Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\NetworkWrapper.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\NetworkWrapper.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\NetworkWrapper.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
121F000
|
stack
|
page read and write
|
||
|
2925000
|
heap
|
page read and write
|
||
|
290F000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
288A000
|
heap
|
page read and write
|
||
|
28CE000
|
stack
|
page read and write
|
||
|
2887000
|
heap
|
page read and write
|
||
|
5FC0000
|
trusted library allocation
|
page read and write
|
||
|
5C74000
|
heap
|
page read and write
|
||
|
131F000
|
stack
|
page read and write
|
||
|
28FD000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
5BA0000
|
heap
|
page read and write
|
||
|
2910000
|
heap
|
page read and write
|
||
|
440F000
|
stack
|
page read and write
|
||
|
290F000
|
heap
|
page read and write
|
||
|
259C000
|
stack
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
2924000
|
heap
|
page read and write
|
||
|
42CE000
|
stack
|
page read and write
|
||
|
2915000
|
heap
|
page read and write
|
||
|
2914000
|
heap
|
page read and write
|
||
|
2559000
|
stack
|
page read and write
|
||
|
430F000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
292D000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
2904000
|
heap
|
page read and write
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
428E000
|
stack
|
page read and write
|
||
|
434E000
|
stack
|
page read and write
|
||
|
F5B000
|
heap
|
page read and write
|
||
|
ADD000
|
stack
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
2914000
|
heap
|
page read and write
|
||
|
43CE000
|
stack
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2916000
|
heap
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
28EA000
|
heap
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
438F000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
F5F000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
F67000
|
heap
|
page read and write
|
There are 43 hidden memdumps, click here to show them.