Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
NLBgWmWGow.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
\Device\Mup\user-PC\PIPE\samr
|
GLS_BINARY_LSB_FIRST
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\NLBgWmWGow.exe
|
"C:\Users\user\Desktop\NLBgWmWGow.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ns1.mtls.ink
|
206.189.41.151
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
206.189.41.151
|
ns1.mtls.ink
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C000060000
|
direct allocation
|
page read and write
|
|
|
|
C000033000
|
direct allocation
|
page read and write
|
||
|
C0001F4000
|
direct allocation
|
page read and write
|
||
|
C0002AA000
|
direct allocation
|
page read and write
|
||
|
1A9EB30B000
|
direct allocation
|
page read and write
|
||
|
C000315000
|
direct allocation
|
page read and write
|
||
|
17B8000
|
unkown
|
page read and write
|
||
|
C00027A000
|
direct allocation
|
page read and write
|
||
|
C0001A0000
|
direct allocation
|
page read and write
|
||
|
C000104000
|
direct allocation
|
page read and write
|
||
|
C00031E000
|
direct allocation
|
page read and write
|
||
|
C0001B4000
|
direct allocation
|
page read and write
|
||
|
C0001F0000
|
direct allocation
|
page read and write
|
||
|
4944FFF000
|
stack
|
page read and write
|
||
|
C000112000
|
direct allocation
|
page read and write
|
||
|
C000280000
|
direct allocation
|
page read and write
|
||
|
C000372000
|
direct allocation
|
page read and write
|
||
|
1A9EB000000
|
heap
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
C000114000
|
direct allocation
|
page read and write
|
||
|
C000272000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
C0000E0000
|
direct allocation
|
page read and write
|
||
|
C0002A8000
|
direct allocation
|
page read and write
|
||
|
C000058000
|
direct allocation
|
page read and write
|
||
|
C000035000
|
direct allocation
|
page read and write
|
||
|
C0000C8000
|
direct allocation
|
page read and write
|
||
|
C0001E4000
|
direct allocation
|
page read and write
|
||
|
1404000
|
unkown
|
page readonly
|
||
|
1A9EB239000
|
direct allocation
|
page read and write
|
||
|
C0003A2000
|
direct allocation
|
page read and write
|
||
|
174A000
|
unkown
|
page write copy
|
||
|
C000039000
|
direct allocation
|
page read and write
|
||
|
C00038C000
|
direct allocation
|
page read and write
|
||
|
C00002E000
|
direct allocation
|
page read and write
|
||
|
C000118000
|
direct allocation
|
page read and write
|
||
|
17FA000
|
unkown
|
page write copy
|
||
|
17BE000
|
unkown
|
page read and write
|
||
|
1785000
|
unkown
|
page read and write
|
||
|
C0002A6000
|
direct allocation
|
page read and write
|
||
|
C000399000
|
direct allocation
|
page read and write
|
||
|
1402000
|
unkown
|
page readonly
|
||
|
C00034E000
|
direct allocation
|
page read and write
|
||
|
1404000
|
unkown
|
page readonly
|
||
|
C00035C000
|
direct allocation
|
page read and write
|
||
|
C00028C000
|
direct allocation
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
C000276000
|
direct allocation
|
page read and write
|
||
|
49447FF000
|
stack
|
page read and write
|
||
|
C00018E000
|
direct allocation
|
page read and write
|
||
|
C000300000
|
direct allocation
|
page read and write
|
||
|
C000055000
|
direct allocation
|
page read and write
|
||
|
C000294000
|
direct allocation
|
page read and write
|
||
|
4943FFB000
|
stack
|
page read and write
|
||
|
1A9EB296000
|
direct allocation
|
page read and write
|
||
|
17FA000
|
unkown
|
page write copy
|
||
|
1A9EB290000
|
direct allocation
|
page read and write
|
||
|
C00010E000
|
direct allocation
|
page read and write
|
||
|
1A9EB1F0000
|
heap
|
page read and write
|
||
|
C00029C000
|
direct allocation
|
page read and write
|
||
|
C000358000
|
direct allocation
|
page read and write
|
||
|
C00020C000
|
direct allocation
|
page read and write
|
||
|
C000290000
|
direct allocation
|
page read and write
|
||
|
C000376000
|
direct allocation
|
page read and write
|
||
|
C000043000
|
direct allocation
|
page read and write
|
||
|
C0000F2000
|
direct allocation
|
page read and write
|
||
|
49451FF000
|
stack
|
page read and write
|
||
|
C00010C000
|
direct allocation
|
page read and write
|
||
|
1A9EB306000
|
direct allocation
|
page read and write
|
||
|
C0000EE000
|
direct allocation
|
page read and write
|
||
|
1781000
|
unkown
|
page write copy
|
||
|
C0000FA000
|
direct allocation
|
page read and write
|
||
|
C0002A4000
|
direct allocation
|
page read and write
|
||
|
17FB000
|
unkown
|
page readonly
|
||
|
1A9EB234000
|
direct allocation
|
page read and write
|
||
|
C0000B4000
|
direct allocation
|
page read and write
|
||
|
C000098000
|
direct allocation
|
page read and write
|
||
|
C000378000
|
direct allocation
|
page read and write
|
||
|
13FA000
|
unkown
|
page readonly
|
||
|
C0000E4000
|
direct allocation
|
page read and write
|
||
|
C0001F2000
|
direct allocation
|
page read and write
|
||
|
1A9EB02C000
|
heap
|
page read and write
|
||
|
11C2000
|
unkown
|
page readonly
|
||
|
C00004F000
|
direct allocation
|
page read and write
|
||
|
C00018A000
|
direct allocation
|
page read and write
|
||
|
C00007A000
|
direct allocation
|
page read and write
|
||
|
C00001C000
|
direct allocation
|
page read and write
|
||
|
C00037C000
|
direct allocation
|
page read and write
|
||
|
13FA000
|
unkown
|
page readonly
|
||
|
C00009D000
|
direct allocation
|
page read and write
|
||
|
C0000D6000
|
direct allocation
|
page read and write
|
||
|
C00036E000
|
direct allocation
|
page read and write
|
||
|
C0000C4000
|
direct allocation
|
page read and write
|
||
|
C0002A2000
|
direct allocation
|
page read and write
|
||
|
1A9EB385000
|
heap
|
page read and write
|
||
|
175A000
|
unkown
|
page write copy
|
||
|
1A9EB2A0000
|
direct allocation
|
page read and write
|
||
|
C0001D8000
|
direct allocation
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
1A9EB210000
|
heap
|
page read and write
|
||
|
C000298000
|
direct allocation
|
page read and write
|
||
|
1A9EB29C000
|
direct allocation
|
page read and write
|
||
|
C00022C000
|
direct allocation
|
page read and write
|
||
|
C00026D000
|
direct allocation
|
page read and write
|
||
|
1A9EB020000
|
heap
|
page read and write
|
||
|
C000180000
|
direct allocation
|
page read and write
|
||
|
174A000
|
unkown
|
page read and write
|
||
|
4944BFE000
|
stack
|
page read and write
|
||
|
C000110000
|
direct allocation
|
page read and write
|
||
|
C00037E000
|
direct allocation
|
page read and write
|
||
|
C000053000
|
direct allocation
|
page read and write
|
||
|
1A9EB230000
|
direct allocation
|
page read and write
|
||
|
17E5000
|
unkown
|
page read and write
|
||
|
C0003A4000
|
direct allocation
|
page read and write
|
||
|
1A9EB2C7000
|
direct allocation
|
page read and write
|
||
|
C000278000
|
direct allocation
|
page read and write
|
||
|
C000282000
|
direct allocation
|
page read and write
|
||
|
C0001A2000
|
direct allocation
|
page read and write
|
||
|
C000380000
|
direct allocation
|
page read and write
|
||
|
1402000
|
unkown
|
page readonly
|
||
|
17ED000
|
unkown
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
C00036A000
|
direct allocation
|
page read and write
|
||
|
C0000FC000
|
direct allocation
|
page read and write
|
||
|
13FE000
|
unkown
|
page readonly
|
||
|
C00029E000
|
direct allocation
|
page read and write
|
||
|
1A9EB029000
|
heap
|
page read and write
|
||
|
C0000E8000
|
direct allocation
|
page read and write
|
||
|
13FE000
|
unkown
|
page readonly
|
||
|
C0000AC000
|
direct allocation
|
page read and write
|
||
|
4944DFE000
|
stack
|
page read and write
|
||
|
C000000000
|
direct allocation
|
page read and write
|
||
|
C0001B8000
|
direct allocation
|
page read and write
|
||
|
C000284000
|
direct allocation
|
page read and write
|
||
|
C0000FE000
|
direct allocation
|
page read and write
|
||
|
11C2000
|
unkown
|
page readonly
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
C000082000
|
direct allocation
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
1A9EB2C0000
|
direct allocation
|
page read and write
|
||
|
C000296000
|
direct allocation
|
page read and write
|
||
|
C000048000
|
direct allocation
|
page read and write
|
||
|
1758000
|
unkown
|
page write copy
|
||
|
C0001BA000
|
direct allocation
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute read
|
||
|
1A9EB318000
|
direct allocation
|
page read and write
|
||
|
C0000EA000
|
direct allocation
|
page read and write
|
||
|
C00026F000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
C000051000
|
direct allocation
|
page read and write
|
||
|
C00001A000
|
direct allocation
|
page read and write
|
||
|
1759000
|
unkown
|
page read and write
|
||
|
C000292000
|
direct allocation
|
page read and write
|
||
|
C0000B2000
|
direct allocation
|
page read and write
|
||
|
49445FC000
|
stack
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
C0001C8000
|
direct allocation
|
page read and write
|
||
|
C0002A0000
|
direct allocation
|
page read and write
|
||
|
C0000A2000
|
direct allocation
|
page read and write
|
||
|
1A9EB010000
|
direct allocation
|
page read and write
|
||
|
C0000AA000
|
direct allocation
|
page read and write
|
||
|
C00019A000
|
direct allocation
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
C000045000
|
direct allocation
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
C0000F0000
|
direct allocation
|
page read and write
|
||
|
C0001A4000
|
direct allocation
|
page read and write
|
||
|
177C000
|
unkown
|
page read and write
|
||
|
C000196000
|
direct allocation
|
page read and write
|
||
|
C0001EE000
|
direct allocation
|
page read and write
|
||
|
C000108000
|
direct allocation
|
page read and write
|
||
|
C0000F8000
|
direct allocation
|
page read and write
|
||
|
1A9EB303000
|
direct allocation
|
page read and write
|
||
|
C0000D2000
|
direct allocation
|
page read and write
|
||
|
C0001E8000
|
direct allocation
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
49443FF000
|
stack
|
page read and write
|
||
|
C000269000
|
direct allocation
|
page read and write
|
||
|
C0001A8000
|
direct allocation
|
page read and write
|
||
|
17FB000
|
unkown
|
page readonly
|
||
|
1A9EB380000
|
heap
|
page read and write
|
||
|
C0001AE000
|
direct allocation
|
page read and write
|
||
|
C00008C000
|
direct allocation
|
page read and write
|
||
|
C000226000
|
direct allocation
|
page read and write
|
||
|
C0000DE000
|
direct allocation
|
page read and write
|
||
|
C0000E2000
|
direct allocation
|
page read and write
|
There are 176 hidden memdumps, click here to show them.