Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Zarefy4bOs.exe
|
"C:\Users\user\Desktop\Zarefy4bOs.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://checkip.dyndns.org/
|
193.122.6.168
|
||
|
http://us2.smtp.mailhostbox.com
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
104.21.27.85
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/102.129.152.231$
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/102.129.152.231
|
104.21.67.152
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
us2.smtp.mailhostbox.com
|
208.91.199.225
|
||
|
reallyfreegeoip.org
|
104.21.67.152
|
||
|
scratchdreams.tk
|
104.21.27.85
|
||
|
checkip.dyndns.com
|
193.122.6.168
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.67.152
|
reallyfreegeoip.org
|
United States
|
||
|
193.122.6.168
|
checkip.dyndns.com
|
United States
|
||
|
208.91.199.225
|
us2.smtp.mailhostbox.com
|
United States
|
||
|
104.21.27.85
|
scratchdreams.tk
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Zarefy4bOs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2881000
|
trusted library allocation
|
page read and write
|
|
|
|
422000
|
unkown
|
page readonly
|
|
|
|
2B58000
|
trusted library allocation
|
page read and write
|
|
|
|
610E000
|
stack
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
390B000
|
trusted library allocation
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
61CE000
|
stack
|
page read and write
|
||
|
2AE8000
|
trusted library allocation
|
page read and write
|
||
|
D52000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
trusted library allocation
|
page read and write
|
||
|
2660000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
D67000
|
trusted library allocation
|
page execute and read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
3881000
|
trusted library allocation
|
page read and write
|
||
|
2AF1000
|
trusted library allocation
|
page read and write
|
||
|
5F3E000
|
heap
|
page read and write
|
||
|
D56000
|
trusted library allocation
|
page execute and read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
4DA000
|
stack
|
page read and write
|
||
|
2AD5000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
885000
|
heap
|
page read and write
|
||
|
4D1B000
|
trusted library allocation
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
D65000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A6000
|
trusted library allocation
|
page read and write
|
||
|
4D18000
|
trusted library allocation
|
page read and write
|
||
|
2692000
|
trusted library allocation
|
page read and write
|
||
|
2A49000
|
trusted library allocation
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
52AF000
|
stack
|
page read and write
|
||
|
2935000
|
trusted library allocation
|
page read and write
|
||
|
26B5000
|
trusted library allocation
|
page read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
B29000
|
heap
|
page read and write
|
||
|
2AED000
|
trusted library allocation
|
page read and write
|
||
|
26B2000
|
trusted library allocation
|
page read and write
|
||
|
5ED0000
|
heap
|
page read and write
|
||
|
38E7000
|
trusted library allocation
|
page read and write
|
||
|
A3A000
|
heap
|
page read and write
|
||
|
D5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2987000
|
trusted library allocation
|
page read and write
|
||
|
64D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E4000
|
trusted library allocation
|
page read and write
|
||
|
4CFD000
|
stack
|
page read and write
|
||
|
2B21000
|
trusted library allocation
|
page read and write
|
||
|
D34000
|
trusted library allocation
|
page read and write
|
||
|
268B000
|
trusted library allocation
|
page read and write
|
||
|
292C000
|
trusted library allocation
|
page read and write
|
||
|
2A3B000
|
trusted library allocation
|
page read and write
|
||
|
2A2C000
|
trusted library allocation
|
page read and write
|
||
|
3902000
|
trusted library allocation
|
page read and write
|
||
|
2924000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
2B14000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
trusted library allocation
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
2B27000
|
trusted library allocation
|
page read and write
|
||
|
5F1E000
|
heap
|
page read and write
|
||
|
420000
|
unkown
|
page readonly
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2686000
|
trusted library allocation
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
2ACA000
|
trusted library allocation
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
A71000
|
heap
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
2944000
|
trusted library allocation
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
29F2000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page execute and read and write
|
||
|
29BA000
|
trusted library allocation
|
page read and write
|
||
|
5F6E000
|
heap
|
page read and write
|
||
|
D1F000
|
stack
|
page read and write
|
||
|
62CE000
|
stack
|
page read and write
|
||
|
29FF000
|
trusted library allocation
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
4E55000
|
trusted library allocation
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
269A000
|
trusted library allocation
|
page read and write
|
||
|
3937000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
D4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F64000
|
heap
|
page read and write
|
||
|
2760000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B6F000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D40000
|
trusted library allocation
|
page read and write
|
||
|
2983000
|
trusted library allocation
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page read and write
|
||
|
618E000
|
stack
|
page read and write
|
||
|
297A000
|
trusted library allocation
|
page read and write
|
||
|
4D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D0E000
|
trusted library allocation
|
page read and write
|
||
|
2750000
|
trusted library allocation
|
page read and write
|
||
|
D62000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D16000
|
trusted library allocation
|
page read and write
|
||
|
38A9000
|
trusted library allocation
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
4E52000
|
trusted library allocation
|
page read and write
|
||
|
638E000
|
stack
|
page read and write
|
||
|
269E000
|
trusted library allocation
|
page read and write
|
||
|
297F000
|
trusted library allocation
|
page read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
29CF000
|
trusted library allocation
|
page read and write
|
||
|
614D000
|
stack
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
2ADF000
|
trusted library allocation
|
page read and write
|
||
|
268E000
|
trusted library allocation
|
page read and write
|
||
|
2929000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
trusted library allocation
|
page read and write
|
||
|
2B1A000
|
trusted library allocation
|
page read and write
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
29B6000
|
trusted library allocation
|
page read and write
|
||
|
2ACF000
|
trusted library allocation
|
page read and write
|
||
|
A64000
|
heap
|
page read and write
|
||
|
977000
|
trusted library allocation
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
2A0D000
|
trusted library allocation
|
page read and write
|
||
|
29C6000
|
trusted library allocation
|
page read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
4E63000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
5D7000
|
stack
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
3918000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page read and write
|
||
|
29D3000
|
trusted library allocation
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
29CA000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
heap
|
page execute and read and write
|
||
|
29C2000
|
trusted library allocation
|
page read and write
|
||
|
D6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
4D54000
|
trusted library allocation
|
page read and write
|
||
|
26AD000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4D20000
|
heap
|
page execute and read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
There are 154 hidden memdumps, click here to show them.