Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TahsilatMakbuzu.cmd.exe
|
"C:\Users\user\Desktop\TahsilatMakbuzu.cmd.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://onedrive.live.com
|
unknown
|
||
|
http://onedrive.live.comd
|
unknown
|
||
|
https://onedrive.live.comD
|
unknown
|
||
|
https://1drv.ms/u/s
|
unknown
|
||
|
http://requirejs.org/docs/errors.html#
|
unknown
|
||
|
https://onedrive.liv
|
unknown
|
||
|
https://1drv.msD
|
unknown
|
||
|
https://onedrive.live.com
|
unknown
|
||
|
https://onedrive.live.com/_forms/default.aspx
|
unknown
|
||
|
https://skyapi.onedrive.live.com
|
unknown
|
||
|
https://onedrive.live.com/redir?resid=BF2B7C0838B5E1BD
|
unknown
|
||
|
https://1drv.ms/u/s!Ar3htTgIfCu_dJqG_ruP1N2iLfc?download=1
|
13.107.42.12
|
||
|
https://onedrive.live.com/?id=BF2B7C0838B5E1BD!116&resid=BF2B7C0838B5E1BD!116&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBcjNodFRnSWZDdV9kSnFHX3J1UDFOMmlMZmM_ZG93bmxvYWQ9MQ&migratedtospo=true&cid=bf2b7c0838b5e1bd
|
13.107.139.11
|
||
|
http://1drv.ms
|
unknown
|
||
|
https://onedrive.live.com/_forms/default.aspx?ReturnUrl=%2F%3Fid%3DBF2B7C0838B5E1BD%21116%26resid%3D
|
unknown
|
||
|
https://onedrive.live.com/redir?resid=BF2B7C0838B5E1BD!116&download=1&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3UvcyFBcjNodFRnSWZDdV9kSnFHX3J1UDFOMmlMZmM_ZG93bmxvYWQ9MQ
|
13.107.139.11
|
||
|
http://1drv.msP
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://onedrive.live.com/?id=BF2B7C0838B5E1BD
|
unknown
|
||
|
https://1drv.ms
|
unknown
|
||
|
https://spoprod-a.akamaihd.net/files/odsp-common-library-prod_2019-02-15_20190219.002/require.js
|
unknown
|
There are 11 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dual-spov-0006.spov-msedge.net
|
13.107.139.11
|
||
|
1drv.ms
|
13.107.42.12
|
||
|
onedrive.live.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.107.139.11
|
dual-spov-0006.spov-msedge.net
|
United States
|
||
|
13.107.42.12
|
1drv.ms
|
United States
|
||
|
13.107.137.11
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\TahsilatMakbuzu_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D69000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
2F47000
|
trusted library allocation
|
page read and write
|
||
|
5A3B000
|
stack
|
page read and write
|
||
|
2D25000
|
trusted library allocation
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
2E86000
|
trusted library allocation
|
page read and write
|
||
|
616E000
|
stack
|
page read and write
|
||
|
58FF000
|
stack
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
6790000
|
heap
|
page read and write
|
||
|
1127000
|
heap
|
page read and write
|
||
|
5B7C000
|
stack
|
page read and write
|
||
|
2D9C000
|
trusted library allocation
|
page read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
5D5D000
|
heap
|
page read and write
|
||
|
2D90000
|
trusted library allocation
|
page read and write
|
||
|
3CB9000
|
trusted library allocation
|
page read and write
|
||
|
563D000
|
stack
|
page read and write
|
||
|
2D1B000
|
trusted library allocation
|
page read and write
|
||
|
5CE8000
|
heap
|
page read and write
|
||
|
2D98000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
5F6C000
|
stack
|
page read and write
|
||
|
5CE6000
|
heap
|
page read and write
|
||
|
2D62000
|
trusted library allocation
|
page read and write
|
||
|
BF8000
|
stack
|
page read and write
|
||
|
2FBB000
|
trusted library allocation
|
page read and write
|
||
|
32F8000
|
trusted library allocation
|
page read and write
|
||
|
2CFD000
|
trusted library allocation
|
page read and write
|
||
|
2D75000
|
trusted library allocation
|
page read and write
|
||
|
322F000
|
trusted library allocation
|
page read and write
|
||
|
2D2E000
|
trusted library allocation
|
page read and write
|
||
|
3263000
|
trusted library allocation
|
page read and write
|
||
|
2DA7000
|
trusted library allocation
|
page read and write
|
||
|
5D5A000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
40AF000
|
trusted library allocation
|
page read and write
|
||
|
1157000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CB1000
|
trusted library allocation
|
page read and write
|
||
|
31AB000
|
trusted library allocation
|
page read and write
|
||
|
2D47000
|
trusted library allocation
|
page read and write
|
||
|
4D8C000
|
stack
|
page read and write
|
||
|
2D79000
|
trusted library allocation
|
page read and write
|
||
|
2D8C000
|
trusted library allocation
|
page read and write
|
||
|
2D4B000
|
trusted library allocation
|
page read and write
|
||
|
1152000
|
trusted library allocation
|
page read and write
|
||
|
FCD000
|
stack
|
page read and write
|
||
|
320F000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
4019000
|
trusted library allocation
|
page read and write
|
||
|
1134000
|
trusted library allocation
|
page read and write
|
||
|
668D000
|
stack
|
page read and write
|
||
|
2D81000
|
trusted library allocation
|
page read and write
|
||
|
11C7000
|
heap
|
page read and write
|
||
|
54FE000
|
stack
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
2B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
319D000
|
trusted library allocation
|
page read and write
|
||
|
678C000
|
stack
|
page read and write
|
||
|
115A000
|
trusted library allocation
|
page execute and read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
567E000
|
stack
|
page read and write
|
||
|
3143000
|
trusted library allocation
|
page read and write
|
||
|
5D88000
|
heap
|
page read and write
|
||
|
2DAD000
|
trusted library allocation
|
page read and write
|
||
|
2E8E000
|
trusted library allocation
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page execute and read and write
|
||
|
67A0000
|
heap
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
2D7D000
|
trusted library allocation
|
page read and write
|
||
|
2E52000
|
trusted library allocation
|
page read and write
|
||
|
55FF000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1198000
|
heap
|
page read and write
|
||
|
113D000
|
trusted library allocation
|
page execute and read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
A60000
|
unkown
|
page readonly
|
||
|
117B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D17000
|
trusted library allocation
|
page read and write
|
||
|
2CF9000
|
trusted library allocation
|
page read and write
|
||
|
2F2F000
|
trusted library allocation
|
page read and write
|
||
|
2D13000
|
trusted library allocation
|
page read and write
|
||
|
3E73000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
138C000
|
stack
|
page read and write
|
||
|
2E8A000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2D39000
|
trusted library allocation
|
page read and write
|
||
|
2D53000
|
trusted library allocation
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
2F97000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
329D000
|
trusted library allocation
|
page read and write
|
||
|
2D6D000
|
trusted library allocation
|
page read and write
|
||
|
2D05000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library section
|
page read and write
|
||
|
1172000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
5CE3000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
2D4F000
|
trusted library allocation
|
page read and write
|
||
|
593D000
|
stack
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
A62000
|
unkown
|
page readonly
|
||
|
53BD000
|
stack
|
page read and write
|
||
|
5270000
|
heap
|
page execute and read and write
|
||
|
5A7D000
|
stack
|
page read and write
|
||
|
2D0B000
|
trusted library allocation
|
page read and write
|
||
|
5D8C000
|
heap
|
page read and write
|
||
|
2D5C000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
3095000
|
trusted library allocation
|
page read and write
|
||
|
3107000
|
trusted library allocation
|
page read and write
|
||
|
54BC000
|
stack
|
page read and write
|
||
|
1177000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CB8000
|
trusted library allocation
|
page read and write
|
||
|
326C000
|
trusted library allocation
|
page read and write
|
||
|
2ED4000
|
trusted library allocation
|
page read and write
|
||
|
5D6C000
|
heap
|
page read and write
|
||
|
2D0F000
|
trusted library allocation
|
page read and write
|
||
|
57FD000
|
stack
|
page read and write
|
||
|
5FEE000
|
stack
|
page read and write
|
||
|
2D35000
|
trusted library allocation
|
page read and write
|
||
|
5E6D000
|
stack
|
page read and write
|
||
|
31DF000
|
trusted library allocation
|
page read and write
|
||
|
3D78000
|
trusted library allocation
|
page read and write
|
||
|
119E000
|
heap
|
page read and write
|
||
|
1133000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
2D88000
|
trusted library allocation
|
page read and write
|
||
|
2CB1000
|
trusted library allocation
|
page read and write
|
||
|
5D47000
|
heap
|
page read and write
|
||
|
2D2A000
|
trusted library allocation
|
page read and write
|
||
|
2DBA000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
1167000
|
heap
|
page read and write
|
||
|
3267000
|
trusted library allocation
|
page read and write
|
||
|
2CF2000
|
trusted library allocation
|
page read and write
|
||
|
307B000
|
trusted library allocation
|
page read and write
|
||
|
2B30000
|
trusted library allocation
|
page read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
5CDC000
|
stack
|
page read and write
|
||
|
5BDD000
|
stack
|
page read and write
|
There are 147 hidden memdumps, click here to show them.