Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO 23JC0704-Rollease-B.exe
|
"C:\Users\user\Desktop\PO 23JC0704-Rollease-B.exe"
|
 |
|
|
C:\Users\user\Desktop\PO 23JC0704-Rollease-B.exe
|
"C:\Users\user\Desktop\PO 23JC0704-Rollease-B.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\PO 23JC0704-Rollease-B_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D01000
|
trusted library allocation
|
page read and write
|
|
|
|
2990000
|
direct allocation
|
page execute and read and write
|
|
|
|
2D2C000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3A05000
|
trusted library allocation
|
page read and write
|
|
|
|
C59000
|
stack
|
page read and write
|
||
|
6D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D44000
|
trusted library allocation
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
6392000
|
heap
|
page read and write
|
||
|
10DE000
|
heap
|
page read and write
|
||
|
2CA0000
|
heap
|
page execute and read and write
|
||
|
D59000
|
stack
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
1123000
|
heap
|
page read and write
|
||
|
520C000
|
stack
|
page read and write
|
||
|
2DFE000
|
trusted library allocation
|
page read and write
|
||
|
555F000
|
stack
|
page read and write
|
||
|
1076000
|
heap
|
page read and write
|
||
|
105F000
|
heap
|
page read and write
|
||
|
2CF1000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
6D00000
|
trusted library allocation
|
page read and write
|
||
|
533D000
|
stack
|
page read and write
|
||
|
51AE000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
6389000
|
heap
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
6300000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2820000
|
direct allocation
|
page execute and read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
59A000
|
unkown
|
page readonly
|
||
|
11CB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6817000
|
trusted library allocation
|
page read and write
|
||
|
C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
67E0000
|
trusted library allocation
|
page read and write
|
||
|
4CB8000
|
trusted library allocation
|
page read and write
|
||
|
4E90000
|
trusted library allocation
|
page read and write
|
||
|
1194000
|
trusted library allocation
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
A25000
|
heap
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
632E000
|
heap
|
page read and write
|
||
|
9E6000
|
heap
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
6CCB000
|
trusted library allocation
|
page read and write
|
||
|
2CEF000
|
trusted library allocation
|
page read and write
|
||
|
2D26000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
6930000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
C9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
68EE000
|
stack
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
1207000
|
heap
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
2B2C000
|
stack
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
2CFD000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
51C2000
|
trusted library allocation
|
page read and write
|
||
|
11BA000
|
trusted library allocation
|
page execute and read and write
|
||
|
CA0000
|
trusted library allocation
|
page read and write
|
||
|
CC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
C3D000
|
stack
|
page read and write
|
||
|
667E000
|
stack
|
page read and write
|
||
|
5250000
|
heap
|
page execute and read and write
|
||
|
11B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
F1E000
|
stack
|
page read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
6354000
|
heap
|
page read and write
|
||
|
9B8000
|
heap
|
page read and write
|
||
|
3CD9000
|
trusted library allocation
|
page read and write
|
||
|
1048000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
67E8000
|
trusted library allocation
|
page read and write
|
||
|
51BD000
|
trusted library allocation
|
page read and write
|
||
|
63B6000
|
heap
|
page read and write
|
||
|
3A01000
|
trusted library allocation
|
page read and write
|
||
|
9DD000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
7030000
|
heap
|
page read and write
|
||
|
2CE7000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
9D8000
|
heap
|
page read and write
|
||
|
502E000
|
stack
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
2D34000
|
trusted library allocation
|
page read and write
|
||
|
1118000
|
heap
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
11C7000
|
trusted library allocation
|
page execute and read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
ED5000
|
heap
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6680000
|
heap
|
page read and write
|
||
|
51B1000
|
trusted library allocation
|
page read and write
|
||
|
51AE000
|
trusted library allocation
|
page read and write
|
||
|
51B6000
|
trusted library allocation
|
page read and write
|
||
|
6AEE000
|
stack
|
page read and write
|
||
|
545C000
|
stack
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
11B2000
|
trusted library allocation
|
page read and write
|
||
|
51A2000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
61FF000
|
stack
|
page read and write
|
||
|
119D000
|
trusted library allocation
|
page execute and read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
2C94000
|
heap
|
page read and write
|
||
|
5270000
|
heap
|
page read and write
|
||
|
6D20000
|
heap
|
page read and write
|
||
|
2ACC000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
130F000
|
stack
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
519E000
|
trusted library allocation
|
page read and write
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
96A000
|
stack
|
page read and write
|
||
|
1193000
|
trusted library allocation
|
page execute and read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
CA4000
|
trusted library allocation
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
4F20000
|
heap
|
page execute and read and write
|
||
|
2D2A000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
heap
|
page execute and read and write
|
||
|
6CC0000
|
trusted library allocation
|
page read and write
|
||
|
106B000
|
heap
|
page read and write
|
||
|
7F1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
519B000
|
trusted library allocation
|
page read and write
|
||
|
67CE000
|
stack
|
page read and write
|
||
|
CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
CCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D28000
|
trusted library allocation
|
page read and write
|
||
|
66CE000
|
stack
|
page read and write
|
||
|
3D18000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
EFF000
|
stack
|
page read and write
|
||
|
270E000
|
stack
|
page read and write
|
||
|
6CB0000
|
trusted library allocation
|
page read and write
|
||
|
11AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3F000
|
stack
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
657E000
|
stack
|
page read and write
|
||
|
9BE000
|
heap
|
page read and write
|
||
|
EC7000
|
heap
|
page read and write
|
||
|
11C5000
|
trusted library allocation
|
page execute and read and write
|
||
|
11C2000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
6947000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page read and write
|
||
|
680D000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
There are 176 hidden memdumps, click here to show them.