Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Cobian.Reflector.RemoteClient.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Cobian.Reflector_864eeece3af2e1c7577532f3abfe40b0d7aafd64_21c124f6_7e44faf3-9f28-439f-9dbd-445dce6a0f1d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER737B.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Mar 29 09:29:22 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER75AF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER763C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Cobian.Reflector.RemoteClient.exe
|
"C:\Users\user\Desktop\Cobian.Reflector.RemoteClient.exe"
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 772 -s 1004
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://repository.certum.pl/ctsca2021.cer0A
|
unknown
|
||
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
http://subca.ocsp-certum.com05
|
unknown
|
||
http://foo/app.xaml
|
unknown
|
||
http://subca.ocsp-certum.com02
|
unknown
|
||
http://subca.ocsp-certum.com01
|
unknown
|
||
http://defaultcontainer/Cobian.Reflector.RemoteClient;component/app.xaml
|
unknown
|
||
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://ccsca2021.ocsp-certum.com05
|
unknown
|
||
http://foo/bar/app.baml
|
unknown
|
||
https://www.certum.pl/CPS0
|
unknown
|
||
http://www.certum.pl/CPS0
|
unknown
|
||
http://repository.certum.pl/ccsca2021.cer0
|
unknown
|
There are 8 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
ProgramId
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
FileId
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
LowerCaseLongPath
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
LongPathHash
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Name
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
OriginalFileName
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Publisher
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Version
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
BinFileVersion
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
BinaryType
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
ProductName
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
ProductVersion
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
LinkDate
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
BinProductVersion
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
AppxPackageFullName
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Size
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Language
|
||
\REGISTRY\A\{fb290d6f-384a-a8ef-5afc-1c8a3c019128}\Root\InventoryApplicationFile\cobian.reflector|5122da9a976dd8a6
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1C6A0B22000
|
unkown
|
page readonly
|
||
1C6A0CDD000
|
heap
|
page read and write
|
||
1C6A26E9000
|
heap
|
page read and write
|
||
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
7FF403020000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A0C73000
|
heap
|
page read and write
|
||
1C6B27D6000
|
trusted library allocation
|
page read and write
|
||
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
1C6BAFA5000
|
heap
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A0C00000
|
heap
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
1C6B27CD000
|
trusted library allocation
|
page read and write
|
||
1C6A25F0000
|
trusted library allocation
|
page read and write
|
||
1C6A0AA2000
|
unkown
|
page readonly
|
||
1C6A0C46000
|
heap
|
page read and write
|
||
1C6A0C75000
|
heap
|
page read and write
|
||
1C6BAFBB000
|
heap
|
page read and write
|
||
1C6A0FC0000
|
heap
|
page read and write
|
||
B2A89FE000
|
stack
|
page read and write
|
||
1C6B27D1000
|
trusted library allocation
|
page read and write
|
||
1C6A0C17000
|
heap
|
page read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
1C6B27C7000
|
trusted library allocation
|
page read and write
|
||
1C6A0C33000
|
heap
|
page read and write
|
||
1C6BAFB1000
|
heap
|
page read and write
|
||
1C6A0E20000
|
heap
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
1C6A0BD0000
|
heap
|
page read and write
|
||
B2A88FE000
|
stack
|
page read and write
|
||
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
1C6A2620000
|
trusted library allocation
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
B2A87FE000
|
stack
|
page read and write
|
||
1C6A0AA0000
|
unkown
|
page readonly
|
||
1C6A0C49000
|
heap
|
page read and write
|
||
1C6A0DD0000
|
heap
|
page read and write
|
||
B2A82FE000
|
stack
|
page read and write
|
||
1C6BAF92000
|
heap
|
page read and write
|
||
1C6B27C1000
|
trusted library allocation
|
page read and write
|
||
1C6A26E0000
|
heap
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A0B04000
|
unkown
|
page readonly
|
||
1C6BB0F0000
|
heap
|
page read and write
|
||
1C6A0BC0000
|
heap
|
page read and write
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A2660000
|
heap
|
page read and write
|
||
1C6BAFA0000
|
heap
|
page read and write
|
||
1C6A0C08000
|
heap
|
page read and write
|
||
1C6BAFA7000
|
heap
|
page read and write
|
||
1C6BAF90000
|
heap
|
page read and write
|
||
1C6A27E8000
|
trusted library allocation
|
page read and write
|
||
1C6A0DF0000
|
heap
|
page read and write
|
||
1C6A0E25000
|
heap
|
page read and write
|
||
1C6A0AA0000
|
unkown
|
page readonly
|
||
1C6A2864000
|
trusted library allocation
|
page read and write
|
||
1C6A2866000
|
trusted library allocation
|
page read and write
|
||
1C6A0FC5000
|
heap
|
page read and write
|
||
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A2610000
|
trusted library allocation
|
page read and write
|
||
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
1C6A2623000
|
trusted library allocation
|
page read and write
|
||
1C6A0C35000
|
heap
|
page read and write
|
||
B2A86FD000
|
stack
|
page read and write
|
||
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
B2A7F31000
|
stack
|
page read and write
|
||
B2A85FF000
|
stack
|
page read and write
|
||
1C6A27B0000
|
heap
|
page execute and read and write
|
||
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
B2A83FE000
|
stack
|
page read and write
|
||
7FFD9B77A000
|
trusted library allocation
|
page read and write
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
1C6A27C1000
|
trusted library allocation
|
page read and write
|
||
1C6BAFA9000
|
heap
|
page read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
1C6A0AE9000
|
unkown
|
page readonly
|
||
1C6A26A0000
|
heap
|
page execute and read and write
|
||
1C6BAF95000
|
heap
|
page read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
1C6B27DA000
|
trusted library allocation
|
page read and write
|
||
B2A84FE000
|
stack
|
page read and write
|
||
1C6A0C14000
|
heap
|
page read and write
|
There are 76 hidden memdumps, click here to show them.