Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\pDxGUuWkQt.exe
|
"C:\Users\user\Desktop\pDxGUuWkQt.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://120.46.149.112:8888/safekey
|
120.46.149.112
|
||
http://120.46.149.112/&=c
|
unknown
|
||
http://120.46.149.112:8888/safekeyfn
|
unknown
|
||
http://120.46.149.112:8888/safekey9n%
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
120.46.149.112
|
unknown
|
China
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2E994FF000
|
stack
|
page read and write
|
||
2E990FE000
|
stack
|
page read and write
|
||
174B96E0000
|
heap
|
page read and write
|
||
2E995FD000
|
stack
|
page read and write
|
||
2E996F8000
|
stack
|
page read and write
|
||
174B96B0000
|
heap
|
page read and write
|
||
7FF7D9201000
|
unkown
|
page execute read
|
||
2E993FE000
|
stack
|
page read and write
|
||
174B976C000
|
heap
|
page read and write
|
||
2E996FA000
|
stack
|
page read and write
|
||
2E98EFA000
|
stack
|
page read and write
|
||
174B97BB000
|
heap
|
page read and write
|
||
7FF7D9201000
|
unkown
|
page execute read
|
||
7FF7D9203000
|
unkown
|
page read and write
|
||
2E991FE000
|
stack
|
page read and write
|
||
2E992FF000
|
stack
|
page read and write
|
||
7FF7D9209000
|
unkown
|
page readonly
|
||
174B9760000
|
heap
|
page read and write
|
||
7FF7D9200000
|
unkown
|
page readonly
|
||
7FF7D9200000
|
unkown
|
page readonly
|
||
174B97C3000
|
heap
|
page read and write
|
||
7FF7D9209000
|
unkown
|
page readonly
|
||
174B97E6000
|
heap
|
page read and write
|
||
7FF7D9202000
|
unkown
|
page readonly
|
||
174B9720000
|
heap
|
page read and write
|
||
174B9725000
|
heap
|
page read and write
|
||
2E98FFE000
|
stack
|
page read and write
|
||
174B97DE000
|
heap
|
page read and write
|
||
174B96C0000
|
heap
|
page read and write
|
||
7FF7D9202000
|
unkown
|
page readonly
|
There are 20 hidden memdumps, click here to show them.