Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\apollo.exe
|
"C:\Users\user\Desktop\apollo.exe"
|
 |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://192.168.1.217:4432
|
unknown
|
||
|
https://192.168.1.217/dato
|
unknown
|
||
|
https://192.168.1.217/to
|
unknown
|
||
|
https://192.168.1.217(
|
unknown
|
||
|
https://192.168.1.217:443
|
unknown
|
||
|
http://schemas.datacontract.org
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/ApolloInterop.Structs.MythicStructs
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://192.168.1.217
|
unknown
|
||
|
https://192.168.1.217:4
|
unknown
|
There are 1 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.1.217
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\apollo_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
15246621000
|
trusted library allocation
|
page read and write
|
|
|
|
1525EDF0000
|
trusted library section
|
page read and write
|
|
|
|
15244782000
|
unkown
|
page readonly
|
|
|
|
15244F30000
|
trusted library section
|
page read and write
|
|
|
|
15256621000
|
trusted library allocation
|
page read and write
|
|
|
|
152567D3000
|
trusted library allocation
|
page read and write
|
|
|
|
1525F083000
|
heap
|
page read and write
|
||
|
7FFD9B60D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1525EFE0000
|
heap
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
152567C5000
|
trusted library allocation
|
page read and write
|
||
|
15244780000
|
unkown
|
page readonly
|
||
|
152466E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B604000
|
trusted library allocation
|
page read and write
|
||
|
1524665A000
|
trusted library allocation
|
page read and write
|
||
|
15245005000
|
heap
|
page read and write
|
||
|
15244B4C000
|
heap
|
page read and write
|
||
|
39593A8000
|
stack
|
page read and write
|
||
|
1524675D000
|
trusted library allocation
|
page read and write
|
||
|
15244C21000
|
heap
|
page read and write
|
||
|
15244C40000
|
heap
|
page read and write
|
||
|
15244BF3000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
3959BFE000
|
stack
|
page read and write
|
||
|
15246666000
|
trusted library allocation
|
page read and write
|
||
|
1525E650000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B696000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
39599FE000
|
stack
|
page read and write
|
||
|
15244780000
|
unkown
|
page readonly
|
||
|
395A3FD000
|
stack
|
page read and write
|
||
|
7FFD9B5FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244E53000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5E2000
|
trusted library allocation
|
page read and write
|
||
|
152466FB000
|
trusted library allocation
|
page read and write
|
||
|
152467E0000
|
trusted library allocation
|
page read and write
|
||
|
152467C6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
15246668000
|
trusted library allocation
|
page read and write
|
||
|
15244A10000
|
heap
|
page read and write
|
||
|
15244C1C000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
15244BB0000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B700000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B63C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3959AFD000
|
stack
|
page read and write
|
||
|
15244E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF48E390000
|
trusted library allocation
|
page execute and read and write
|
||
|
39593FF000
|
stack
|
page read and write
|
||
|
395A53E000
|
stack
|
page read and write
|
||
|
39598FE000
|
stack
|
page read and write
|
||
|
15244B40000
|
heap
|
page read and write
|
||
|
7FFD9B83C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B69C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244B46000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
15246756000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B690000
|
trusted library allocation
|
page read and write
|
||
|
15245000000
|
heap
|
page read and write
|
||
|
15244BAE000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
15244FB0000
|
heap
|
page read and write
|
||
|
1525F08E000
|
heap
|
page read and write
|
||
|
152466EF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244F80000
|
trusted library section
|
page read and write
|
||
|
7FFD9B6C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244B84000
|
heap
|
page read and write
|
||
|
15244B10000
|
heap
|
page read and write
|
||
|
15244E40000
|
trusted library allocation
|
page read and write
|
||
|
15244E15000
|
heap
|
page read and write
|
||
|
15244E20000
|
trusted library allocation
|
page read and write
|
||
|
1525F044000
|
heap
|
page read and write
|
||
|
15244BB4000
|
heap
|
page read and write
|
||
|
7FFD9B5F0000
|
trusted library allocation
|
page read and write
|
||
|
152467DE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page read and write
|
||
|
152567C9000
|
trusted library allocation
|
page read and write
|
||
|
15244E10000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
15244B81000
|
heap
|
page read and write
|
||
|
39596FE000
|
stack
|
page read and write
|
||
|
395A1FE000
|
stack
|
page read and write
|
||
|
7FFD9B6A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244FD0000
|
trusted library allocation
|
page read and write
|
||
|
1524677C000
|
trusted library allocation
|
page read and write
|
||
|
1525EFB0000
|
heap
|
page execute and read and write
|
||
|
15244B6C000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
15244EB0000
|
heap
|
page execute and read and write
|
||
|
395A2FD000
|
stack
|
page read and write
|
||
|
15244F90000
|
trusted library section
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
15244FC0000
|
trusted library section
|
page read and write
|
||
|
1525F068000
|
heap
|
page read and write
|
||
|
1525F086000
|
heap
|
page read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
15244E80000
|
trusted library section
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page read and write
|
||
|
15244E90000
|
trusted library section
|
page read and write
|
||
|
395A43E000
|
stack
|
page read and write
|
||
|
15244E60000
|
trusted library section
|
page read and write
|
||
|
15246643000
|
trusted library allocation
|
page read and write
|
||
|
15244C25000
|
heap
|
page read and write
|
||
|
3959EFA000
|
stack
|
page read and write
|
||
|
395A0FE000
|
stack
|
page read and write
|
||
|
15244FE0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B60B000
|
trusted library allocation
|
page execute and read and write
|
||
|
152466EC000
|
trusted library allocation
|
page read and write
|
||
|
39597FF000
|
stack
|
page read and write
|
||
|
1525F005000
|
heap
|
page read and write
|
||
|
7FFD9B5F3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244AF0000
|
heap
|
page read and write
|
||
|
7FFD9B79C000
|
trusted library allocation
|
page read and write
|
||
|
152466E9000
|
trusted library allocation
|
page read and write
|
||
|
152467B0000
|
trusted library allocation
|
page read and write
|
||
|
1525676F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5E4000
|
trusted library allocation
|
page read and write
|
||
|
395A63D000
|
stack
|
page read and write
|
||
|
7FFD9B5ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
15244982000
|
unkown
|
page readonly
|
||
|
1525EFFF000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
There are 120 hidden memdumps, click here to show them.