Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\XWe8H4gRPb.exe
|
"C:\Users\user\Desktop\XWe8H4gRPb.exe"
|
 |
|
|
C:\Windows\SysWOW64\cmd.exe
|
"cmd.exe" /c sc query "GoodbyeDPI"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc query "GoodbyeDPI"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://uebki.one/api/InfoAboutVPN.php
|
unknown
|
|
|
|
https://cdn.uebki.one/Coprer.conf
|
unknown
|
|
|
|
https://uebki.one/api/not_working.php?0=
|
unknown
|
|
|
|
https://uebki.one/api/zapret_readyconfigs.txt
|
unknown
|
|
|
|
https://uebki.one/api/SendConfigRequest.php?0=;.
|
unknown
|
|
|
|
https://uebki.one/version.txt
|
188.114.96.3
|
|
|
|
https://uebki.one/GoodbyeDPIConfigs.exe
|
unknown
|
|
|
|
http://uebki.oned
|
unknown
|
|
|
|
https://cdn.uebki.one/awg.exe?https://cdn.uebki.one/magic.exeAhttps://cdn.uebki.one/wintun.dll
|
unknown
|
|
|
|
https://uebki.one
|
unknown
|
|
|
|
https://uebki.one/
|
unknown
|
|
|
|
https://uebki.one/api/zapret_strateg.txt
|
unknown
|
|
|
|
https://uebki.one/api/gdpi_strateg.txt-_strategyCurlExtraKeys%_strategyExtraKeys
|
unknown
|
|
|
|
https://uebki.one9https://uebki.one/donate.php
|
unknown
|
|
|
|
https://uebki.one/api/SendConfigRequest.php?0=0
|
unknown
|
|
|
|
http://uebki.one
|
unknown
|
|
|
|
https://uebki.one/antizapret/antizapret.zip
|
unknown
|
|
|
|
https://uebki.one/goodbyedpi_configs/
|
unknown
|
|
|
|
https://rr1---sn-4g5lznek.googlevideo.com4
|
unknown
|
||
|
https://rr1---sn-4g5lznek.googlevideo.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
uebki.one
|
188.114.96.3
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
uebki.one
|
European Union
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\XWe8H4gRPb_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6ED0000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
3188000
|
trusted library allocation
|
page read and write
|
||
|
2FFE000
|
trusted library allocation
|
page read and write
|
||
|
5CEE000
|
stack
|
page read and write
|
||
|
57FD000
|
stack
|
page read and write
|
||
|
308C000
|
trusted library allocation
|
page read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
2F40000
|
heap
|
page execute and read and write
|
||
|
6F10000
|
heap
|
page read and write
|
||
|
7120000
|
trusted library allocation
|
page read and write
|
||
|
54D3000
|
heap
|
page execute and read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
6F66000
|
heap
|
page read and write
|
||
|
310B000
|
trusted library allocation
|
page read and write
|
||
|
6C77000
|
stack
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
6D78000
|
stack
|
page read and write
|
||
|
6F18000
|
heap
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
8774000
|
heap
|
page read and write
|
||
|
30FD000
|
trusted library allocation
|
page read and write
|
||
|
1341000
|
heap
|
page read and write
|
||
|
502D000
|
stack
|
page read and write
|
||
|
D8C000
|
stack
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
2DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F51000
|
trusted library allocation
|
page read and write
|
||
|
3172000
|
trusted library allocation
|
page read and write
|
||
|
14EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
577E000
|
trusted library allocation
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
73F0000
|
heap
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
319E000
|
trusted library allocation
|
page read and write
|
||
|
7160000
|
trusted library allocation
|
page execute and read and write
|
||
|
8950000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
2FED000
|
trusted library allocation
|
page read and write
|
||
|
7110000
|
trusted library allocation
|
page read and write
|
||
|
3168000
|
trusted library allocation
|
page read and write
|
||
|
6F3E000
|
heap
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
6DBE000
|
stack
|
page read and write
|
||
|
3162000
|
heap
|
page read and write
|
||
|
576B000
|
trusted library allocation
|
page read and write
|
||
|
313D000
|
trusted library allocation
|
page read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
30E6000
|
trusted library allocation
|
page read and write
|
||
|
2FD6000
|
trusted library allocation
|
page read and write
|
||
|
71B0000
|
trusted library section
|
page readonly
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
5786000
|
trusted library allocation
|
page read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
unkown
|
page read and write
|
||
|
73EE000
|
stack
|
page read and write
|
||
|
72E0000
|
heap
|
page read and write
|
||
|
561F000
|
stack
|
page read and write
|
||
|
116C000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
128D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5B6F000
|
stack
|
page read and write
|
||
|
14DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3014000
|
trusted library allocation
|
page read and write
|
||
|
2FAE000
|
unkown
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
6EF0000
|
heap
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
6C3E000
|
stack
|
page read and write
|
||
|
2F51000
|
trusted library allocation
|
page read and write
|
||
|
14F2000
|
trusted library allocation
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
6F72000
|
heap
|
page read and write
|
||
|
71AB000
|
stack
|
page read and write
|
||
|
3000000
|
trusted library allocation
|
page read and write
|
||
|
CF2000
|
unkown
|
page readonly
|
||
|
129A000
|
heap
|
page read and write
|
||
|
1346000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
575F000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
2FFA000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
699E000
|
stack
|
page read and write
|
||
|
8930000
|
trusted library allocation
|
page read and write
|
||
|
54CF000
|
trusted library allocation
|
page read and write
|
||
|
8890000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
30C8000
|
trusted library allocation
|
page read and write
|
||
|
1353000
|
heap
|
page read and write
|
||
|
2FB3000
|
trusted library allocation
|
page read and write
|
||
|
31B0000
|
trusted library allocation
|
page read and write
|
||
|
311B000
|
trusted library allocation
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
314C000
|
heap
|
page read and write
|
||
|
74F0000
|
heap
|
page execute and read and write
|
||
|
2FBC000
|
trusted library allocation
|
page read and write
|
||
|
1527000
|
heap
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
3067000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library allocation
|
page execute and read and write
|
||
|
10F8000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
3164000
|
heap
|
page read and write
|
||
|
1283000
|
trusted library allocation
|
page execute and read and write
|
||
|
703C000
|
heap
|
page read and write
|
||
|
578D000
|
trusted library allocation
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page read and write
|
||
|
72C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
135F000
|
heap
|
page read and write
|
||
|
1284000
|
trusted library allocation
|
page read and write
|
||
|
7035000
|
heap
|
page read and write
|
||
|
57A5000
|
trusted library allocation
|
page read and write
|
||
|
14E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BAD000
|
stack
|
page read and write
|
||
|
12D3000
|
heap
|
page read and write
|
||
|
7210000
|
trusted library allocation
|
page read and write
|
||
|
2FD2000
|
trusted library allocation
|
page read and write
|
||
|
7220000
|
heap
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
315F000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
3094000
|
trusted library allocation
|
page read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
5A6D000
|
stack
|
page read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
2FEB000
|
trusted library allocation
|
page read and write
|
||
|
69C0000
|
unkown
|
page read and write
|
||
|
8960000
|
trusted library allocation
|
page read and write
|
||
|
2FE2000
|
trusted library allocation
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
A762000
|
trusted library allocation
|
page read and write
|
||
|
2FAB000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
138A000
|
heap
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
720B000
|
stack
|
page read and write
|
||
|
63BE000
|
stack
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
3022000
|
trusted library allocation
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
54D0000
|
heap
|
page execute and read and write
|
||
|
7225000
|
heap
|
page read and write
|
||
|
129E000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
2FB9000
|
trusted library allocation
|
page read and write
|
||
|
30D4000
|
trusted library allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
8941000
|
trusted library allocation
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
15D000
|
stack
|
page read and write
|
||
|
6EBF000
|
stack
|
page read and write
|
||
|
3087000
|
trusted library allocation
|
page read and write
|
||
|
AC3E000
|
stack
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
14FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
12B8000
|
heap
|
page read and write
|
||
|
CE2000
|
unkown
|
page readonly
|
||
|
14E2000
|
trusted library allocation
|
page read and write
|
||
|
3132000
|
trusted library allocation
|
page read and write
|
||
|
5781000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
7012000
|
heap
|
page read and write
|
||
|
CE0000
|
unkown
|
page readonly
|
||
|
1290000
|
heap
|
page read and write
|
||
|
6F14000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
14F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1180000
|
heap
|
page read and write
|
There are 180 hidden memdumps, click here to show them.