Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ciscovideoguard.exe
|
'C:\Users\user\Desktop\ciscovideoguard.exe'
|
 |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
|
|
|
http://www.symauth.com/cps0(
|
unknown
|
|
|
|
http://www.symauth.com/rpa00
|
unknown
|
|
|
|
http://ocsp.thawte.com0
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF53B74E000
|
unkown
|
page readonly
|
|
|
|
7FF53B41F000
|
unkown
|
page readonly
|
|
|
|
7FF56523D000
|
unkown
|
page readonly
|
|
|
|
7FF5651EB000
|
unkown
|
page readonly
|
|
|
|
9AC000
|
unkown image
|
page execute read
|
|
|
|
24182B13000
|
unkown
|
page read and write
|
|
|
|
889F76E000
|
unkown
|
page read and write
|
|
|
|
24182A6C000
|
unkown
|
page read and write
|
|
|
|
7FF565193000
|
unkown
|
page readonly
|
|
|
|
21898413000
|
unkown
|
page read and write
|
|
|
|
BEA000
|
heap default
|
page read and write
|
|
|
|
889FB7E000
|
unkown
|
page read and write
|
|
|
|
7FF53B7BE000
|
unkown
|
page readonly
|
|
|
|
7FF5653E2000
|
unkown
|
page readonly
|
|
|
|
9E6000
|
unkown image
|
page read and write
|
|
|
|
7FF53B516000
|
unkown
|
page readonly
|
|
|
|
7FF56535E000
|
unkown
|
page readonly
|
|
|
|
7FF565369000
|
unkown
|
page readonly
|
|
|
|
7FF564EB6000
|
unkown
|
page readonly
|
|
|
|
580000
|
unkown
|
page readonly
|
|
|
|
7FF53B658000
|
unkown
|
page readonly
|
|
|
|
3B83775000
|
unkown
|
page read and write
|
|
|
|
7FF5649F0000
|
unkown
|
page readonly
|
|
|
|
241844E0000
|
unkown
|
page read and write
|
|
|
|
8F1000
|
unkown image
|
page execute read
|
|
|
|
7FF565141000
|
unkown
|
page readonly
|
|
|
|
7FF53B7A4000
|
unkown
|
page readonly
|
|
|
|
7FF564EC5000
|
unkown
|
page readonly
|
|
|
|
7FF564EB0000
|
unkown
|
page readonly
|
|
|
|
7FF53AFB1000
|
unkown
|
page readonly
|
|
|
|
21898502000
|
unkown
|
page read and write
|
|
|
|
7FF5652EA000
|
unkown
|
page readonly
|
|
|
|
24182A6D000
|
unkown
|
page read and write
|
|
|
|
7FF53B571000
|
unkown
|
page readonly
|
|
|
|
3B8367E000
|
unkown
|
page read and write
|
|
|
|
9B9000
|
unkown image
|
page execute read
|
|
|
|
7FF565067000
|
unkown
|
page readonly
|
|
|
|
7FF53B7C6000
|
unkown
|
page readonly
|
|
|
|
7FF53B713000
|
unkown
|
page readonly
|
|
|
|
7FF565358000
|
unkown
|
page readonly
|
|
|
|
24182A29000
|
unkown
|
page read and write
|
|
|
|
7FF56525C000
|
unkown
|
page readonly
|
|
|
|
7FF53B7B8000
|
unkown
|
page readonly
|
|
|
|
21898455000
|
unkown
|
page read and write
|
|
|
|
9D4000
|
unkown image
|
page readonly
|
|
|
|
7FF53B7C1000
|
unkown
|
page readonly
|
|
|
|
24182A6A000
|
unkown
|
page read and write
|
|
|
|
7FF53B41A000
|
unkown
|
page readonly
|
|
|
|
24182A67000
|
unkown
|
page read and write
|
|
|
|
3B8338D000
|
unkown
|
page read and write
|
|
|
|
24182A6A000
|
unkown
|
page read and write
|
|
|
|
889F6EB000
|
unkown
|
page read and write
|
|
|
|
2189843C000
|
unkown
|
page read and write
|
|
|
|
7FF5652EE000
|
unkown
|
page readonly
|
|
|
|
7FF5652DC000
|
unkown
|
page readonly
|
|
|
|
7CE000
|
stack
|
page read and write
|
|
|
|
7FF53B7CD000
|
unkown
|
page readonly
|
|
|
|
7FF53B7C9000
|
unkown
|
page readonly
|
|
|
|
9EE000
|
unkown image
|
page readonly
|
|
|
|
7FF53B750000
|
unkown
|
page readonly
|
|
|
|
7FF53B77F000
|
unkown
|
page readonly
|
|
|
|
9BC000
|
unkown image
|
page readonly
|
|
|
|
7FF53B50B000
|
unkown
|
page readonly
|
|
|
|
24182A02000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
24182B00000
|
unkown
|
page read and write
|
|
|
|
7FF5651D1000
|
unkown
|
page readonly
|
|
|
|
21898990000
|
unkown
|
page read and write
|
|
|
|
24182990000
|
heap private
|
page read and write
|
|
|
|
7FF5653D4000
|
unkown
|
page readonly
|
|
|
|
7FF53B575000
|
unkown
|
page readonly
|
|
|
|
80E000
|
unkown
|
page read and write
|
|
|
|
BE0000
|
heap default
|
page read and write
|
|
|
|
218983F0000
|
unkown
|
page readonly
|
|
|
|
7FF565254000
|
unkown
|
page readonly
|
|
|
|
7FF53B427000
|
unkown
|
page readonly
|
|
|
|
21898C00000
|
unkown
|
page readonly
|
|
|
|
24182A3F000
|
unkown
|
page read and write
|
|
|
|
7FF53B788000
|
unkown
|
page readonly
|
|
|
|
7FF53B79A000
|
unkown
|
page readonly
|
|
|
|
7FF53B631000
|
unkown
|
page readonly
|
|
|
|
7FF565334000
|
unkown
|
page readonly
|
|
|
|
889FAF9000
|
unkown
|
page read and write
|
|
|
|
9ED000
|
unkown image
|
page readonly
|
|
|
|
2189842A000
|
unkown
|
page read and write
|
|
|
|
7FF53B7AE000
|
unkown
|
page readonly
|
|
|
|
21898230000
|
heap default
|
page read and write
|
|
|
|
69E000
|
unkown
|
page read and write
|
|
|
|
7FF53B75B000
|
unkown
|
page readonly
|
|
|
|
7FF53B5A9000
|
unkown
|
page readonly
|
|
|
|
21898310000
|
unkown
|
page readonly
|
|
|
|
650000
|
unkown
|
page read and write
|
|
|
|
53C000
|
stack
|
page read and write
|
|
|
|
24182A56000
|
unkown
|
page read and write
|
|
|
|
2189844F000
|
unkown
|
page read and write
|
|
|
|
7FF53B653000
|
unkown
|
page readonly
|
|
|
|
7FF53B794000
|
unkown
|
page readonly
|
|
|
|
7FF5652DA000
|
unkown
|
page readonly
|
|
|
|
7FF5653E1000
|
unkown
|
page readonly
|
|
|
|
9E5000
|
unkown image
|
page readonly
|
|
|
|
21898488000
|
unkown
|
page read and write
|
|
|
|
24182A6A000
|
unkown
|
page read and write
|
|
|
|
889FBFE000
|
unkown
|
page read and write
|
|
|
|
7FF565243000
|
unkown
|
page readonly
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
7FF53B64B000
|
unkown
|
page readonly
|
|
|
|
24182A67000
|
unkown
|
page read and write
|
|
|
|
7FF56534F000
|
unkown
|
page readonly
|
|
|
|
7FF5652F0000
|
unkown
|
page readonly
|
|
|
|
7FF5653DA000
|
unkown
|
page readonly
|
|
|
|
241829F0000
|
heap default
|
page read and write
|
|
|
|
21898A02000
|
unkown
|
page read and write
|
|
|
|
7FF5652F5000
|
unkown
|
page readonly
|
|
|
|
3B8387B000
|
unkown
|
page read and write
|
|
|
|
7FF5652FB000
|
unkown
|
page readonly
|
|
|
|
7FF565307000
|
unkown
|
page readonly
|
|
|
|
AFF000
|
stack
|
page read and write
|
|
|
|
9F1000
|
unkown image
|
page readonly
|
|
|
|
24182A34000
|
unkown
|
page read and write
|
|
|
|
24182B02000
|
unkown
|
page read and write
|
|
|
|
7FF565327000
|
unkown
|
page readonly
|
|
|
|
241845E0000
|
unkown
|
page readonly
|
|
|
|
7FF56536D000
|
unkown
|
page readonly
|
|
|
|
24182C00000
|
unkown
|
page readonly
|
|
|
|
3B8330C000
|
unkown
|
page read and write
|
|
|
|
21898513000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
9B9000
|
unkown image
|
page execute read
|
|
|
|
7FF53B755000
|
unkown
|
page readonly
|
|
|
|
3B83AFE000
|
unkown
|
page read and write
|
|
|
|
9E7000
|
unkown image
|
page write copy
|
|
|
|
7FF53B6F0000
|
unkown
|
page readonly
|
|
|
|
7FF53B74A000
|
unkown
|
page readonly
|
|
|
|
24182A00000
|
unkown
|
page read and write
|
|
|
|
24182A6A000
|
unkown
|
page read and write
|
|
|
|
21898F40000
|
unkown
|
page readonly
|
|
|
|
43D000
|
unkown
|
page read and write
|
|
|
|
9AC000
|
unkown image
|
page execute read
|
|
|
|
3B839F7000
|
unkown
|
page read and write
|
|
|
|
8F1000
|
unkown image
|
page execute read
|
|
|
|
7FF53B834000
|
unkown
|
page readonly
|
|
|
|
7FF53B841000
|
unkown
|
page readonly
|
|
|
|
21898508000
|
unkown
|
page read and write
|
|
|
|
24182A6A000
|
unkown
|
page read and write
|
|
|
|
21898400000
|
unkown
|
page read and write
|
|
|
|
24182A13000
|
unkown
|
page read and write
|
|
|
|
7FF53B83A000
|
unkown
|
page readonly
|
|
|
|
9F1000
|
unkown image
|
page readonly
|
|
|
|
3B83BFD000
|
unkown
|
page read and write
|
|
|
|
9D4000
|
unkown image
|
page readonly
|
|
|
|
7FF565344000
|
unkown
|
page readonly
|
|
|
|
24182D20000
|
unkown
|
page readonly
|
|
|
|
3B838FF000
|
unkown
|
page read and write
|
|
|
|
7FF53B767000
|
unkown
|
page readonly
|
|
|
|
7FF53B842000
|
unkown
|
page readonly
|
|
|
|
7FF56531C000
|
unkown
|
page readonly
|
|
|
|
6C0000
|
heap default
|
page read and write
|
|
|
|
7FF53B77C000
|
unkown
|
page readonly
|
|
|
|
9BC000
|
unkown image
|
page readonly
|
|
|
|
889FA7A000
|
unkown
|
page read and write
|
|
|
|
24182A6D000
|
unkown
|
page read and write
|
|
|
|
24182A6C000
|
unkown
|
page read and write
|
|
|
|
21898240000
|
unkown
|
page readonly
|
|
|
|
21898600000
|
unkown
|
page readonly
|
|
|
|
7FF565366000
|
unkown
|
page readonly
|
|
|
|
9ED000
|
unkown image
|
page read and write
|
|
|
|
24182CD0000
|
unkown
|
page write copy
|
|
|
|
7FF53B6F2000
|
unkown
|
page readonly
|
|
|
|
889F7EE000
|
unkown
|
page read and write
|
|
|
|
2189846E000
|
unkown
|
page read and write
|
|
|
|
24182A6E000
|
unkown
|
page read and write
|
|
|
|
7FF56531F000
|
unkown
|
page readonly
|
|
|
|
332000
|
unkown
|
page read and write
|
|
|
|
7FF53B40C000
|
unkown
|
page readonly
|
|
|
|
9E5000
|
unkown image
|
page readonly
|
|
|
|
24182A67000
|
unkown
|
page read and write
|
|
|
|
218981D0000
|
heap private
|
page read and write
|
|
|
|
24182F20000
|
unkown
|
page readonly
|
|
|
|
21898500000
|
unkown
|
page read and write
|
|
|
|
7FF56533A000
|
unkown
|
page readonly
|
|
|
|
7FF5651EE000
|
unkown
|
page readonly
|
|
|
|
7FF53AFAD000
|
unkown
|
page readonly
|
|
|
|
9E6000
|
unkown image
|
page write copy
|
|
There are 173 hidden memdumps, click here to show them.