Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
rp8s2rxD5lpuQAG.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rp8s2rxD5lpuQAG.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
|
"C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe"
|
||
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
|
C:\Users\user\Desktop\rp8s2rxD5lpuQAG.exe
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://reallyfreegeoip.org
|
unknown
|
||
http://checkip.dyndns.org
|
unknown
|
||
http://checkip.dyndns.org/
|
193.122.130.0
|
||
http://azvconsulting.com
|
unknown
|
||
http://checkip.dyndns.com
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://reallyfreegeoip.org/xml/173.254.250.90
|
188.114.97.3
|
||
https://reallyfreegeoip.org/xml/173.254.250.90p
|
unknown
|
||
http://checkip.dyndns.org/q
|
unknown
|
||
http://reallyfreegeoip.org
|
unknown
|
||
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
azvconsulting.com
|
185.14.58.143
|
||
reallyfreegeoip.org
|
188.114.97.3
|
||
checkip.dyndns.org
|
unknown
|
||
checkip.dyndns.com
|
193.122.130.0
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
||
185.14.58.143
|
azvconsulting.com
|
Spain
|
||
193.122.130.0
|
checkip.dyndns.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\rp8s2rxD5lpuQAG_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1418F000
|
trusted library allocation
|
page read and write
|
||
142F7000
|
trusted library allocation
|
page read and write
|
||
3C89000
|
trusted library allocation
|
page read and write
|
||
140002000
|
remote allocation
|
page execute and read and write
|
||
3DAF000
|
trusted library allocation
|
page read and write
|
||
3A41000
|
trusted library allocation
|
page read and write
|
||
1CBD0000
|
heap
|
page read and write
|
||
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
A12000
|
unkown
|
page readonly
|
||
1CA0000
|
heap
|
page execute and read and write
|
||
1CDC0000
|
heap
|
page execute and read and write
|
||
3D34000
|
trusted library allocation
|
page read and write
|
||
1D1CD000
|
stack
|
page read and write
|
||
4046000
|
trusted library allocation
|
page read and write
|
||
1DDE0000
|
heap
|
page read and write
|
||
1D5CE000
|
stack
|
page read and write
|
||
3AD0000
|
trusted library section
|
page read and write
|
||
205AE000
|
stack
|
page read and write
|
||
1C541000
|
heap
|
page read and write
|
||
7FF849020000
|
trusted library allocation
|
page read and write
|
||
3D64000
|
trusted library allocation
|
page read and write
|
||
B90000
|
heap
|
page read and write
|
||
1240000
|
trusted library allocation
|
page read and write
|
||
7FF848F06000
|
trusted library allocation
|
page execute and read and write
|
||
1230000
|
trusted library allocation
|
page read and write
|
||
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
1EFD0000
|
heap
|
page read and write
|
||
B40000
|
heap
|
page read and write
|
||
3BD5000
|
trusted library allocation
|
page read and write
|
||
1356000
|
heap
|
page read and write
|
||
7FF848EE0000
|
trusted library allocation
|
page execute and read and write
|
||
3BE5000
|
trusted library allocation
|
page read and write
|
||
7FF849034000
|
trusted library allocation
|
page read and write
|
||
42F6000
|
trusted library allocation
|
page read and write
|
||
1C613000
|
heap
|
page read and write
|
||
12D0000
|
trusted library allocation
|
page read and write
|
||
1DAE000
|
stack
|
page read and write
|
||
B50000
|
heap
|
page read and write
|
||
132A000
|
heap
|
page read and write
|
||
3F41000
|
trusted library allocation
|
page read and write
|
||
13D7000
|
heap
|
page read and write
|
||
3B3A000
|
heap
|
page read and write
|
||
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
1CC0000
|
heap
|
page read and write
|
||
1580000
|
trusted library section
|
page read and write
|
||
13CE000
|
heap
|
page read and write
|
||
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
3C19000
|
trusted library allocation
|
page read and write
|
||
140A4000
|
trusted library allocation
|
page read and write
|
||
13DB000
|
heap
|
page read and write
|
||
1C500000
|
heap
|
page read and write
|
||
15A0000
|
heap
|
page read and write
|
||
1C565000
|
heap
|
page read and write
|
||
1D9CE000
|
stack
|
page read and write
|
||
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848E44000
|
trusted library allocation
|
page read and write
|
||
1C610000
|
heap
|
page read and write
|
||
7FF849010000
|
trusted library allocation
|
page read and write
|
||
1CB5E000
|
stack
|
page read and write
|
||
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
1310000
|
heap
|
page execute and read and write
|
||
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
13A41000
|
trusted library allocation
|
page read and write
|
||
1358000
|
heap
|
page read and write
|
||
1CCD0000
|
trusted library section
|
page read and write
|
||
1FDAD000
|
stack
|
page read and write
|
||
1386000
|
heap
|
page read and write
|
||
12F8000
|
heap
|
page read and write
|
||
136B000
|
heap
|
page read and write
|
||
7FF849030000
|
trusted library allocation
|
page read and write
|
||
3D26000
|
trusted library allocation
|
page read and write
|
||
1F5D2000
|
trusted library allocation
|
page read and write
|
||
4042000
|
trusted library allocation
|
page read and write
|
||
7FF849003000
|
trusted library allocation
|
page read and write
|
||
3D39000
|
trusted library allocation
|
page read and write
|
||
140000000
|
remote allocation
|
page execute and read and write
|
||
3B4E000
|
trusted library allocation
|
page read and write
|
||
1371000
|
heap
|
page read and write
|
||
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
1CBC0000
|
heap
|
page read and write
|
||
1BF70000
|
trusted library allocation
|
page read and write
|
||
1470000
|
trusted library section
|
page readonly
|
||
14F5000
|
heap
|
page read and write
|
||
3C2D000
|
trusted library allocation
|
page read and write
|
||
13AAD000
|
trusted library allocation
|
page read and write
|
||
7FF849000000
|
trusted library allocation
|
page read and write
|
||
7FF848E4D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848E32000
|
trusted library allocation
|
page read and write
|
||
1F0D0000
|
heap
|
page read and write
|
||
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
11ED000
|
stack
|
page read and write
|
||
14A0000
|
trusted library allocation
|
page read and write
|
||
13F51000
|
trusted library allocation
|
page read and write
|
||
13ADE000
|
trusted library allocation
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
1C568000
|
heap
|
page read and write
|
||
3C62000
|
trusted library allocation
|
page read and write
|
||
3F3E000
|
stack
|
page read and write
|
||
1CBB0000
|
heap
|
page read and write
|
||
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
131E000
|
heap
|
page read and write
|
||
7FF49DA10000
|
trusted library allocation
|
page execute and read and write
|
||
7FF849007000
|
trusted library allocation
|
page read and write
|
||
3A3E000
|
stack
|
page read and write
|
||
3D11000
|
trusted library allocation
|
page read and write
|
||
1EF55000
|
heap
|
page read and write
|
||
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
7FF848FFB000
|
trusted library allocation
|
page read and write
|
||
1EED0000
|
heap
|
page read and write
|
||
3B9C000
|
trusted library allocation
|
page read and write
|
||
1C1BD000
|
stack
|
page read and write
|
||
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
3BD9000
|
trusted library allocation
|
page read and write
|
||
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
1340000
|
heap
|
page read and write
|
||
1D00000
|
heap
|
page read and write
|
||
7FF848ED6000
|
trusted library allocation
|
page read and write
|
||
1210000
|
trusted library allocation
|
page read and write
|
||
1C2F000
|
stack
|
page read and write
|
||
3B30000
|
heap
|
page read and write
|
||
3D76000
|
trusted library allocation
|
page read and write
|
||
1346000
|
heap
|
page read and write
|
||
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
1C6BC000
|
stack
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
201AB000
|
stack
|
page read and write
|
||
1480000
|
heap
|
page read and write
|
||
1440000
|
heap
|
page read and write
|
||
3D16000
|
trusted library allocation
|
page read and write
|
||
A10000
|
unkown
|
page readonly
|
||
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
13AD2000
|
trusted library allocation
|
page read and write
|
||
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
130B000
|
heap
|
page read and write
|
||
13E1000
|
heap
|
page read and write
|
||
13B3000
|
heap
|
page read and write
|
||
1DDCE000
|
stack
|
page read and write
|
||
1383000
|
heap
|
page read and write
|
||
12DE000
|
stack
|
page read and write
|
||
1C56A000
|
heap
|
page read and write
|
||
17ED000
|
stack
|
page read and write
|
||
3B97000
|
trusted library allocation
|
page read and write
|
||
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
1E35B000
|
stack
|
page read and write
|
||
1DE0D000
|
heap
|
page read and write
|
||
3B93000
|
trusted library allocation
|
page read and write
|
||
1CD70000
|
heap
|
page read and write
|
||
12F0000
|
heap
|
page read and write
|
||
7FF848E24000
|
trusted library allocation
|
page read and write
|
||
3D2F000
|
trusted library allocation
|
page read and write
|
||
1437000
|
heap
|
page read and write
|
||
3B8F000
|
trusted library allocation
|
page read and write
|
||
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
3B10000
|
trusted library section
|
page read and write
|
||
13F41000
|
trusted library allocation
|
page read and write
|
||
3BEA000
|
trusted library allocation
|
page read and write
|
||
7FF848FF8000
|
trusted library allocation
|
page read and write
|
||
3D1C000
|
trusted library allocation
|
page read and write
|
||
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
1430000
|
heap
|
page read and write
|
||
3B6E000
|
trusted library allocation
|
page read and write
|
||
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
3D6A000
|
trusted library allocation
|
page read and write
|
||
3C06000
|
trusted library allocation
|
page read and write
|
||
14F0000
|
heap
|
page read and write
|
||
1D05000
|
heap
|
page read and write
|
||
7FF848FF0000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
3BE1000
|
trusted library allocation
|
page read and write
|
||
3B33000
|
trusted library allocation
|
page read and write
|
||
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
7FF848E22000
|
trusted library allocation
|
page read and write
|
||
3BEE000
|
trusted library allocation
|
page read and write
|
||
3D70000
|
trusted library allocation
|
page read and write
|
||
7FF848E4B000
|
trusted library allocation
|
page execute and read and write
|
||
13AC9000
|
trusted library allocation
|
page read and write
|
||
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
3C5E000
|
trusted library allocation
|
page read and write
|
||
1CBC3000
|
heap
|
page read and write
|
||
15A5000
|
heap
|
page read and write
|
||
A90000
|
heap
|
page read and write
|
||
3C75000
|
trusted library allocation
|
page read and write
|
||
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
1318000
|
heap
|
page read and write
|
||
1F0E0000
|
heap
|
page read and write
|
||
7FF848E7C000
|
trusted library allocation
|
page execute and read and write
|
||
19AE000
|
stack
|
page read and write
|
||
7FF84902D000
|
trusted library allocation
|
page read and write
|
||
11F2000
|
stack
|
page read and write
|
||
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
13F48000
|
trusted library allocation
|
page read and write
|
||
3630000
|
heap
|
page execute and read and write
|
||
BC0000
|
heap
|
page read and write
|
||
13AD000
|
heap
|
page read and write
|
||
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
B90000
|
heap
|
page read and write
|
||
7FF849029000
|
trusted library allocation
|
page read and write
|
||
143D000
|
heap
|
page read and write
|
||
3B86000
|
trusted library allocation
|
page read and write
|
||
1CD76000
|
heap
|
page read and write
|
||
21AE000
|
stack
|
page read and write
|
||
1F1A4000
|
heap
|
page read and write
|
||
1C53F000
|
heap
|
page read and write
|
||
7FF849010000
|
trusted library allocation
|
page execute and read and write
|
||
3AF0000
|
heap
|
page read and write
|
||
3BF2000
|
trusted library allocation
|
page read and write
|
||
1EB5E000
|
stack
|
page read and write
|
||
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
1243000
|
trusted library allocation
|
page read and write
|
||
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
1EF5D000
|
stack
|
page read and write
|
||
1DDD0000
|
heap
|
page read and write
|
||
7FF848EDC000
|
trusted library allocation
|
page execute and read and write
|
||
BE0000
|
trusted library allocation
|
page read and write
|
||
BB5000
|
heap
|
page read and write
|
||
1C40000
|
heap
|
page read and write
|
||
1E75E000
|
stack
|
page read and write
|
||
3BDD000
|
trusted library allocation
|
page read and write
|
||
7FF848E23000
|
trusted library allocation
|
page execute and read and write
|
There are 217 hidden memdumps, click here to show them.