Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Gun Ici Cek Statu Listesi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Gun Ici Cek Statu Listesi.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_44kxd1iw.rn2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_acbkbc55.nb4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ca34s3px.ilr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kweam4ek.lla.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Gun Ici Cek Statu Listesi.exe
|
"C:\Users\user\Desktop\Gun Ici Cek Statu Listesi.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Gun Ici
Cek Statu Listesi.exe"
|
|
|
|
C:\Users\user\Desktop\Gun Ici Cek Statu Listesi.exe
|
"C:\Users\user\Desktop\Gun Ici Cek Statu Listesi.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reallyfreegeoip.org/xml/173.254.250.77d
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://checkip.dyndns.comd
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.77l
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.orgd
|
unknown
|
||
|
http://tempuri.org/DataSet1.xsd
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
http://checkip.dyndns.orgd
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.77
|
188.114.97.3
|
||
|
http://checkip.dyndns.org/d
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://www.chiark.greenend.org.uk/~sgtatham/putty/0
|
unknown
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.97.3
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Gun Ici Cek Statu Listesi_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4009000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
485A000
|
trusted library allocation
|
page read and write
|
|
|
|
1738000
|
heap
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
F0EE000
|
stack
|
page read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
67A7000
|
trusted library allocation
|
page read and write
|
||
|
6930000
|
trusted library allocation
|
page read and write
|
||
|
1233000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
3F31000
|
trusted library allocation
|
page read and write
|
||
|
13EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
53F2000
|
trusted library allocation
|
page read and write
|
||
|
2F5B000
|
stack
|
page read and write
|
||
|
2F29000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page execute and read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
EEAE000
|
stack
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
5742000
|
heap
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
11BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
6760000
|
trusted library allocation
|
page read and write
|
||
|
1242000
|
heap
|
page read and write
|
||
|
2F78000
|
trusted library allocation
|
page read and write
|
||
|
B7E000
|
unkown
|
page readonly
|
||
|
650E000
|
stack
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
7A90000
|
trusted library allocation
|
page read and write
|
||
|
E900000
|
trusted library allocation
|
page execute and read and write
|
||
|
53FE000
|
trusted library allocation
|
page read and write
|
||
|
7A9B000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page execute and read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
63D4000
|
heap
|
page read and write
|
||
|
2F74000
|
trusted library allocation
|
page read and write
|
||
|
119D000
|
trusted library allocation
|
page execute and read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE2000
|
unkown
|
page readonly
|
||
|
74AE000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library section
|
page readonly
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
2DF5000
|
trusted library allocation
|
page read and write
|
||
|
171E000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
5440000
|
heap
|
page read and write
|
||
|
677A000
|
trusted library allocation
|
page read and write
|
||
|
5523000
|
heap
|
page read and write
|
||
|
6650000
|
heap
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
2F86000
|
trusted library allocation
|
page read and write
|
||
|
5468000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
EFEC000
|
stack
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
11A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
31D2000
|
trusted library allocation
|
page read and write
|
||
|
5ADD000
|
stack
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
53EB000
|
trusted library allocation
|
page read and write
|
||
|
EEEB000
|
stack
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
3EF9000
|
trusted library allocation
|
page read and write
|
||
|
2F3C000
|
trusted library allocation
|
page read and write
|
||
|
11EA000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
2FD9000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
3001000
|
trusted library allocation
|
page read and write
|
||
|
5401000
|
trusted library allocation
|
page read and write
|
||
|
6900000
|
trusted library allocation
|
page read and write
|
||
|
118D000
|
trusted library allocation
|
page execute and read and write
|
||
|
53FA000
|
trusted library allocation
|
page read and write
|
||
|
6780000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EC1000
|
trusted library allocation
|
page read and write
|
||
|
EA3E000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
7751000
|
trusted library allocation
|
page read and write
|
||
|
570C000
|
heap
|
page read and write
|
||
|
6800000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
1222000
|
heap
|
page read and write
|
||
|
629E000
|
stack
|
page read and write
|
||
|
11AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
CDA000
|
stack
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page read and write
|
||
|
DD7000
|
stack
|
page read and write
|
||
|
2F9A000
|
trusted library allocation
|
page read and write
|
||
|
56AC000
|
stack
|
page read and write
|
||
|
77BE000
|
stack
|
page read and write
|
||
|
125B000
|
heap
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
639F000
|
stack
|
page read and write
|
||
|
50FB000
|
stack
|
page read and write
|
||
|
54A0000
|
heap
|
page execute and read and write
|
||
|
67A0000
|
trusted library allocation
|
page read and write
|
||
|
F57000
|
stack
|
page read and write
|
||
|
7760000
|
trusted library allocation
|
page read and write
|
||
|
11B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB3E000
|
stack
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
575E000
|
heap
|
page read and write
|
||
|
5406000
|
trusted library allocation
|
page read and write
|
||
|
63A0000
|
heap
|
page read and write
|
||
|
31E6000
|
trusted library allocation
|
page read and write
|
||
|
3EED000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
trusted library allocation
|
page read and write
|
||
|
2FB8000
|
trusted library allocation
|
page read and write
|
||
|
1302000
|
heap
|
page read and write
|
||
|
EC3E000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page execute and read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
774F000
|
stack
|
page read and write
|
||
|
E59000
|
stack
|
page read and write
|
||
|
5752000
|
heap
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
6790000
|
trusted library allocation
|
page execute and read and write
|
||
|
105D000
|
stack
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
6920000
|
trusted library allocation
|
page execute and read and write
|
||
|
5763000
|
heap
|
page read and write
|
||
|
5710000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
31E4000
|
trusted library allocation
|
page read and write
|
||
|
4001000
|
trusted library allocation
|
page read and write
|
||
|
6DD0000
|
heap
|
page read and write
|
||
|
5412000
|
trusted library allocation
|
page read and write
|
||
|
11C8000
|
heap
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1183000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
13C4000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
unkown
|
page readonly
|
||
|
56B0000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page execute and read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
63CF000
|
stack
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
2D58000
|
trusted library allocation
|
page read and write
|
||
|
2EAD000
|
stack
|
page read and write
|
||
|
2F21000
|
trusted library allocation
|
page read and write
|
||
|
7F7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5890000
|
trusted library allocation
|
page execute and read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
540D000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
2F3E000
|
trusted library allocation
|
page read and write
|
||
|
7770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E60000
|
heap
|
page execute and read and write
|
||
|
3014000
|
trusted library allocation
|
page read and write
|
||
|
640E000
|
stack
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
5424000
|
trusted library allocation
|
page read and write
|
||
|
54FE000
|
stack
|
page read and write
|
||
|
2FD7000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
63B0000
|
heap
|
page read and write
|
||
|
2F9E000
|
trusted library allocation
|
page read and write
|
||
|
53E6000
|
trusted library allocation
|
page read and write
|
||
|
13E2000
|
trusted library allocation
|
page read and write
|
||
|
1085000
|
heap
|
page read and write
|
||
|
668E000
|
heap
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
5708000
|
heap
|
page read and write
|
||
|
2F67000
|
trusted library allocation
|
page read and write
|
||
|
1407000
|
trusted library allocation
|
page execute and read and write
|
||
|
56C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5460000
|
trusted library allocation
|
page read and write
|
||
|
2F7E000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
140B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1184000
|
trusted library allocation
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
1258000
|
heap
|
page read and write
|
||
|
E8C5000
|
trusted library allocation
|
page read and write
|
||
|
2F8D000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
heap
|
page read and write
|
||
|
1402000
|
trusted library allocation
|
page read and write
|
||
|
2FAE000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
664F000
|
stack
|
page read and write
|
||
|
2FE3000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
EDAE000
|
stack
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
545B000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
heap
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
619E000
|
stack
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
6776000
|
trusted library allocation
|
page read and write
|
||
|
628E000
|
stack
|
page read and write
|
||
|
609D000
|
stack
|
page read and write
|
||
|
13CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F5B000
|
trusted library allocation
|
page read and write
|
||
|
6774000
|
trusted library allocation
|
page read and write
|
||
|
54BD000
|
stack
|
page read and write
|
||
|
1293000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
11A2000
|
trusted library allocation
|
page read and write
|
||
|
1405000
|
trusted library allocation
|
page execute and read and write
|
||
|
41A000
|
remote allocation
|
page execute and read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
B860000
|
trusted library section
|
page read and write
|
||
|
11B2000
|
trusted library allocation
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
E8C0000
|
trusted library allocation
|
page read and write
|
||
|
6960000
|
heap
|
page read and write
|
||
|
59D0000
|
trusted library section
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
2FA5000
|
trusted library allocation
|
page read and write
|
||
|
7BA2000
|
trusted library allocation
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
2F7D000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
1065000
|
heap
|
page read and write
|
||
|
2FD1000
|
trusted library allocation
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
13E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5462000
|
trusted library allocation
|
page read and write
|
||
|
585F000
|
stack
|
page read and write
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
5A5E000
|
stack
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
2FBC000
|
trusted library allocation
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
78BF000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
3EE4000
|
trusted library allocation
|
page read and write
|
||
|
59A5000
|
heap
|
page read and write
|
||
|
13C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FDD000
|
trusted library allocation
|
page read and write
|
There are 255 hidden memdumps, click here to show them.