Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
|
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
|
||
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
|
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
|
||
C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe
|
"C:\Users\user\Desktop\DHL Shipping documents 0020398484995500.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://ftp.concaribe.com
|
unknown
|
||
https://api.ipify.org/
|
104.26.12.205
|
||
https://api.ipify.org
|
unknown
|
||
https://account.dyn.com/
|
unknown
|
||
http://concaribe.com
|
unknown
|
||
https://api.ipify.org/t
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://github.com/dnSpy/dnSpy/wiki/Debugging-Unity-Games
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
concaribe.com
|
192.185.13.234
|
||
ftp.concaribe.com
|
unknown
|
||
api.ipify.org
|
104.26.12.205
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.185.13.234
|
concaribe.com
|
United States
|
||
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DHL Shipping documents 0020398484995500_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3FD9000
|
trusted library allocation
|
page read and write
|
||
2E91000
|
trusted library allocation
|
page read and write
|
||
2EBC000
|
trusted library allocation
|
page read and write
|
||
402000
|
remote allocation
|
page execute and read and write
|
||
1140000
|
trusted library allocation
|
page read and write
|
||
2EC0000
|
heap
|
page execute and read and write
|
||
63D0000
|
heap
|
page read and write
|
||
2ED0000
|
trusted library allocation
|
page read and write
|
||
3E41000
|
trusted library allocation
|
page read and write
|
||
1584000
|
heap
|
page read and write
|
||
150E000
|
stack
|
page read and write
|
||
1133000
|
trusted library allocation
|
page read and write
|
||
14A0000
|
heap
|
page read and write
|
||
5520000
|
heap
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
14A7000
|
heap
|
page read and write
|
||
F63000
|
trusted library allocation
|
page execute and read and write
|
||
631D000
|
stack
|
page read and write
|
||
62B0000
|
heap
|
page read and write
|
||
62B5000
|
heap
|
page read and write
|
||
5AED000
|
trusted library allocation
|
page read and write
|
||
2D6E000
|
trusted library allocation
|
page read and write
|
||
1510000
|
trusted library allocation
|
page read and write
|
||
2E10000
|
heap
|
page execute and read and write
|
||
14C0000
|
heap
|
page read and write
|
||
5380000
|
heap
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
1520000
|
trusted library allocation
|
page read and write
|
||
2EBA000
|
trusted library allocation
|
page read and write
|
||
102A000
|
heap
|
page read and write
|
||
168E000
|
stack
|
page read and write
|
||
1440000
|
trusted library allocation
|
page read and write
|
||
11A3000
|
heap
|
page read and write
|
||
F6D000
|
trusted library allocation
|
page execute and read and write
|
||
1036000
|
heap
|
page read and write
|
||
2EB8000
|
trusted library allocation
|
page read and write
|
||
516E000
|
stack
|
page read and write
|
||
7070000
|
heap
|
page read and write
|
||
F9B000
|
trusted library allocation
|
page execute and read and write
|
||
2D82000
|
trusted library allocation
|
page read and write
|
||
5540000
|
heap
|
page read and write
|
||
1008000
|
heap
|
page read and write
|
||
5AE0000
|
trusted library allocation
|
page read and write
|
||
BB0000
|
unkown
|
page readonly
|
||
6A1E000
|
stack
|
page read and write
|
||
701E000
|
stack
|
page read and write
|
||
1294000
|
trusted library allocation
|
page read and write
|
||
1105000
|
heap
|
page read and write
|
||
2D4E000
|
stack
|
page read and write
|
||
2DCC000
|
stack
|
page read and write
|
||
1540000
|
heap
|
page read and write
|
||
66CB000
|
heap
|
page read and write
|
||
F64000
|
trusted library allocation
|
page read and write
|
||
2D5B000
|
trusted library allocation
|
page read and write
|
||
10CE000
|
stack
|
page read and write
|
||
BEE000
|
stack
|
page read and write
|
||
2E80000
|
trusted library allocation
|
page read and write
|
||
F70000
|
trusted library allocation
|
page read and write
|
||
5530000
|
heap
|
page read and write
|
||
FC5000
|
heap
|
page read and write
|
||
3FD1000
|
trusted library allocation
|
page read and write
|
||