Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CLNGs0rZD4.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\CLNGs0rZD4.exe
|
"C:\Users\user\Desktop\CLNGs0rZD4.exe"
|
|
|
|
C:\Windows\explorer.exe
|
"C:\Windows\explorer.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
34.22.231.73
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C000138000
|
direct allocation
|
page read and write
|
|
|
|
28E0000
|
direct allocation
|
page read and write
|
||
|
2AA20000
|
direct allocation
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
1A9690B6000
|
heap
|
page read and write
|
||
|
C000182000
|
direct allocation
|
page read and write
|
||
|
3058000
|
direct allocation
|
page read and write
|
||
|
3C2F000
|
direct allocation
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
C0002C2000
|
direct allocation
|
page read and write
|
||
|
C000170000
|
direct allocation
|
page read and write
|
||
|
28F0000
|
direct allocation
|
page read and write
|
||
|
C0002AC000
|
direct allocation
|
page read and write
|
||
|
C000132000
|
direct allocation
|
page read and write
|
||
|
C0001B8000
|
direct allocation
|
page read and write
|
||
|
C000039000
|
direct allocation
|
page read and write
|
||
|
304E000
|
direct allocation
|
page read and write
|
||
|
2AA1E000
|
stack
|
page read and write
|
||
|
7FF6E8E32000
|
unkown
|
page write copy
|
||
|
2A99E000
|
stack
|
page read and write
|
||
|
1A968FAC000
|
heap
|
page read and write
|
||
|
7FF6E8E62000
|
unkown
|
page read and write
|
||
|
4EF3000
|
unclassified section
|
page write copy
|
||
|
7FF6E88F8000
|
unkown
|
page write copy
|
||
|
C00029A000
|
direct allocation
|
page read and write
|
||
|
C0001D0000
|
direct allocation
|
page read and write
|
||
|
4F2F000
|
unclassified section
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
C000292000
|
direct allocation
|
page read and write
|
||
|
C000286000
|
direct allocation
|
page read and write
|
||
|
3C26000
|
direct allocation
|
page read and write
|
||
|
C0002A0000
|
direct allocation
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
C000122000
|
direct allocation
|
page read and write
|
||
|
C0001CE000
|
direct allocation
|
page read and write
|
||
|
7FF6E88F8000
|
unkown
|
page write copy
|
||
|
2900000
|
direct allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
28E9000
|
direct allocation
|
page read and write
|
||
|
4F56000
|
unclassified section
|
page read and write
|
||
|
C000118000
|
direct allocation
|
page read and write
|
||
|
7FF6E8E65000
|
unkown
|
page readonly
|
||
|
1A9691D0000
|
heap
|
page read and write
|
||
|
C000045000
|
direct allocation
|
page read and write
|
||
|
C0001D6000
|
direct allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C0002A8000
|
direct allocation
|
page read and write
|
||
|
7FF6E8840000
|
unkown
|
page readonly
|
||
|
C000296000
|
direct allocation
|
page read and write
|
||
|
C0001AE000
|
direct allocation
|
page read and write
|
||
|
C000174000
|
direct allocation
|
page read and write
|
||
|
3055000
|
direct allocation
|
page read and write
|
||
|
C0002BC000
|
direct allocation
|
page read and write
|
||
|
7FF6E8E34000
|
unkown
|
page readonly
|
||
|
1A9690CC000
|
heap
|
page read and write
|
||
|
C00012E000
|
direct allocation
|
page read and write
|
||
|
4936000
|
unclassified section
|
page readonly
|
||
|
30A5000
|
heap
|
page read and write
|
||
|
C000110000
|
direct allocation
|
page read and write
|
||
|
4ECB000
|
unclassified section
|
page write copy
|
||
|
C00017E000
|
direct allocation
|
page read and write
|
||
|
C000136000
|
direct allocation
|
page read and write
|
||
|
C0001C0000
|
direct allocation
|
page read and write
|
||
|
1A9691C6000
|
heap
|
page read and write
|
||
|
C0002A2000
|
direct allocation
|
page read and write
|
||
|
1A9693D9000
|
heap
|
page read and write
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
1A968F30000
|
heap
|
page read and write
|
||
|
28E4000
|
direct allocation
|
page read and write
|
||
|
C000192000
|
direct allocation
|
page read and write
|
||
|
C000190000
|
direct allocation
|
page read and write
|
||
|
1A9694E8000
|
heap
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
C000280000
|
direct allocation
|
page read and write
|
||
|
C0002A6000
|
direct allocation
|
page read and write
|
||
|
1A9690BD000
|
heap
|
page read and write
|
||
|
C000048000
|
direct allocation
|
page read and write
|
||
|
C0001DA000
|
direct allocation
|
page read and write
|
||
|
7FF6E8E34000
|
unkown
|
page readonly
|
||
|
25131FC000
|
stack
|
page read and write
|
||
|
4F29000
|
unclassified section
|
page read and write
|
||
|
4B6B000
|
unclassified section
|
page readonly
|
||
|
1A968FA0000
|
heap
|
page read and write
|
||
|
C00006A000
|
direct allocation
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
1A968F10000
|
heap
|
page read and write
|
||
|
C000120000
|
direct allocation
|
page read and write
|
||
|
1A96A531000
|
heap
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
C000300000
|
direct allocation
|
page read and write
|
||
|
C000288000
|
direct allocation
|
page read and write
|
||
|
800000
|
remote allocation
|
page execute read
|
||
|
4B71000
|
unclassified section
|
page readonly
|
||
|
3FF1000
|
unclassified section
|
page execute read
|
||
|
4ECA000
|
unclassified section
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
1A9695C6000
|
heap
|
page read and write
|
||
|
3050000
|
direct allocation
|
page read and write
|
||
|
1A9691C0000
|
heap
|
page read and write
|
||
|
C000035000
|
direct allocation
|
page read and write
|
||
|
4EC9000
|
unclassified section
|
page write copy
|
||
|
C0002B4000
|
direct allocation
|
page read and write
|
||
|
7FF6E8E30000
|
unkown
|
page read and write
|
||
|
C000180000
|
direct allocation
|
page read and write
|
||
|
C000043000
|
direct allocation
|
page read and write
|
||
|
C0002B6000
|
direct allocation
|
page read and write
|
||
|
C0001CA000
|
direct allocation
|
page read and write
|
||
|
4F6B000
|
unclassified section
|
page write copy
|
||
|
C000128000
|
direct allocation
|
page read and write
|
||
|
E83000
|
heap
|
page read and write
|
||
|
3AB0000
|
direct allocation
|
page read and write
|
||
|
C000302000
|
direct allocation
|
page read and write
|
||
|
C00029C000
|
direct allocation
|
page read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
3043000
|
direct allocation
|
page read and write
|
||
|
E69000
|
heap
|
page read and write
|
||
|
C000298000
|
direct allocation
|
page read and write
|
||
|
C00027C000
|
direct allocation
|
page read and write
|
||
|
C000172000
|
direct allocation
|
page read and write
|
||
|
C000055000
|
direct allocation
|
page read and write
|
||
|
C00002E000
|
direct allocation
|
page read and write
|
||
|
2870000
|
heap
|
page readonly
|
||
|
C000290000
|
direct allocation
|
page read and write
|
||
|
4F5E000
|
unclassified section
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
7FF6E8E65000
|
unkown
|
page readonly
|
||
|
1A9690B7000
|
heap
|
page read and write
|
||
|
C00010E000
|
direct allocation
|
page read and write
|
||
|
3C2B000
|
direct allocation
|
page read and write
|
||
|
2860000
|
direct allocation
|
page read and write
|
||
|
C0002AA000
|
direct allocation
|
page read and write
|
||
|
1A9691C6000
|
heap
|
page read and write
|
||
|
2980000
|
direct allocation
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
C00012A000
|
direct allocation
|
page read and write
|
||
|
C000053000
|
direct allocation
|
page read and write
|
||
|
1A968E30000
|
heap
|
page read and write
|
||
|
7FF6E8E62000
|
unkown
|
page write copy
|
||
|
C00015C000
|
direct allocation
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
1A9691D1000
|
heap
|
page read and write
|
||
|
C000284000
|
direct allocation
|
page read and write
|
||
|
7FF6E8841000
|
unkown
|
page execute read
|
||
|
25133FF000
|
stack
|
page read and write
|
||
|
25135FF000
|
stack
|
page read and write
|
||
|
1A9693D5000
|
heap
|
page read and write
|
||
|
C0001C2000
|
direct allocation
|
page read and write
|
||
|
C000178000
|
direct allocation
|
page read and write
|
||
|
4EBB000
|
unclassified section
|
page read and write
|
||
|
C00018A000
|
direct allocation
|
page read and write
|
||
|
30A0000
|
heap
|
page read and write
|
||
|
2880000
|
direct allocation
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
1A968FA6000
|
heap
|
page read and write
|
||
|
C0001A4000
|
direct allocation
|
page read and write
|
||
|
C0001D4000
|
direct allocation
|
page read and write
|
||
|
C000166000
|
direct allocation
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
C0001D8000
|
direct allocation
|
page read and write
|
||
|
C00028E000
|
direct allocation
|
page read and write
|
||
|
C000152000
|
direct allocation
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
C0002AE000
|
direct allocation
|
page read and write
|
||
|
1A9693D4000
|
heap
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
7FF6E8841000
|
unkown
|
page execute read
|
||
|
C0002B2000
|
direct allocation
|
page read and write
|
||
|
7FF6E8840000
|
unkown
|
page readonly
|
||
|
2921000
|
direct allocation
|
page read and write
|
||
|
2889000
|
direct allocation
|
page read and write
|
||
|
C00012C000
|
direct allocation
|
page read and write
|
||
|
C000008000
|
direct allocation
|
page read and write
|
||
|
C000116000
|
direct allocation
|
page read and write
|
||
|
C00011C000
|
direct allocation
|
page read and write
|
||
|
C000160000
|
direct allocation
|
page read and write
|
||
|
4B67000
|
unclassified section
|
page readonly
|
||
|
C0002A4000
|
direct allocation
|
page read and write
|
||
|
C0001A2000
|
direct allocation
|
page read and write
|
||
|
C00020C000
|
direct allocation
|
page read and write
|
||
|
2884000
|
direct allocation
|
page read and write
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
1A969997000
|
heap
|
page read and write
|
||
|
C000124000
|
direct allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
C0002CA000
|
direct allocation
|
page read and write
|
||
|
C000064000
|
direct allocation
|
page read and write
|
||
|
4EEE000
|
unclassified section
|
page read and write
|
||
|
C00016A000
|
direct allocation
|
page read and write
|
||
|
1A9691C5000
|
heap
|
page read and write
|
||
|
C000294000
|
direct allocation
|
page read and write
|
||
|
C000278000
|
direct allocation
|
page read and write
|
||
|
1A96A12D000
|
heap
|
page read and write
|
||
|
2A91F000
|
stack
|
page read and write
|
||
|
4F6C000
|
unclassified section
|
page readonly
|
||
|
C000130000
|
direct allocation
|
page read and write
|
||
|
C000072000
|
direct allocation
|
page read and write
|
||
|
4EF6000
|
unclassified section
|
page read and write
|
||
|
30B0000
|
direct allocation
|
page read and write
|
||
|
C00029E000
|
direct allocation
|
page read and write
|
||
|
C000186000
|
direct allocation
|
page read and write
|
||
|
C00004A000
|
direct allocation
|
page read and write
|
There are 192 hidden memdumps, click here to show them.