Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
38ee10f0-ac87-4c0c-9d71-65200cb8e337.tmp.0.dr.1.dr.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\u0djtksr.ouv\38ee10f0-ac87-4c0c-9d71-65200cb8e337.tmp.0.dr.1.dr
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\unarchiver.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\unarchiver.exe
|
"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Desktop\38ee10f0-ac87-4c0c-9d71-65200cb8e337.tmp.0.dr.1.dr.zip"
|
||
|
C:\Windows\SysWOW64\7za.exe
|
"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\u0djtksr.ouv" "C:\Users\user\Desktop\38ee10f0-ac87-4c0c-9d71-65200cb8e337.tmp.0.dr.1.dr.zip"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
492D000
|
stack
|
page read and write
|
||
|
274F000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
heap
|
page execute and read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page execute and read and write
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
618000
|
heap
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
274C000
|
trusted library allocation
|
page read and write
|
||
|
14C000
|
stack
|
page read and write
|
||
|
9C2000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
272A000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
271C000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
88A000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D000
|
stack
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
82F000
|
stack
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
2748000
|
trusted library allocation
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
4A2D000
|
stack
|
page read and write
|
||
|
2735000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
39E000
|
stack
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B6D000
|
stack
|
page read and write
|
||
|
273B000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
62D000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
2FE000
|
stack
|
page read and write
|
||
|
9DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
271A000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
72E000
|
stack
|
page read and write
|
||
|
86E000
|
stack
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
88C000
|
trusted library allocation
|
page execute and read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
23C5000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
5FE000
|
heap
|
page read and write
|
||
|
2743000
|
trusted library allocation
|
page read and write
|
||
|
9D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
7F6B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
882000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
5FA000
|
heap
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
3C0000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
26E1000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
9CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A0000
|
heap
|
page read and write
|
There are 70 hidden memdumps, click here to show them.