IOC Report
DHL Shipping documents 0020398484995500.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
malicious
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
malicious
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
malicious

URLs

Name
IP
Malicious
http://ftp.concaribe.com
unknown
malicious
https://api.ipify.org/
104.26.12.205
https://api.ipify.org
unknown
https://account.dyn.com/
unknown
http://concaribe.com
unknown
https://api.ipify.org/t
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://github.com/dnSpy/dnSpy/wiki/Debugging-Unity-Games
unknown

Domains

Name
IP
Malicious
concaribe.com
192.185.13.234
malicious
ftp.concaribe.com
unknown
malicious
api.ipify.org
104.26.12.205

IPs

IP
Domain
Country
Malicious
192.185.13.234
concaribe.com
United States
malicious
104.26.12.205
api.ipify.org
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3FD9000
trusted library allocation
page read and write
malicious
2E91000
trusted library allocation
page read and write
malicious
2EBC000
trusted library allocation
page read and write
malicious
402000
remote allocation
page execute and read and write
malicious
1140000
trusted library allocation
page read and write
2EC0000
heap
page execute and read and write
63D0000
heap
page read and write
2ED0000
trusted library allocation
page read and write
3E41000
trusted library allocation
page read and write
1584000
heap
page read and write
150E000
stack
page read and write
1133000
trusted library allocation
page read and write
14A0000
heap
page read and write
5520000
heap
page read and write
BF0000
heap
page read and write
14A7000
heap
page read and write
F63000
trusted library allocation
page execute and read and write
631D000
stack
page read and write
62B0000
heap
page read and write
62B5000
heap
page read and write
5AED000
trusted library allocation
page read and write
2D6E000
trusted library allocation
page read and write
1510000
trusted library allocation
page read and write
2E10000
heap
page execute and read and write
14C0000
heap
page read and write
5380000
heap
page read and write
BA0000
heap
page read and write
1520000
trusted library allocation
page read and write
2EBA000
trusted library allocation
page read and write
102A000
heap
page read and write
168E000
stack
page read and write
1440000
trusted library allocation
page read and write
11A3000
heap
page read and write
F6D000
trusted library allocation
page execute and read and write
1036000
heap
page read and write
2EB8000
trusted library allocation
page read and write
516E000
stack
page read and write
7070000
heap
page read and write
F9B000
trusted library allocation
page execute and read and write
2D82000
trusted library allocation
page read and write
5540000
heap
page read and write
1008000
heap
page read and write
5AE0000
trusted library allocation
page read and write
BB0000
unkown
page readonly
6A1E000
stack
page read and write
701E000
stack
page read and write
1294000
trusted library allocation
page read and write
1105000
heap
page read and write
2D4E000
stack
page read and write
2DCC000
stack
page read and write
1540000
heap
page read and write
66CB000
heap
page read and write
F64000
trusted library allocation
page read and write
2D5B000
trusted library allocation
page read and write
10CE000
stack
page read and write
BEE000
stack
page read and write
2E80000
trusted library allocation
page read and write
F70000
trusted library allocation
page read and write
5530000
heap
page read and write
FC5000
heap
page read and write
3FD1000
trusted library allocation
page read and write