Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Quarantined Messages.zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages.zip"
|
||
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\rrw4j4yb.kce" "C:\Users\user\Desktop\Quarantined
Messages.zip"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7F990000
|
trusted library allocation
|
page execute and read and write
|
||
3164000
|
trusted library allocation
|
page read and write
|
||
3104000
|
trusted library allocation
|
page read and write
|
||
EFB000
|
stack
|
page read and write
|
||
15A0000
|
trusted library allocation
|
page execute and read and write
|
||
585E000
|
stack
|
page read and write
|
||
313D000
|
trusted library allocation
|
page read and write
|
||
F30000
|
heap
|
page read and write
|
||
12FB000
|
trusted library allocation
|
page execute and read and write
|
||
314B000
|
trusted library allocation
|
page read and write
|
||
3186000
|
trusted library allocation
|
page read and write
|
||
3183000
|
trusted library allocation
|
page read and write
|
||
318E000
|
trusted library allocation
|
page read and write
|
||
155F000
|
stack
|
page read and write
|
||
2985000
|
heap
|
page read and write
|
||
3156000
|
trusted library allocation
|
page read and write
|
||
1310000
|
heap
|
page read and write
|
||
31B2000
|
trusted library allocation
|
page read and write
|
||
FD7000
|
heap
|
page read and write
|
||
12F7000
|
trusted library allocation
|
page execute and read and write
|
||
EAE000
|
stack
|
page read and write
|
||
B4C000
|
stack
|
page read and write
|
||
145E000
|
stack
|
page read and write
|
||
543D000
|
stack
|
page read and write
|
||
30FE000
|
trusted library allocation
|
page read and write
|
||
D8E000
|
stack
|
page read and write
|
||
3121000
|
trusted library allocation
|
page read and write
|
||
F86000
|
heap
|
page read and write
|
||
3132000
|
trusted library allocation
|
page read and write
|
||
314E000
|
trusted library allocation
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
30EE000
|
trusted library allocation
|
page read and write
|
||
F9D000
|
heap
|
page read and write
|
||
F60000
|
heap
|
page read and write
|
||
12BA000
|
trusted library allocation
|
page execute and read and write
|
||
BC0000
|
heap
|
page read and write
|
||
316A000
|
trusted library allocation
|
page read and write
|
||
15C0000
|
heap
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
12A0000
|
trusted library allocation
|
page read and write
|
||
3180000
|
trusted library allocation
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
F38000
|
heap
|
page read and write
|
||
310E000
|
trusted library allocation
|
page read and write
|
||
30E0000
|
trusted library allocation
|
page read and write
|
||
311C000
|
trusted library allocation
|
page read and write
|
||
312B000
|
trusted library allocation
|
page read and write
|
||
31B8000
|
trusted library allocation
|
page read and write
|
||
1270000
|
heap
|
page read and write
|
||
BC5000
|
heap
|
page read and write
|
||
12C0000
|
trusted library allocation
|
page read and write
|
||
40B1000
|
trusted library allocation
|
page read and write
|
||
1590000
|
trusted library allocation
|
page read and write
|
||
318B000
|
trusted library allocation
|
page read and write
|
||
3145000
|
trusted library allocation
|
page read and write
|
||
31A7000
|
trusted library allocation
|
page read and write
|
||
D4E000
|
stack
|
page read and write
|
||
12CC000
|
trusted library allocation
|
page execute and read and write
|
||
3175000
|
trusted library allocation
|
page read and write
|
||
3128000
|
trusted library allocation
|
page read and write
|
||
3114000
|
trusted library allocation
|
page read and write
|
||
3167000
|
trusted library allocation
|
page read and write
|
||
533E000
|
stack
|
page read and write
|
||
319C000
|
trusted library allocation
|
page read and write
|
||
3140000
|
trusted library allocation
|
page read and write
|
||
3159000
|
trusted library allocation
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
F6A000
|
heap
|
page read and write
|
||
F6E000
|
heap
|
page read and write
|
||
EF9000
|
stack
|
page read and write
|
||
1580000
|
heap
|
page execute and read and write
|
||
319F000
|
trusted library allocation
|
page read and write
|
||
2980000
|
heap
|
page read and write
|
||
12F0000
|
trusted library allocation
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
316F000
|
trusted library allocation
|
page read and write
|
||
FC6000
|
heap
|
page read and write
|
||
12C2000
|
trusted library allocation
|
page execute and read and write
|
||
3178000
|
trusted library allocation
|
page read and write
|
||
3194000
|
trusted library allocation
|
page read and write
|
||
12E2000
|
trusted library allocation
|
page execute and read and write
|
||
528F000
|
stack
|
page read and write
|
||
F50000
|
heap
|
page read and write
|
||
31A4000
|
trusted library allocation
|
page read and write
|
||
EC0000
|
heap
|
page read and write
|
||
3199000
|
trusted library allocation
|
page read and write
|
||
3108000
|
trusted library allocation
|
page read and write
|
||
30EC000
|
trusted library allocation
|
page read and write
|
||
315C000
|
trusted library allocation
|
page read and write
|
||
313A000
|
trusted library allocation
|
page read and write
|
||
518E000
|
stack
|
page read and write
|
||
30F6000
|
trusted library allocation
|
page read and write
|
||
3161000
|
trusted library allocation
|
page read and write
|
||
8CC000
|
stack
|
page read and write
|
||
31B5000
|
trusted library allocation
|
page read and write
|
||
12B2000
|
trusted library allocation
|
page execute and read and write
|
||
2990000
|
heap
|
page read and write
|
||
112E000
|
stack
|
page read and write
|
||
EF6000
|
stack
|
page read and write
|
||
311F000
|
trusted library allocation
|
page read and write
|
||
ED0000
|
trusted library allocation
|
page read and write
|
||
31AA000
|
trusted library allocation
|
page read and write
|
||
3148000
|
trusted library allocation
|
page read and write
|
||
3116000
|
trusted library allocation
|
page read and write
|
||
317D000
|
trusted library allocation
|
page read and write
|
||
310C000
|
trusted library allocation
|
page read and write
|
||
3172000
|
trusted library allocation
|
page read and write
|
||
30B1000
|
trusted library allocation
|
page read and write
|
||
9CD000
|
stack
|
page read and write
|
||
3191000
|
trusted library allocation
|
page read and write
|
||
12CA000
|
trusted library allocation
|
page execute and read and write
|
||
575E000
|
stack
|
page read and write
|
||
31AD000
|
trusted library allocation
|
page read and write
|
||
3153000
|
trusted library allocation
|
page read and write
|
There are 105 hidden memdumps, click here to show them.