Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\Newtonsoft.Json.ni.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Newtonsoft.Json.ni.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\Newtonsoft.Json.ni.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.nuget.org/packages/Newtonsoft.Json.Bson
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
https://www.newtonsoft.com/jsonschema
|
unknown
|
||
|
https://github.com/JamesNK/Newtonsoft.Json
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B08000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
2B04000
|
heap
|
page read and write
|
||
|
276A000
|
stack
|
page read and write
|
||
|
2B11000
|
heap
|
page read and write
|
||
|
7EE000
|
stack
|
page read and write
|
||
|
2B08000
|
heap
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
CEF000
|
stack
|
page read and write
|
||
|
2B0C000
|
heap
|
page read and write
|
||
|
F9F000
|
stack
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
2B08000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
2E3A000
|
heap
|
page read and write
|
||
|
DAF000
|
heap
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
465F000
|
stack
|
page read and write
|
||
|
2E36000
|
heap
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
DAB000
|
heap
|
page read and write
|
||
|
2B1E000
|
heap
|
page read and write
|
||
|
2B0D000
|
heap
|
page read and write
|
||
|
72D000
|
stack
|
page read and write
|
||
|
2B11000
|
heap
|
page read and write
|
||
|
2B08000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
5F14000
|
heap
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
2B05000
|
heap
|
page read and write
|
||
|
2B12000
|
heap
|
page read and write
|
||
|
5F10000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2ACE000
|
stack
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
27AC000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
There are 38 hidden memdumps, click here to show them.