000
heap
page read and write
31B2000
trusted library allocation
page read and write
FD7000
heap
page read and write
12F7000
trusted library allocation
page execute and read and write
EAE000
stack
page read and write
B4C000
stack
page read and write
145E000
stack
page read and write
543D000
stack
page read and write
30FE000
trusted library allocation
page read and write
D8E000
stack
page read and write
3121000
trusted library allocation
page read and write
F86000
heap
page read and write
3132000
trusted library allocation
page read and write
314E000
trusted library allocation
page read and write
D90000
heap
page read and write
30EE000
trusted library allocation
page read and write
F9D000
heap
page read and write
F60000
heap
page read and write
12BA000
trusted library allocation
page execute and read and write
BC0000
heap
page read and write
316A000
trusted library allocation
page read and write
15C0000
heap
page read and write
BB0000
heap
page read and write
12A0000
trusted library allocation
page read and write
3180000
trusted library allocation
page read and write
C30000
heap
page read and write
F38000
heap
page read and write
310E000
trusted library allocation
page read and write
30E0000
trusted library allocation
page read and write
311C000
trusted library allocation
page read and write
312B000
trusted library allocation
page read and write
31B8000
trusted library allocation
page read and write
1270000
heap
page read and write
BC5000
heap
page read and write
12C0000
trusted library allocation
page read and write
40B1000
trusted library allocation
page read and write
1590000
trusted library allocation
page read and write
318B000
trusted library allocation
page read and write
3145000
trusted library allocation
page read and write
31A7000
trusted library allocation
page read and write
D4E000
stack
page read and write
12CC000
trusted library allocation
page execute and read and write
3175000
trusted library allocation
page read and write
3128000
trusted library allocation
page read and write
3114000
trusted library allocation
page read and write
3167000
trusted library allocation
page read and write
533E000
stack
page read and write
319C000
trusted library allocation
page read and write
3140000
trusted library allocation
page read and write
3159000
trusted library allocation
page read and write
BD0000
heap
page read and write
F6A000
heap
page read and write
F6E000
heap
page read and write
EF9000
stack
page read and write
1580000
heap
page execute and read and write
319F000
trusted library allocation
page read and write
2980000
heap
page read and write
12F0000
trusted library allocation
page read and write
DA0000
heap
page read and write
12EA000
trusted library allocation
page execute and read and write
316F000
trusted library allocation
page read and write
FC6000
heap
page read and write
12C2000
trusted library allocation
page execute and read and write
3178000
trusted library allocation
page read and write
3194000
trusted library allocation
page read and write
12E2000
trusted library allocation
page execute and read and write
528F000
stack
page read and write
F50000
heap
page read and write
31A4000
trusted library allocation
page read and write
EC0000
heap
page read and write
3199000
trusted library allocation
page read and write
3108000
trusted library allocation
page read and write
30EC000
trusted library allocation
page read and write
315C000
trusted library allocation
page read and write
313A000
trusted library allocation
page read and write
518E000
stack
page read and write
30F6000
trusted library allocation
page read and write
3161000
trusted library allocation
page read and write
8CC000
stack
page read and write
31B5000
trusted library allocation
page read and write
12B2000
trusted library allocation
page execute and read and write
2990000
heap
page read and write
112E000
stack
page read and write
EF6000
stack
page read and write
311F000
trusted library allocation
page read and write
ED0000
trusted library allocation
page read and write
31AA000
trusted library allocation
page read and write
3148000
trusted library allocation
page read and write
3116000
trusted library allocation
page read and write
317D000
trusted library allocation
page read and write
310C000
trusted library allocation
page read and write
3172000
trusted library allocation
page read and write
30B1000
trusted library allocation
page read and write
9CD000
stack
page read and write
3191000
trusted library allocation
page read and write
12CA000
trusted library allocation
page execute and read and write
575E000
stack
page read and write
31AD000
trusted library allocation
page read and write
3153000
trusted library allocation
page read and write
There are 105 hidden memdumps, click here to show them.