Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\nFCO4kIQS2.exe
|
"C:\Users\user\Desktop\nFCO4kIQS2.exe"
|
 |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://login.microsoftonline.com/0
|
unknown
|
||
|
https://login.microsoftonline.com/error?code=70000
|
unknown
|
||
|
https://login.microsoftonline.com/V
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/tokenlll
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/tokenlllP
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/tokenndconnroutehelper.dll
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/tokenLocald
|
unknown
|
||
|
https://login.microsoftonline.com/e
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/token8R
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/tokenXR
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/token
|
unknown
|
||
|
https://login.microsoftonline.com/common/oauth2/v2.0/token.dlls
|
unknown
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
login.microsoftonline.com
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive
|
quent-application
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2186000
|
stack
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
2040000
|
remote allocation
|
page read and write
|
||
|
2B6B000
|
stack
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
666000
|
heap
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
615000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
2040000
|
remote allocation
|
page read and write
|
||
|
140119000
|
unkown
|
page readonly
|
||
|
140149000
|
unkown
|
page read and write
|
||
|
140000000
|
unkown
|
page readonly
|
||
|
61C000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
140149000
|
unkown
|
page write copy
|
||
|
296F000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
140178000
|
unkown
|
page readonly
|
||
|
14C000
|
stack
|
page read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
14015A000
|
unkown
|
page read and write
|
||
|
500000
|
unkown
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
606000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
57C000
|
heap
|
page read and write
|
||
|
2085000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
66E000
|
heap
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
140152000
|
unkown
|
page read and write
|
||
|
2060000
|
unkown
|
page execute read
|
||
|
500000
|
unkown
|
page execute read
|
||
|
140166000
|
unkown
|
page readonly
|
||
|
2040000
|
remote allocation
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
140119000
|
unkown
|
page readonly
|
||
|
615000
|
heap
|
page read and write
|
||
|
2A6D000
|
stack
|
page read and write
|
||
|
140166000
|
unkown
|
page readonly
|
||
|
140178000
|
unkown
|
page readonly
|
There are 42 hidden memdumps, click here to show them.