Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
JawnEmT6S2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Umbrella.flv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\server.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epic Games.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd45e682ad8a06dcb9168f1be41d3129Epic Games.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\autorun.inf
|
Microsoft Windows Autorun file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\JawnEmT6S2.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\app
|
Unicode text, UTF-8 (with BOM) text, with no line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\JawnEmT6S2.exe
|
"C:\Users\user\Desktop\JawnEmT6S2.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\server.exe
|
"C:\Users\user\AppData\Local\Temp\server.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
7.tcp.eu.ngrok.io
|
3.125.188.168
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.125.188.168
|
7.tcp.eu.ngrok.io
|
United States
|
|
|
|
3.124.67.191
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26F1000
|
trusted library allocation
|
page read and write
|
|
|
|
502000
|
unkown
|
page readonly
|
|
|
|
3AC8000
|
trusted library allocation
|
page read and write
|
|
|
|
E17000
|
trusted library allocation
|
page execute and read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
598D000
|
stack
|
page read and write
|
||
|
922000
|
trusted library allocation
|
page execute and read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
C86000
|
heap
|
page read and write
|
||
|
C89000
|
heap
|
page read and write
|
||
|
5207000
|
heap
|
page read and write
|
||
|
C9D000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF9000
|
heap
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
4A80000
|
heap
|
page read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
50D000
|
heap
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
51F2000
|
heap
|
page read and write
|
||
|
912000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
4F5C000
|
stack
|
page read and write
|
||
|
4B9C000
|
stack
|
page read and write
|
||
|
E12000
|
trusted library allocation
|
page execute and read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
291D000
|
trusted library allocation
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
498B000
|
stack
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
D4E000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
CEB000
|
heap
|
page read and write
|
||
|
2AFA000
|
trusted library allocation
|
page read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
CE7000
|
heap
|
page read and write
|
||
|
5206000
|
heap
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
D3E000
|
heap
|
page read and write
|
||
|
5205000
|
heap
|
page read and write
|
||
|
CA3000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
C65000
|
heap
|
page read and write
|
||
|
C9E000
|
heap
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
4C9D000
|
stack
|
page read and write
|
||
|
D41000
|
heap
|
page read and write
|
||
|
CBC000
|
heap
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
E3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A06000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
4A0E000
|
stack
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
5207000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
CFC000
|
heap
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
49CC000
|
stack
|
page read and write
|
||
|
9EC000
|
stack
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
28D7000
|
trusted library allocation
|
page read and write
|
||
|
2AE7000
|
trusted library allocation
|
page read and write
|
||
|
51CF000
|
stack
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
2C84000
|
trusted library allocation
|
page read and write
|
||
|
F1F000
|
unkown
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
C7A000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
2791000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page execute and read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
CAA000
|
heap
|
page read and write
|
||
|
C5A000
|
heap
|
page read and write
|
||
|
D4E000
|
heap
|
page read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
4EAB000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
CFE000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
D48000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
C91000
|
heap
|
page read and write
|
||
|
AFB000
|
stack
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
CA9000
|
heap
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
C71000
|
heap
|
page read and write
|
||
|
2761000
|
trusted library allocation
|
page read and write
|
||
|
E2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
CF2000
|
heap
|
page read and write
|
||
|
95B000
|
trusted library allocation
|
page execute and read and write
|
||
|
488C000
|
stack
|
page read and write
|
||
|
2AC1000
|
trusted library allocation
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
BFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
592C000
|
stack
|
page read and write
|
||
|
C0E000
|
heap
|
page read and write
|
||
|
E1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
CA1000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
53AF000
|
stack
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
D1D000
|
heap
|
page read and write
|
||
|
4FC0000
|
unclassified section
|
page read and write
|
||
|
AF4000
|
stack
|
page read and write
|
||
|
CF2000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
2799000
|
trusted library allocation
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
CED000
|
heap
|
page read and write
|
||
|
C71000
|
heap
|
page read and write
|
||
|
CDF000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
4DAC000
|
stack
|
page read and write
|
||
|
5208000
|
heap
|
page read and write
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
4CD000
|
heap
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
57EF000
|
stack
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
4F9B000
|
stack
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
937000
|
trusted library allocation
|
page execute and read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
E47000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3A000
|
trusted library allocation
|
page read and write
|
||
|
942000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
C62000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
B49000
|
trusted library allocation
|
page read and write
|
||
|
957000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
2A41000
|
trusted library allocation
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
370C000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
C89000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
56EE000
|
stack
|
page read and write
|
||
|
275F000
|
trusted library allocation
|
page read and write
|
||
|
92A000
|
trusted library allocation
|
page execute and read and write
|
||
|
CBC000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
2AF3000
|
trusted library allocation
|
page read and write
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
CA5000
|
heap
|
page read and write
|
||
|
410C000
|
trusted library allocation
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
2736000
|
trusted library allocation
|
page read and write
|
||
|
BAE000
|
unkown
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
10A6000
|
heap
|
page read and write
|
||
|
CEA000
|
heap
|
page read and write
|
||
|
7F880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
CEE000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page execute and read and write
|
||
|
C71000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
E32000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
CE9000
|
heap
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
BB5000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
4FB0000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
BA000
|
stack
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
D49000
|
heap
|
page read and write
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
5A8F000
|
stack
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
94A000
|
trusted library allocation
|
page execute and read and write
|
||
|
D44000
|
heap
|
page read and write
|
||
|
36F1000
|
trusted library allocation
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
4CA0000
|
trusted library allocation
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
5AB000
|
stack
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
2C37000
|
trusted library allocation
|
page read and write
|
||
|
B0F000
|
stack
|
page read and write
|
||
|
E4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C58000
|
trusted library allocation
|
page read and write
|
||
|
3AC1000
|
trusted library allocation
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
2746000
|
trusted library allocation
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
51FA000
|
heap
|
page read and write
|
||
|
D4B000
|
heap
|
page read and write
|
||
|
91A000
|
trusted library allocation
|
page execute and read and write
|
||
|
952000
|
trusted library allocation
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
C3F000
|
heap
|
page read and write
|
||
|
93A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C29000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
D1F000
|
heap
|
page read and write
|
||
|
D4A000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
27A8000
|
trusted library allocation
|
page read and write
|
||
|
51F1000
|
heap
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
582B000
|
stack
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
D41000
|
heap
|
page read and write
|
||
|
BF2000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
1B6000
|
stack
|
page read and write
|
||
|
CF8000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
4EEC000
|
stack
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
There are 313 hidden memdumps, click here to show them.