Process Memory

Yara signatures matches on process memory

Match: anti_dbg

• S0VSTkVMMzIuZGxs (KERNEL32.dll)
• SXNEZWJ1Z2dlclByZXNlbnQ= (IsDebuggerPresent)

---

URLs found in process memory

    http://s.symcb.com/universal-root.crl0
    http://s2.symcb.com0
    https://d.symcb.com/cps0%
    http://sv.symcb.com/sv.crt0
    http://ts-ocsp.ws.symantec.com0
    http://sv.symcb.com/sv.crl0a
    http://s.symcd.com06
    http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
    http://sv.symcd.com0
    http://www.symauth.com/rpa00
    http://s1.symcb.com/pca3-g5.crl0
    http://www.symauth.com/cps0(
    https://d.symcb.com/rpa0.
    https://d.symcb.com/rpa0
    http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0