procMemory | ZeroBOX

Process memory dump for ETL_051179320007.exe (PID 2488, dump 1)

Extracted/injected images (may contain unpacked executables)
Download #1

Yara signatures matches on process memory

Match: Network_SMTP_dotNet

U210cENsaWVudA== (SmtpClient)
U3lzdGVtLk5ldC5NYWls (System.Net.Mail)

Match: KeyLogger

TWFwVmlydHVhbEtleQ== (MapVirtualKey)
dXNlcjMyLmRsbA== (user32.dll)

Match: DebuggerCheck__GlobalFlags

TnRHbG9iYWxGbGFncw== (NtGlobalFlags)

Match: DebuggerCheck__QueryInfo

UXVlcnlJbmZvcm1hdGlvblByb2Nlc3M= (QueryInformationProcess)

Match: DebuggerHiding__Thread

U2V0SW5mb3JtYXRpb25UaHJlYWQ= (SetInformationThread)

Match: DebuggerHiding__Active

RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)

Match: ThreadControl__Context

U2V0VGhyZWFkQ29udGV4dA== (SetThreadContext)

Match: SEH__vectored

QWRkVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (AddVectoredExceptionHandler)
UmVtb3ZlVmVjdG9yZWRFeGNlcHRpb25IYW5kbGVy (RemoveVectoredExceptionHandler)

Match: anti_dbg

RGVidWdBY3RpdmVQcm9jZXNz (DebugActiveProcess)
a2VybmVsMzIuZGxs (kernel32.dll)

Match: disable_dep

TnRTZXRJbmZvcm1hdGlvblByb2Nlc3M= (NtSetInformationProcess)
WndQcm90ZWN0VmlydHVhbE1lbW9yeQ== (ZwProtectVirtualMemory)

Match: win_hook

Q2FsbE5leHRIb29rRXg= (CallNextHookEx)
U2V0V2luZG93c0hvb2tFeEE= (SetWindowsHookExA)
VW5ob29rV2luZG93c0hvb2tFeA== (UnhookWindowsHookEx)
dXNlcjMyLmRsbA== (user32.dll)

Match: vmdetect_misc

VgBCAG8AeABHAHUAZQBzAHQA (VBoxGuest)
VgBCAG8AeABNAG8AdQBzAGUA (VBoxMouse)
VgBCAG8AeABTAEYA (VBoxSF)
VgBNAFQAbwBvAGwAcwA= (VMTools)
dgBiAG8AeAB0AHIAYQB5AA== (vboxtray)
dgBiAG8AeABzAGUAcgB2AGkAYwBlAA== (vboxservice)
dgBtAG0AbwB1AHMAZQA= (vmmouse)

URLs found in process memory

    https://github.githubassets.com/assets/chunk-metric-selection-element-45db9a2c.js
    https://github.githubassets.com/assets/chunk-invitations-966a2c1b.js
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de/archive/7fcc4aed117517be1f7c7ac7dde768ac98a3c266.zip
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de/raw/7fcc4aed117517be1f7c7ac7dde768ac98a3c266/modernizing-csharp9.md
    https://github.githubassets.com/assets/chunk-filter-input-62b45627.js
    https://github.githubassets.com/assets/chunk-contributions-spider-graph-3f6f54d2.js
    https://github.githubassets.com/assets/chunk-drag-drop-ea3fe848.js
    https://github.githubassets.com/assets/chunk-profile-pins-element-99ad0e3b.js
    https://github.com/
    https://gist.github.com/discover
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de/forks
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de.js
    https://github.githubassets.com/assets/chunk-codemirror-d0c668af.js
    https://github-cloud.s3.amazonaws.com/
    https://github.githubassets.com/assets/chunk-insights-graph-675c1cc8.js
    https://github.githubassets.com/assets/chunk-three.module-9ca6b751.js
    https://github.githubassets.com/assets/chunk-user-status-submit-50e14d5b.js
    https://github.githubassets.com/assets/chunk-severity-calculator-element-b64efa7a.js
    https://api.github.com/_private/browser/optimizely_client/errors
    https://github.githubassets.com/assets/chunk-jump-to-e0cc4642.js
    https://avatars.githubusercontent.com/
    https://gist.github.com/richlander
    http://schema.org/Code
    https://github.githubassets.com/assets/chunk-emoji-picker-element-6a2a8c20.js
    https://docs.microsoft.com/dotnet/api/system.diagnostics.codeanalysis.notnullwhenattribute
    https://github.githubassets.com/assets/chunk-edit-hook-secret-element-55249df9.js
    https://desktop.github.com/
    https://gist.github.com/search
    https://user-images.githubusercontent.com/
    https://github.githubassets.com/assets/chunk-tweetsodium-d6f499bf.js
    https://gist.github.com/richlander.atom
    https://github.githubassets.com/assets/chunk-readme-toc-element-7663f4a6.js
    https://github.githubassets.com/assets/chunk-launch-code-element-56d75ac0.js
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de/stargazers
    https://api.github.com/_private/browser/errors
    https://github.githubassets.com/assets/chunk-profile-860a1228.js
    https://gist.github.com/fluidicon.png
    https://github.githubassets.com/favicons/favicon-dark.svg
    https://github.githubassets.com/favicons/favicon-dark.png
    https://github.githubassets.com/assets/chunk-ref-selector-fdfc13a4.js
    https://collector.githubapp.com/github-external/browser_event
    https://github.githubassets.com/assets/chunk-runner-groups-496cb7e9.js
    https://gist.github.com/join?return_to=https%3A%2F%2Fgist.github.com%2Frichlander%2Fe3c0031e226ee06481668867955b82de
    https://gist.github.com/opensearch-gist.xml
    https://github.githubassets.com/assets/chunk-animate-on-scroll-e6d58a4a.js
    https://github.githubassets.com/
    https://gist.github.com/
    https://docs.github.com/articles/which-remote-url-should-i-use
    https://github.githubassets.com/assets/chunk-insights-query-830b4256.js
    https://github.githubassets.com/pinned-octocat.svg
    https://github.githubassets.com/images/modules/gists/gist-og-image.png
    https://gist.github.com/login?return_to=https%3A%2F%2Fgist.github.com%2Frichlander%2Fe3c0031e226ee06481668867955b82de
    https://gist.github.com/e3c0031e226ee06481668867955b82de.git
    https://github.githubassets.com/assets/chunk-toast-58af155f.js
    https://github.com/notifications/beta/shelf
    https://github.githubassets.com/assets/chunk-confetti-ef51d9bb.js
    https://gist.github.com/auth/github?return_to=https%3A%2F%2Fgist.github.com%2Frichlander%2Fe3c0031e226ee06481668867955b82de
    https://gist.github.com/richlander/e3c0031e226ee06481668867955b82de/revisions
    https://github.githubassets.com/assets/chunk-webgl-warp-70abbff9.js
    https://github.githubassets.com/assets/chunk-sortable-behavior-8fb3dbd4.js
    https://github.githubassets.com/assets/chunk-series-table-15c1fcdf.js
    https://gist.github.com/richlander/ca6567039906da4e1fcfba557b6ccb63
    https://api.github.com/_private/browser/stats