IOC Report
ghXWQEsbaV.bin

loading gif

Files

File Path
Type
Category
Malicious
ghXWQEsbaV.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ghXWQEsbaV.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Temp\DeepL auto-start 0install Stub Error Log.txt
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\ghXWQEsbaV.exe
"C:\Users\user\Desktop\ghXWQEsbaV.exe"

URLs

Name
IP
Malicious
https://appdownload.deepl.com/windows/0install/deepl.xml
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
7FFD9B900000
trusted library allocation
page read and write
7FFD9B77D000
trusted library allocation
page execute and read and write
7FFD9B772000
trusted library allocation
page read and write
2161000
trusted library allocation
page read and write
7FFD9B770000
trusted library allocation
page read and write
7FFD9B81C000
trusted library allocation
page execute and read and write
34000
unkown
page readonly
7FFD9B810000
trusted library allocation
page read and write
1ADBF000
stack
page read and write
520000
heap
page read and write
720000
heap
page read and write
5DE000
heap
page read and write
7FFD9B880000
trusted library allocation
page execute and read and write
46000
unkown
page readonly
55B000
heap
page read and write
32000
unkown
page readonly
4D0000
heap
page read and write
2150000
heap
page execute and read and write
5E2000
heap
page read and write
1AEBE000
stack
page read and write
830000
heap
page read and write
12161000
trusted library allocation
page read and write
30000
unkown
page readonly
7FFD9B764000
trusted library allocation
page read and write
30000
unkown
page readonly
9F0000
heap
page read and write
725000
heap
page read and write
5E4000
heap
page read and write
7FFD9B846000
trusted library allocation
page execute and read and write
7FFD9B76D000
trusted library allocation
page execute and read and write
2010000
trusted library allocation
page read and write
12163000
trusted library allocation
page read and write
4F0000
heap
page read and write
194000
stack
page read and write
1A6ED000
stack
page read and write
550000
heap
page read and write
58A000
heap
page read and write
529000
heap
page read and write
54C000
heap
page read and write
1ACBE000
stack
page read and write
1E0000
heap
page read and write
549000
heap
page read and write
71E000
stack
page read and write
2030000
trusted library allocation
page read and write
7FFD9B820000
trusted library allocation
page execute and read and write
214E000
stack
page read and write
12167000
trusted library allocation
page read and write
55D000
heap
page read and write
82E000
stack
page read and write
560000
heap
page read and write
7FFD9B763000
trusted library allocation
page execute and read and write
1ABB0000
heap
page execute and read and write
2040000
heap
page read and write
9F5000
heap
page read and write
7FF46FE10000
trusted library allocation
page execute and read and write
There are 45 hidden memdumps, click here to show them.