Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ku46_xmM.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\ku46_xmM.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\yvqdkcog.4vj" "C:\Users\user\Desktop\ku46_xmM.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2FE7000
|
trusted library allocation
|
page read and write
|
||
|
125C000
|
stack
|
page read and write
|
||
|
3009000
|
trusted library allocation
|
page read and write
|
||
|
3042000
|
trusted library allocation
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
3048000
|
trusted library allocation
|
page read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
100A000
|
trusted library allocation
|
page execute and read and write
|
||
|
104A000
|
heap
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
2FE4000
|
trusted library allocation
|
page read and write
|
||
|
3034000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
trusted library allocation
|
page execute and read and write
|
||
|
3195000
|
heap
|
page read and write
|
||
|
3061000
|
trusted library allocation
|
page read and write
|
||
|
1418000
|
heap
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
135D000
|
stack
|
page read and write
|
||
|
512F000
|
stack
|
page read and write
|
||
|
3037000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
10A8000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
3013000
|
trusted library allocation
|
page read and write
|
||
|
308B000
|
trusted library allocation
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
CF9000
|
stack
|
page read and write
|
||
|
3093000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
303D000
|
trusted library allocation
|
page read and write
|
||
|
CFB000
|
stack
|
page read and write
|
||
|
101A000
|
trusted library allocation
|
page execute and read and write
|
||
|
10B4000
|
heap
|
page read and write
|
||
|
99C000
|
stack
|
page read and write
|
||
|
3077000
|
trusted library allocation
|
page read and write
|
||
|
1002000
|
trusted library allocation
|
page execute and read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
3069000
|
trusted library allocation
|
page read and write
|
||
|
171F000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
2FF5000
|
trusted library allocation
|
page read and write
|
||
|
3045000
|
trusted library allocation
|
page read and write
|
||
|
3056000
|
trusted library allocation
|
page read and write
|
||
|
7FDC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
2FC0000
|
trusted library allocation
|
page read and write
|
||
|
2FDF000
|
trusted library allocation
|
page read and write
|
||
|
302F000
|
trusted library allocation
|
page read and write
|
||
|
3085000
|
trusted library allocation
|
page read and write
|
||
|
3072000
|
trusted library allocation
|
page read and write
|
||
|
52BD000
|
stack
|
page read and write
|
||
|
2FFA000
|
trusted library allocation
|
page read and write
|
||
|
175E000
|
stack
|
page read and write
|
||
|
305E000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
3021000
|
trusted library allocation
|
page read and write
|
||
|
301B000
|
trusted library allocation
|
page read and write
|
||
|
303A000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page execute and read and write
|
||
|
1310000
|
trusted library allocation
|
page execute and read and write
|
||
|
3059000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
3064000
|
trusted library allocation
|
page read and write
|
||
|
107D000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
3006000
|
trusted library allocation
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
3026000
|
trusted library allocation
|
page read and write
|
||
|
3018000
|
trusted library allocation
|
page read and write
|
||
|
103A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FF2000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
3099000
|
trusted library allocation
|
page read and write
|
||
|
302C000
|
trusted library allocation
|
page read and write
|
||
|
3053000
|
trusted library allocation
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
101C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1032000
|
trusted library allocation
|
page execute and read and write
|
||
|
306C000
|
trusted library allocation
|
page read and write
|
||
|
304B000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1247000
|
trusted library allocation
|
page execute and read and write
|
||
|
128E000
|
stack
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
301E000
|
trusted library allocation
|
page read and write
|
||
|
3F91000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
trusted library allocation
|
page read and write
|
||
|
307A000
|
trusted library allocation
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
3100000
|
trusted library allocation
|
page read and write
|
||
|
3096000
|
trusted library allocation
|
page read and write
|
||
|
124B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3029000
|
trusted library allocation
|
page read and write
|
||
|
306F000
|
trusted library allocation
|
page read and write
|
||
|
3088000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
There are 101 hidden memdumps, click here to show them.