Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
ghXWQEsbaV.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ghXWQEsbaV.exe.log
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\DeepL auto-start 0install Stub Error Log.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\ghXWQEsbaV.exe
|
"C:\Users\user\Desktop\ghXWQEsbaV.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://appdownload.deepl.com/windows/0install/deepl.xml
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
2161000
|
trusted library allocation
|
page read and write
|
||
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
34000
|
unkown
|
page readonly
|
||
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
1ADBF000
|
stack
|
page read and write
|
||
520000
|
heap
|
page read and write
|
||
720000
|
heap
|
page read and write
|
||
5DE000
|
heap
|
page read and write
|
||
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
46000
|
unkown
|
page readonly
|
||
55B000
|
heap
|
page read and write
|
||
32000
|
unkown
|
page readonly
|
||
4D0000
|
heap
|
page read and write
|
||
2150000
|
heap
|
page execute and read and write
|
||
5E2000
|
heap
|
page read and write
|
||
1AEBE000
|
stack
|
page read and write
|
||
830000
|
heap
|
page read and write
|
||
12161000
|
trusted library allocation
|
page read and write
|
||
30000
|
unkown
|
page readonly
|
||
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
30000
|
unkown
|
page readonly
|
||
9F0000
|
heap
|
page read and write
|
||
725000
|
heap
|
page read and write
|
||
5E4000
|
heap
|
page read and write
|
||
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
2010000
|
trusted library allocation
|
page read and write
|
||
12163000
|
trusted library allocation
|
page read and write
|
||
4F0000
|
heap
|
page read and write
|
||
194000
|
stack
|
page read and write
|
||
1A6ED000
|
stack
|
page read and write
|
||
550000
|
heap
|
page read and write
|
||
58A000
|
heap
|
page read and write
|
||
529000
|
heap
|
page read and write
|
||
54C000
|
heap
|
page read and write
|
||
1ACBE000
|
stack
|
page read and write
|
||
1E0000
|
heap
|
page read and write
|
||
549000
|
heap
|
page read and write
|
||
71E000
|
stack
|
page read and write
|
||
2030000
|
trusted library allocation
|
page read and write
|
||
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
214E000
|
stack
|
page read and write
|
||
12167000
|
trusted library allocation
|
page read and write
|
||
55D000
|
heap
|
page read and write
|
||
82E000
|
stack
|
page read and write
|
||
560000
|
heap
|
page read and write
|
||
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
1ABB0000
|
heap
|
page execute and read and write
|
||
2040000
|
heap
|
page read and write
|
||
9F5000
|
heap
|
page read and write
|
||
7FF46FE10000
|
trusted library allocation
|
page execute and read and write
|
There are 45 hidden memdumps, click here to show them.