Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\PacketHandlerFramework.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\PacketHandlerFramework.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\PacketHandlerFramework.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A75000
|
heap
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
66D000
|
stack
|
page read and write
|
||
|
B2F000
|
stack
|
page read and write
|
||
|
5C44000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
2D17000
|
heap
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
2A59000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2A5E000
|
heap
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
44DF000
|
stack
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
2A59000
|
heap
|
page read and write
|
||
|
83B000
|
heap
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
445F000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
2A59000
|
heap
|
page read and write
|
||
|
25D9000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
2A59000
|
heap
|
page read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
76D000
|
stack
|
page read and write
|
||
|
2D1A000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2A3A000
|
heap
|
page read and write
|
||
|
5C80000
|
heap
|
page read and write
|
||
|
82E000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
436F000
|
stack
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
2A7D000
|
heap
|
page read and write
|
||
|
83F000
|
heap
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
2A61000
|
heap
|
page read and write
|
||
|
5C70000
|
heap
|
page read and write
|
||
|
2A5D000
|
heap
|
page read and write
|
||
|
2A54000
|
heap
|
page read and write
|
||
|
2A50000
|
heap
|
page read and write
|
There are 38 hidden memdumps, click here to show them.