Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
WBQXywne4N.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WBQXywne4N.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\WBQXywne4N.exe
|
"C:\Users\user\Desktop\WBQXywne4N.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
cjmancool.dynamic-dns.net
|
|||
http://geoplugin.net/json.gp
|
unknown
|
||
http://geoplugin.net/json.gp/C
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
cjmancool.dynamic-dns.net
|
94.78.99.194
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
94.78.99.194
|
cjmancool.dynamic-dns.net
|
Turkey
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Rmc-GAT2GZ
|
exepath
|
||
HKEY_CURRENT_USER\SOFTWARE\Rmc-GAT2GZ
|
licence
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
remote allocation
|
page execute and read and write
|
||
46C0000
|
trusted library allocation
|
page read and write
|
||
6380000
|
trusted library section
|
page read and write
|
||
43E9000
|
trusted library allocation
|
page read and write
|
||
33E1000
|
trusted library allocation
|
page read and write
|
||
4461000
|
trusted library allocation
|
page read and write
|
||
4820000
|
trusted library allocation
|
page read and write
|
||
45EC000
|
trusted library allocation
|
page read and write
|
||
129A000
|
heap
|
page read and write
|
||
36C3000
|
trusted library allocation
|
page read and write
|
||
3876000
|
trusted library allocation
|
page read and write
|
||
35A5000
|
trusted library allocation
|
page read and write
|
||
38A6000
|
trusted library allocation
|
page read and write
|
||
3A78000
|
trusted library allocation
|
page read and write
|
||
3A1F000
|
trusted library allocation
|
page read and write
|
||
6860000
|
trusted library allocation
|
page read and write
|
||
942000
|
unkown
|
page execute read
|
||
3627000
|
trusted library allocation
|
page read and write
|
||
3494000
|
trusted library allocation
|
page read and write
|
||
3602000
|
trusted library allocation
|
page read and write
|
||
39B2000
|
trusted library allocation
|
page read and write
|
||
34CD000
|
trusted library allocation
|
page read and write
|
||
37F6000
|
trusted library allocation
|
page read and write
|
||
35E4000
|
trusted library allocation
|
page read and write
|
||
3AB9000
|
trusted library allocation
|
page read and write
|
||
3922000
|
trusted library allocation
|
page read and write
|
||
39AC000
|
trusted library allocation
|
page read and write
|
||
6B50000
|
heap
|
page read and write
|
||
17E7000
|
trusted library allocation
|
page execute and read and write
|
||
184E000
|
stack
|
page read and write
|
||
38F8000
|
trusted library allocation
|
page read and write
|
||
3867000
|
trusted library allocation
|
page read and write
|
||
385D000
|
trusted library allocation
|
page read and write
|
||
37A3000
|
trusted library allocation
|
page read and write
|
||
7D44000
|
heap
|
page read and write
|
||
1180000
|
heap
|
page read and write
|
||
39A4000
|
trusted library allocation
|
page read and write
|
||
398D000
|
trusted library allocation
|
page read and write
|
||
83D2000
|
trusted library allocation
|
page read and write
|
||
3A40000
|
trusted library allocation
|
page read and write
|
||
DCC000
|
stack
|
page read and write
|
||
3882000
|
trusted library allocation
|
page read and write
|
||
3500000
|
trusted library allocation
|
page read and write
|
||
3686000
|
trusted library allocation
|
page read and write
|
||
3380000
|
trusted library allocation
|
page read and write
|
||
3688000
|
trusted library allocation
|
page read and write
|
||
3646000
|
trusted library allocation
|
page read and write
|
||
37B2000
|
trusted library allocation
|
page read and write
|
||
39DC000
|
trusted library allocation
|
page read and write
|
||
3B23000
|
trusted library allocation
|
page read and write
|
||
3B1D000
|
trusted library allocation
|
page read and write
|
||
151E000
|
stack
|
page read and write
|
||
17BD000
|
trusted library allocation
|
page execute and read and write
|
||
369F000
|
trusted library allocation
|
page read and write
|
||
36B2000
|
trusted library allocation
|
page read and write
|
||
6510000
|
heap
|
page read and write
|
||
3140000
|
trusted library allocation
|
page execute and read and write
|
||
35FB000
|
trusted library allocation
|
page read and write
|
||
3AE9000
|
trusted library allocation
|
page read and write
|
||
35AA000
|
trusted library allocation
|
page read and write
|
||
38E9000
|
trusted library allocation
|
page read and write
|
||
3941000
|
trusted library allocation
|
page read and write
|
||
931000
|
unkown
|
page execute read
|
||
6B96000
|
heap
|
page read and write
|
||
397C000
|
trusted library allocation
|
page read and write
|
||
3640000
|
trusted library allocation
|
page read and write
|