Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exe
|
"C:\Users\user\Desktop\f3c462280fd1964d68c76ff6889bd3c766fa7140c07962dda32c0cb488188695_payload.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reallyfreegeoip.org
|
unknown
|
||
|
http://www.microsoft.cR
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33
|
188.114.97.3
|
||
|
https://reallyfreegeoip.org/xml/8.46.123.33$
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.97.3
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2786000
|
trusted library allocation
|
page read and write
|
|
|
|
222000
|
unkown
|
page readonly
|
|
|
|
25C1000
|
trusted library allocation
|
page read and write
|
|
|
|
704000
|
heap
|
page read and write
|
||
|
22FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A21000
|
trusted library allocation
|
page read and write
|
||
|
23C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
35E9000
|
trusted library allocation
|
page read and write
|
||
|
749000
|
heap
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
2835000
|
trusted library allocation
|
page read and write
|
||
|
4A2D000
|
trusted library allocation
|
page read and write
|
||
|
22F0000
|
trusted library allocation
|
page read and write
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
276A000
|
trusted library allocation
|
page read and write
|
||
|
2D9000
|
stack
|
page read and write
|
||
|
27EB000
|
trusted library allocation
|
page read and write
|
||
|
5CDB000
|
heap
|
page read and write
|
||
|
622F000
|
trusted library allocation
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
22F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
62F0000
|
heap
|
page read and write
|
||
|
2809000
|
trusted library allocation
|
page read and write
|
||
|
611E000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page read and write
|
||
|
4A26000
|
trusted library allocation
|
page read and write
|
||
|
6DE000
|
heap
|
page read and write
|
||
|
4A50000
|
trusted library allocation
|
page read and write
|
||
|
5C7C000
|
heap
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
519B000
|
trusted library allocation
|
page read and write
|
||
|
9ED000
|
stack
|
page read and write
|
||
|
5EDD000
|
stack
|
page read and write
|
||
|
2766000
|
trusted library allocation
|
page read and write
|
||
|
220000
|
unkown
|
page readonly
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
2714000
|
trusted library allocation
|
page read and write
|
||
|
26B8000
|
trusted library allocation
|
page read and write
|
||
|
5C60000
|
heap
|
page read and write
|
||
|
3624000
|
trusted library allocation
|
page read and write
|
||
|
4A32000
|
trusted library allocation
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
621E000
|
stack
|
page read and write
|
||
|
CC2000
|
trusted library allocation
|
page read and write
|
||
|
CCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
23D0000
|
heap
|
page execute and read and write
|
||
|
5F1E000
|
stack
|
page read and write
|
||
|
3649000
|
trusted library allocation
|
page read and write
|
||
|
26BC000
|
trusted library allocation
|
page read and write
|
||
|
2842000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
280E000
|
trusted library allocation
|
page read and write
|
||
|
4A1E000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
3D7000
|
stack
|
page read and write
|
||
|
4A0B000
|
trusted library allocation
|
page read and write
|
||
|
274A000
|
trusted library allocation
|
page read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
6DB000
|
heap
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
2778000
|
trusted library allocation
|
page read and write
|
||
|
4A0E000
|
trusted library allocation
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
CBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6223000
|
trusted library allocation
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
trusted library allocation
|
page read and write
|
||
|
622A000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
trusted library allocation
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
4AC0000
|
heap
|
page execute and read and write
|
||
|
363F000
|
trusted library allocation
|
page read and write
|
||
|
CA3000
|
trusted library allocation
|
page execute and read and write
|
||
|
267E000
|
trusted library allocation
|
page read and write
|
||
|
2708000
|
trusted library allocation
|
page read and write
|
||
|
CA4000
|
trusted library allocation
|
page read and write
|
||
|
22F2000
|
trusted library allocation
|
page read and write
|
||
|
CAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CC4000
|
heap
|
page read and write
|
||
|
5198000
|
trusted library allocation
|
page read and write
|
||
|
27EF000
|
trusted library allocation
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page read and write
|
||
|
6230000
|
trusted library allocation
|
page execute and read and write
|
||
|
6800000
|
heap
|
page read and write
|
||
|
2704000
|
trusted library allocation
|
page read and write
|
||
|
5196000
|
trusted library allocation
|
page read and write
|
||
|
2879000
|
trusted library allocation
|
page read and write
|
||
|
5F5E000
|
stack
|
page read and write
|
||
|
5CD8000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
5CA2000
|
heap
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
4A06000
|
trusted library allocation
|
page read and write
|
||
|
27F6000
|
trusted library allocation
|
page read and write
|
||
|
2848000
|
trusted library allocation
|
page read and write
|
||
|
273D000
|
trusted library allocation
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
5D0C000
|
heap
|
page read and write
|
||
|
26FC000
|
trusted library allocation
|
page read and write
|
||
|
2812000
|
trusted library allocation
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
26AF000
|
trusted library allocation
|
page read and write
|
||
|
609E000
|
stack
|
page read and write
|
||
|
5CAE000
|
heap
|
page read and write
|
||
|
CC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6310000
|
trusted library allocation
|
page execute and read and write
|
||
|
283B000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
27FF000
|
trusted library allocation
|
page read and write
|
||
|
60DF000
|
stack
|
page read and write
|
||
|
2699000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
CC0000
|
trusted library allocation
|
page read and write
|
||
|
22F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
CB0000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
605E000
|
stack
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
272F000
|
trusted library allocation
|
page read and write
|
||
|
3655000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BF3000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
4A1A000
|
trusted library allocation
|
page read and write
|
||
|
35C1000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
6220000
|
trusted library allocation
|
page read and write
|
||
|
2700000
|
trusted library allocation
|
page read and write
|
There are 137 hidden memdumps, click here to show them.