popup
procMemory | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Process Memory

Process memory dump for EXCEL.EXE (PID 2032, dump 1)

Yara signatures matches on process memory

Match: schtasks_Zero

  • cwBjAGgAdABhAHMAawBzAA== (schtasks)

Match: Generic_PWS_Memory_Zero

  • UGFzc3dvcmQ= (Password)
  • cGFzc3dvcmQ= (password)

URLs found in process memory 
    http://www.microsoft.com/pki/certs/CSPCA.crt0
    http://purl.org/dc/elements/1.1/
    http://office.microsoft.com
    http://www.microsoft.com/pki/certs/tspca.crt0