Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MetasploitEncod-B.26495.10712.dll"
|
 |
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win64.MetasploitEncod-B.26495.10712.dll,buf
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MetasploitEncod-B.26495.10712.dll",#1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MetasploitEncod-B.26495.10712.dll",#1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd
|
||
|
C:\Windows\System32\cmd.exe
|
cmd
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.208.158.176
|
unknown
|
Switzerland
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
14ECF510000
|
direct allocation
|
page execute and read and write
|
|
|
|
251F1770000
|
direct allocation
|
page execute and read and write
|
|
|
|
19540F00000
|
direct allocation
|
page execute and read and write
|
|
|
|
7FFE126D4000
|
unkown
|
page readonly
|
||
|
1B79574A000
|
heap
|
page read and write
|
||
|
7FFE126DA000
|
unkown
|
page read and write
|
||
|
14ECF520000
|
heap
|
page read and write
|
||
|
2BFDAFD0000
|
heap
|
page read and write
|
||
|
251F17A0000
|
heap
|
page read and write
|
||
|
7FFE126D4000
|
unkown
|
page readonly
|
||
|
251F1788000
|
heap
|
page read and write
|
||
|
251F1950000
|
heap
|
page read and write
|
||
|
93A9FF000
|
stack
|
page read and write
|
||
|
26482C80000
|
heap
|
page read and write
|
||
|
71BAAFF000
|
stack
|
page read and write
|
||
|
30B6B0A000
|
stack
|
page read and write
|
||
|
251F1780000
|
heap
|
page read and write
|
||
|
26482BA0000
|
heap
|
page read and write
|
||
|
BDD8F99000
|
stack
|
page read and write
|
||
|
7FFE126D3000
|
unkown
|
page read and write
|
||
|
7FFE126DE000
|
unkown
|
page readonly
|
||
|
19540E00000
|
heap
|
page read and write
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
2BFDACAB000
|
heap
|
page read and write
|
||
|
1B795950000
|
heap
|
page read and write
|
||
|
7FFE126D6000
|
unkown
|
page readonly
|
||
|
2BFDACA0000
|
heap
|
page read and write
|
||
|
30B6EFF000
|
unkown
|
page read and write
|
||
|
1B795850000
|
heap
|
page read and write
|
||
|
1B795970000
|
heap
|
page read and write
|
||
|
19540DC5000
|
heap
|
page read and write
|
||
|
93A8FE000
|
stack
|
page read and write
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
2BFDAE70000
|
heap
|
page read and write
|
||
|
D6D8AFF000
|
unkown
|
page read and write
|
||
|
30B6FFF000
|
stack
|
page read and write
|
||
|
14ECF529000
|
heap
|
page read and write
|
||
|
DCDCB7F000
|
stack
|
page read and write
|
||
|
251F1760000
|
heap
|
page read and write
|
||
|
7FFE126DE000
|
unkown
|
page readonly
|
||
|
D6D8BFF000
|
stack
|
page read and write
|
||
|
DCDCAFF000
|
stack
|
page read and write
|
||
|
2BFDAC80000
|
heap
|
page read and write
|
||
|
14ECF52D000
|
heap
|
page read and write
|
||
|
26482D70000
|
heap
|
page read and write
|
||
|
14ECF538000
|
heap
|
page read and write
|
||
|
7FFE126D3000
|
unkown
|
page read and write
|
||
|
26482A97000
|
heap
|
page read and write
|
||
|
1B795740000
|
heap
|
page read and write
|
||
|
14ECF430000
|
heap
|
page read and write
|
||
|
19540E08000
|
heap
|
page read and write
|
||
|
7FFE126D4000
|
unkown
|
page readonly
|
||
|
BDD92FE000
|
unkown
|
page read and write
|
||
|
14ECF740000
|
heap
|
page read and write
|
||
|
2BFDAEB0000
|
heap
|
page read and write
|
||
|
7FFE126DA000
|
unkown
|
page read and write
|
||
|
19540DD0000
|
heap
|
page read and write
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
7FFE126D6000
|
unkown
|
page readonly
|
||
|
7FFE126DA000
|
unkown
|
page read and write
|
||
|
251F1765000
|
heap
|
page read and write
|
||
|
14ECF640000
|
heap
|
page read and write
|
||
|
26482D80000
|
heap
|
page read and write
|
||
|
7FFE126DE000
|
unkown
|
page readonly
|
||
|
71BA78B000
|
stack
|
page read and write
|
||
|
DCDCA7B000
|
stack
|
page read and write
|
||
|
93A5EC000
|
stack
|
page read and write
|
||
|
BDD93FF000
|
stack
|
page read and write
|
||
|
19540DC0000
|
heap
|
page read and write
|
||
|
19540DA0000
|
heap
|
page read and write
|
||
|
14ECF620000
|
heap
|
page read and write
|
||
|
1B795AC0000
|
heap
|
page read and write
|
||
|
26482A90000
|
heap
|
page read and write
|
||
|
251F1730000
|
heap
|
page read and write
|
||
|
D6D8769000
|
stack
|
page read and write
|
||
|
26482CA0000
|
heap
|
page read and write
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
19540CC0000
|
heap
|
page read and write
|
||
|
2BFDAE90000
|
heap
|
page read and write
|
||
|
251F1720000
|
heap
|
page read and write
|
||
|
1B795930000
|
heap
|
page read and write
|
||
|
7FFE126D1000
|
unkown
|
page execute read
|
||
|
7FFE126D0000
|
unkown
|
page readonly
|
||
|
71BAA7F000
|
stack
|
page read and write
|
||
|
7FFE126D3000
|
unkown
|
page read and write
|
||
|
7FFE126D6000
|
unkown
|
page readonly
|
There are 76 hidden memdumps, click here to show them.