Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\WebCompanion.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WebCompanion.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\WebCompanion.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://rt.webcompanion.com/notifications/download/rt/searchenginetemplate.xml
|
unknown
|
||
|
http://crl.entrust.net/g2ca.crl0;
|
unknown
|
||
|
http://ocsp.entrust.net05
|
unknown
|
||
|
https://search-get.com/wc/search?q=
|
unknown
|
||
|
http://ocsp.entrust.net00
|
unknown
|
||
|
http://crl.entrust.net/evcs1.crl0
|
unknown
|
||
|
https://www.search-get.com/favicon.ico
|
unknown
|
||
|
http://system.data.sqlite.org/X
|
unknown
|
||
|
http://www.entrust.net/rpa0
|
unknown
|
||
|
http://aia.entrust.net/evcs1-chain256.cer01
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
http://dkf201.com%http://wzp9182.comIhttp://d2vtta4ibs40qt.cloudfront.netI1f667d94-35d0-4958-aa21-54
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
||
|
http://system.data.sqlite.org/
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
11F0000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
B30000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
D3F000
|
heap
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
D5C000
|
heap
|
page read and write
|
||
|
11FB000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
E5D000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
142F000
|
stack
|
page read and write
|
||
|
D33000
|
heap
|
page read and write
|
||
|
D1A000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
6610000
|
trusted library allocation
|
page read and write
|
||
|
7A9000
|
stack
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
D44000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
7EC000
|
stack
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
6150000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
D2C000
|
heap
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
F5D000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
C96000
|
heap
|
page read and write
|
||
|
11FF000
|
heap
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
D38000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
6154000
|
heap
|
page read and write
|
||
|
D54000
|
heap
|
page read and write
|
||
|
C9A000
|
heap
|
page read and write
|
||
|
D43000
|
heap
|
page read and write
|
||
|
10EE000
|
stack
|
page read and write
|
There are 39 hidden memdumps, click here to show them.