Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
powershell.zip
|
Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\powershell.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\ymnnrtn0.425" "C:\Users\user\Desktop\powershell.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26B6000
|
trusted library allocation
|
page read and write
|
||
|
902000
|
trusted library allocation
|
page execute and read and write
|
||
|
269D000
|
trusted library allocation
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
947000
|
trusted library allocation
|
page execute and read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
26B9000
|
trusted library allocation
|
page read and write
|
||
|
2150000
|
trusted library allocation
|
page read and write
|
||
|
2674000
|
trusted library allocation
|
page read and write
|
||
|
26A8000
|
trusted library allocation
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
415000
|
heap
|
page read and write
|
||
|
26AB000
|
trusted library allocation
|
page read and write
|
||
|
90A000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FC000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
26A3000
|
trusted library allocation
|
page read and write
|
||
|
234C000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2687000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
487000
|
heap
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
2611000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
trusted library allocation
|
page read and write
|
||
|
26E3000
|
trusted library allocation
|
page read and write
|
||
|
4AEA000
|
stack
|
page read and write
|
||
|
26D2000
|
trusted library allocation
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
1B6000
|
stack
|
page read and write
|
||
|
910000
|
trusted library allocation
|
page read and write
|
||
|
26DD000
|
trusted library allocation
|
page read and write
|
||
|
8AE000
|
stack
|
page read and write
|
||
|
2678000
|
trusted library allocation
|
page read and write
|
||
|
9AF000
|
stack
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
26EB000
|
trusted library allocation
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
2684000
|
trusted library allocation
|
page read and write
|
||
|
26CD000
|
trusted library allocation
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
2658000
|
trusted library allocation
|
page read and write
|
||
|
26F9000
|
trusted library allocation
|
page read and write
|
||
|
26EE000
|
trusted library allocation
|
page read and write
|
||
|
2707000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
46D000
|
heap
|
page read and write
|
||
|
94B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
26CA000
|
trusted library allocation
|
page read and write
|
||
|
264C000
|
trusted library allocation
|
page read and write
|
||
|
268F000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
932000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3611000
|
trusted library allocation
|
page read and write
|
||
|
2672000
|
trusted library allocation
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
47E000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
26BC000
|
trusted library allocation
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
43E000
|
heap
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
269A000
|
trusted library allocation
|
page read and write
|
||
|
26FF000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
trusted library allocation
|
page read and write
|
||
|
26D5000
|
trusted library allocation
|
page read and write
|
||
|
473000
|
heap
|
page read and write
|
||
|
2640000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
2668000
|
trusted library allocation
|
page read and write
|
||
|
26F4000
|
trusted library allocation
|
page read and write
|
||
|
267B000
|
trusted library allocation
|
page read and write
|
||
|
91C000
|
trusted library allocation
|
page execute and read and write
|
||
|
93A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2695000
|
trusted library allocation
|
page read and write
|
||
|
26C7000
|
trusted library allocation
|
page read and write
|
||
|
91A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2660000
|
trusted library allocation
|
page read and write
|
||
|
26B1000
|
trusted library allocation
|
page read and write
|
||
|
2692000
|
trusted library allocation
|
page read and write
|
||
|
1B9000
|
stack
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
2702000
|
trusted library allocation
|
page read and write
|
||
|
26AE000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
270A000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
heap
|
page execute and read and write
|
||
|
1BB000
|
stack
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
2241000
|
heap
|
page read and write
|
||
|
49ED000
|
stack
|
page read and write
|
||
|
BC000
|
stack
|
page read and write
|
||
|
26D8000
|
trusted library allocation
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
912000
|
trusted library allocation
|
page execute and read and write
|
||
|
268C000
|
trusted library allocation
|
page read and write
|
||
|
264E000
|
trusted library allocation
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
26BF000
|
trusted library allocation
|
page read and write
|
There are 107 hidden memdumps, click here to show them.