Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hesaphareketi-01.pdf.exe
|
"C:\Users\user\Desktop\hesaphareketi-01.pdf.exe"
|
 |
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org/bot7043330881:AAFq19dRSS-89_wbwEvbuucof5Z3tCHG2NY/
|
unknown
|
|
|
|
https://api.telegram.org
|
unknown
|
|
|
|
https://api.telegram.org/bot7043330881:AAFq19dRSS-89_wbwEvbuucof5Z3tCHG2NY/sendDocument
|
149.154.167.220
|
|
|
|
https://api.telegram
|
unknown
|
|
|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidX
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidY
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://aka.ms/dotnet-warnings/
|
unknown
|
||
|
https://api.telegram.orgx
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameX
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regasm_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF73434D000
|
unkown
|
page readonly
|
|
|
|
7FF7342FD000
|
unkown
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2368203A000
|
direct allocation
|
page read and write
|
|
|
|
7FF73434D000
|
unkown
|
page readonly
|
|
|
|
289A000
|
trusted library allocation
|
page read and write
|
|
|
|
4E60000
|
heap
|
page read and write
|
||
|
494D000
|
stack
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page read and write
|
||
|
7FF7341D1000
|
unkown
|
page execute read
|
||
|
257C000
|
stack
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
5ACB000
|
stack
|
page read and write
|
||
|
3976000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
2367D912000
|
heap
|
page read and write
|
||
|
DF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
616D000
|
trusted library allocation
|
page read and write
|
||
|
27713DA8000
|
heap
|
page read and write
|
||
|
6B19000
|
heap
|
page read and write
|
||
|
6B10000
|
heap
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
276931DF000
|
direct allocation
|
page read and write
|
||
|
62BB000
|
stack
|
page read and write
|
||
|
5B98000
|
heap
|
page read and write
|
||
|
23681800000
|
direct allocation
|
page read and write
|
||
|
39FA000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
AC8000
|
heap
|
page read and write
|
||
|
7FF7343D8000
|
unkown
|
page readonly
|
||
|
27AE000
|
stack
|
page read and write
|
||
|
6540000
|
heap
|
page read and write
|
||
|
6A9D000
|
stack
|
page read and write
|
||
|
7FF7343CA000
|
unkown
|
page read and write
|
||
|
6170000
|
trusted library allocation
|
page read and write
|
||
|
276871B9000
|
direct allocation
|
page read and write
|
||
|
D0C000
|
unkown
|
page read and write
|
||
|
8A9A000
|
heap
|
page read and write
|
||
|
6EDB6000
|
unkown
|
page readonly
|
||
|
5ADE000
|
heap
|
page read and write
|
||
|
2367DB90000
|
heap
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
4FA000
|
stack
|
page read and write
|
||
|
27F1000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
296D000
|
trusted library allocation
|
page read and write
|
||
|
276871B4000
|
direct allocation
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
2367D915000
|
heap
|
page read and write
|
||
|
6E06D59000
|
stack
|
page read and write
|
||
|
2979000
|
trusted library allocation
|
page read and write
|
||
|
2A4C000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
2367D750000
|
heap
|
page read and write
|
||
|
3A7A000
|
trusted library allocation
|
page read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
6890000
|
heap
|
page read and write
|
||
|
DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
6160000
|
trusted library allocation
|
page read and write
|
||
|
25BE000
|
stack
|
page read and write
|
||
|
7FF7341D0000
|
unkown
|
page readonly
|
||
|
27DB000
|
trusted library allocation
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
EAFE000
|
trusted library allocation
|
page read and write
|
||
|
29D5000
|
trusted library allocation
|
page read and write
|
||
|
AC4000
|
heap
|
page read and write
|
||
|
27FD000
|
trusted library allocation
|
page read and write
|
||
|
3A3A000
|
trusted library allocation
|
page read and write
|
||
|
A4EE000
|
trusted library allocation
|
page read and write
|
||
|
297D000
|
trusted library allocation
|
page read and write
|
||
|
532B000
|
stack
|
page read and write
|
||
|
28D8000
|
trusted library allocation
|
page read and write
|
||
|
2981000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
4E4E000
|
stack
|
page read and write
|
||
|
3851000
|
trusted library allocation
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page read and write
|
||
|
2892000
|
trusted library allocation
|
page read and write
|
||
|
27E2000
|
trusted library allocation
|
page read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
2A54000
|
trusted library allocation
|
page read and write
|
||
|
A83000
|
heap
|
page read and write
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
6E071FF000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2367F400000
|
direct allocation
|
page read and write
|
||
|
27713DCC000
|
heap
|
page read and write
|
||
|
2840000
|
heap
|
page execute and read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
288A000
|
trusted library allocation
|
page read and write
|
||
|
E05000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B3C000
|
trusted library allocation
|
page read and write
|
||
|
6B20000
|
trusted library allocation
|
page read and write
|
||
|
AC6000
|
heap
|
page read and write
|
||
|
3ABA000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
heap
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
2965000
|
trusted library allocation
|
page read and write
|
||
|
E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
8A95000
|
heap
|
page read and write
|
||
|
5B22000
|
heap
|
page read and write
|
||
|
8A2C000
|
heap
|
page read and write
|
||
|
627E000
|
stack
|
page read and write
|
||
|
2367D890000
|
direct allocation
|
page read and write
|
||
|
A24000
|
heap
|
page read and write
|
||
|
600E000
|
stack
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
5F9000
|
stack
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
6EDA1000
|
unkown
|
page execute read
|
||
|
293C000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
AC1000
|
heap
|
page read and write
|
||
|
6EDBD000
|
unkown
|
page read and write
|
||
|
3B3A000
|
trusted library allocation
|
page read and write
|
||
|
23685400000
|
direct allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
7FF7341D0000
|
unkown
|
page readonly
|
||
|
7A20000
|
heap
|
page read and write
|
||
|
2802000
|
trusted library allocation
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
23684000000
|
direct allocation
|
page read and write
|
||
|
DFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EDBF000
|
unkown
|
page readonly
|
||
|
23681400000
|
direct allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
A31000
|
heap
|
page read and write
|
||
|
2367D830000
|
heap
|
page read and write
|
||
|
5CCC000
|
stack
|
page read and write
|
||
|
6EDA0000
|
unkown
|
page readonly
|
||
|
5AD8000
|
heap
|
page read and write
|
||
|
7FF7343D0000
|
unkown
|
page read and write
|
||
|
7FF7341D1000
|
unkown
|
page execute read
|
||
|
288E000
|
trusted library allocation
|
page read and write
|
||
|
3936000
|
trusted library allocation
|
page read and write
|
||
|
5BBE000
|
heap
|
page read and write
|
||
|
3B7A000
|
trusted library allocation
|
page read and write
|
||
|
2896000
|
trusted library allocation
|
page read and write
|
||
|
51BC000
|
stack
|
page read and write
|
||
|
2A4E000
|
trusted library allocation
|
page read and write
|
||
|
7A30000
|
heap
|
page read and write
|
||
|
2367D850000
|
heap
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
8E5000
|
heap
|
page read and write
|
||
|
2367D8BC000
|
heap
|
page read and write
|
||
|
27B0000
|
trusted library allocation
|
page read and write
|
||
|
536B000
|
stack
|
page read and write
|
||
|
6E072FE000
|
stack
|
page read and write
|
||
|
39B8000
|
trusted library allocation
|
page read and write
|
||
|
6480000
|
trusted library allocation
|
page read and write
|
||
|
DF2000
|
trusted library allocation
|
page read and write
|
||
|
23684A00000
|
direct allocation
|
page read and write
|
||
|
269C000
|
stack
|
page read and write
|
||
|
2DBB000
|
trusted library allocation
|
page read and write
|
||
|
699D000
|
stack
|
page read and write
|
||
|
4CCC000
|
stack
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
C87000
|
heap
|
page read and write
|
||
|
DD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
D5C000
|
stack
|
page read and write
|
||
|
2367D880000
|
direct allocation
|
page read and write
|
||
|
25C8000
|
trusted library allocation
|
page read and write
|
||
|
4F6C000
|
stack
|
page read and write
|
||
|
DDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
6E070FE000
|
stack
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
7FF7343D8000
|
unkown
|
page readonly
|
||
|
EAF9000
|
trusted library allocation
|
page read and write
|
||
|
E07000
|
trusted library allocation
|
page execute and read and write
|
||
|
27713CE0000
|
heap
|
page read and write
|
||
|
7FD30000
|
trusted library allocation
|
page execute and read and write
|
||
|
52BC000
|
stack
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
38B5000
|
trusted library allocation
|
page read and write
|
||
|
D9C000
|
stack
|
page read and write
|
||
|
27F6000
|
trusted library allocation
|
page read and write
|
||
|
604E000
|
stack
|
page read and write
|
||
|
4D10000
|
heap
|
page read and write
|
||
|
2ADE000
|
trusted library allocation
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page execute and read and write
|
||
|
DD4000
|
trusted library allocation
|
page read and write
|
||
|
2A7E000
|
trusted library allocation
|
page read and write
|
||
|
3879000
|
trusted library allocation
|
page read and write
|
||
|
8A20000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
62C0000
|
trusted library allocation
|
page read and write
|
||
|
2971000
|
trusted library allocation
|
page read and write
|
||
|
5AF0000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
4D00000
|
heap
|
page execute and read and write
|
||
|
9FB000
|
heap
|
page read and write
|
||
|
62D0000
|
trusted library allocation
|
page read and write
|
||
|
5BA4000
|
heap
|
page read and write
|
||
|
6158000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
E02000
|
trusted library allocation
|
page read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
4E64000
|
heap
|
page read and write
|
||
|
3AFA000
|
trusted library allocation
|
page read and write
|
||
|
27EE000
|
trusted library allocation
|
page read and write
|
||
|
23681C00000
|
direct allocation
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
8AC2000
|
heap
|
page read and write
|
||
|
61E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
647C000
|
stack
|
page read and write
|
||
|
6177000
|
trusted library allocation
|
page read and write
|
||
|
E66000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
EAF6000
|
trusted library allocation
|
page read and write
|
||
|
7FF7343CA000
|
unkown
|
page write copy
|
||
|
2851000
|
trusted library allocation
|
page read and write
|
||
|
2367D8B0000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
8DE000
|
stack
|
page read and write
|
||
|
61BD000
|
stack
|
page read and write
|
||
|
61C6000
|
trusted library allocation
|
page read and write
|
||
|
5F0E000
|
stack
|
page read and write
|
||
|
2367D8B6000
|
heap
|
page read and write
|
There are 217 hidden memdumps, click here to show them.