Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\PacketParser.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PacketParser.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PacketParser.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F0B000
|
heap
|
page read and write
|
||
|
B3D000
|
stack
|
page read and write
|
||
|
2A4D000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
2A4F000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
5C80000
|
heap
|
page read and write
|
||
|
2A49000
|
heap
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
2A2A000
|
heap
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
10FF000
|
stack
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
2A65000
|
heap
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
26C9000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
F0F000
|
heap
|
page read and write
|
||
|
2A4D000
|
heap
|
page read and write
|
||
|
2A45000
|
heap
|
page read and write
|
||
|
2A44000
|
heap
|
page read and write
|
||
|
2BB0000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
270C000
|
stack
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
61A0000
|
trusted library allocation
|
page read and write
|
||
|
2A4E000
|
heap
|
page read and write
|
||
|
2D5A000
|
heap
|
page read and write
|
||
|
2A48000
|
heap
|
page read and write
|
||
|
5D24000
|
heap
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
2D57000
|
heap
|
page read and write
|
||
|
457F000
|
stack
|
page read and write
|
||
|
45BE000
|
stack
|
page read and write
|
||
|
A3D000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
There are 41 hidden memdumps, click here to show them.