Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SharedUtils.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SharedUtils.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SharedUtils.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CAE000
|
stack
|
page read and write
|
||
|
2DDD000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
27E9000
|
stack
|
page read and write
|
||
|
2DD8000
|
heap
|
page read and write
|
||
|
84F000
|
stack
|
page read and write
|
||
|
2DDF000
|
heap
|
page read and write
|
||
|
2DF3000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
2DDD000
|
heap
|
page read and write
|
||
|
2DD9000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2DD8000
|
heap
|
page read and write
|
||
|
2BAA000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
51F000
|
heap
|
page read and write
|
||
|
2BA7000
|
heap
|
page read and write
|
||
|
18D000
|
stack
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
5E54000
|
heap
|
page read and write
|
||
|
2DD5000
|
heap
|
page read and write
|
||
|
2DDE000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
6290000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2BFD000
|
stack
|
page read and write
|
||
|
2DD9000
|
heap
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
2DDF000
|
heap
|
page read and write
|
||
|
2DD4000
|
heap
|
page read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
2DBA000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
2DD8000
|
heap
|
page read and write
|
||
|
2DF5000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
2DD8000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
There are 38 hidden memdumps, click here to show them.