Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quarantined Messages (1).zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\Quarantined Messages (1).zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\vjh14zsy.1lb" "C:\Users\user\Desktop\Quarantined
Messages (1).zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
309A000
|
trusted library allocation
|
page read and write
|
||
|
11AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1011000
|
heap
|
page read and write
|
||
|
3043000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
FF8000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
11BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3065000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
2FF5000
|
trusted library allocation
|
page read and write
|
||
|
307E000
|
trusted library allocation
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
1008000
|
heap
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
3086000
|
trusted library allocation
|
page read and write
|
||
|
307B000
|
trusted library allocation
|
page read and write
|
||
|
3014000
|
trusted library allocation
|
page read and write
|
||
|
3062000
|
trusted library allocation
|
page read and write
|
||
|
300A000
|
trusted library allocation
|
page read and write
|
||
|
306D000
|
trusted library allocation
|
page read and write
|
||
|
3097000
|
trusted library allocation
|
page read and write
|
||
|
3032000
|
trusted library allocation
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
2FF2000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
3006000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2FDF000
|
trusted library allocation
|
page read and write
|
||
|
301F000
|
trusted library allocation
|
page read and write
|
||
|
3046000
|
trusted library allocation
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
11E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1230000
|
heap
|
page execute and read and write
|
||
|
3038000
|
trusted library allocation
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
3022000
|
trusted library allocation
|
page read and write
|
||
|
3094000
|
trusted library allocation
|
page read and write
|
||
|
FAA000
|
heap
|
page read and write
|
||
|
11B2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1500000
|
trusted library allocation
|
page execute and read and write
|
||
|
304E000
|
trusted library allocation
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
308C000
|
trusted library allocation
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
3054000
|
trusted library allocation
|
page read and write
|
||
|
302D000
|
trusted library allocation
|
page read and write
|
||
|
122E000
|
stack
|
page read and write
|
||
|
3070000
|
trusted library allocation
|
page read and write
|
||
|
3057000
|
trusted library allocation
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
3081000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
306A000
|
trusted library allocation
|
page read and write
|
||
|
7F340000
|
trusted library allocation
|
page execute and read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
FC6000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
1015000
|
heap
|
page read and write
|
||
|
3073000
|
trusted library allocation
|
page read and write
|
||
|
3049000
|
trusted library allocation
|
page read and write
|
||
|
11BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC5000
|
heap
|
page read and write
|
||
|
3011000
|
trusted library allocation
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
2FE7000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
11DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3019000
|
trusted library allocation
|
page read and write
|
||
|
FE3000
|
heap
|
page read and write
|
||
|
305F000
|
trusted library allocation
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
||
|
11EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
FDD000
|
heap
|
page read and write
|
||
|
3051000
|
trusted library allocation
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
132F000
|
stack
|
page read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
2FFA000
|
trusted library allocation
|
page read and write
|
||
|
3035000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2FE4000
|
trusted library allocation
|
page read and write
|
||
|
3027000
|
trusted library allocation
|
page read and write
|
||
|
53BE000
|
stack
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
301C000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
3089000
|
trusted library allocation
|
page read and write
|
||
|
305C000
|
trusted library allocation
|
page read and write
|
||
|
303B000
|
trusted library allocation
|
page read and write
|
||
|
302A000
|
trusted library allocation
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
2AD0000
|
trusted library allocation
|
page read and write
|
There are 102 hidden memdumps, click here to show them.