Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ResPrompt.dll.dll",#1
|
 |
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ResPrompt.dll.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\ResPrompt.dll.dll,DllUnregisterServer
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\ResPrompt.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\ResPrompt.dll.dll",#1
|
||
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\ResPrompt.dll.dll
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gibbooc2.com
|
154.21.14.89
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.21.14.89
|
gibbooc2.com
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F30BDAC000
|
stack
|
page read and write
|
||
|
6B9AAFF000
|
stack
|
page read and write
|
||
|
7FFDA3481000
|
unkown
|
page execute read
|
||
|
7FFDA34EE000
|
unkown
|
page readonly
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2375B445000
|
heap
|
page read and write
|
||
|
7FFDA350A000
|
unkown
|
page write copy
|
||
|
7FFDA34EE000
|
unkown
|
page readonly
|
||
|
4CD86FC000
|
stack
|
page read and write
|
||
|
1B00FF90000
|
heap
|
page read and write
|
||
|
E0F04AB000
|
stack
|
page read and write
|
||
|
1B00FF40000
|
heap
|
page read and write
|
||
|
2510000
|
heap
|
page read and write
|
||
|
1B00FFA8000
|
heap
|
page read and write
|
||
|
7FFDA3480000
|
unkown
|
page readonly
|
||
|
6B9AB7E000
|
stack
|
page read and write
|
||
|
2375CDE0000
|
heap
|
page read and write
|
||
|
17658FF5000
|
heap
|
page read and write
|
||
|
7FFDA3480000
|
unkown
|
page readonly
|
||
|
17658D08000
|
heap
|
page read and write
|
||
|
2375B450000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
7FFDA350E000
|
unkown
|
page readonly
|
||
|
2A78DBC0000
|
heap
|
page read and write
|
||
|
56B000
|
stack
|
page read and write
|
||
|
7FFDA350A000
|
unkown
|
page write copy
|
||
|
E0F08FC000
|
stack
|
page read and write
|
||
|
7FFDA3480000
|
unkown
|
page readonly
|
||
|
7FFDA3480000
|
unkown
|
page readonly
|
||
|
4CD88FF000
|
stack
|
page read and write
|
||
|
7FFDA3509000
|
unkown
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2A78D968000
|
heap
|
page read and write
|
||
|
7FFDA350B000
|
unkown
|
page read and write
|
||
|
E0F05AF000
|
stack
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
2A78D960000
|
heap
|
page read and write
|
||
|
7FFDA350E000
|
unkown
|
page readonly
|
||
|
E0F052E000
|
stack
|
page read and write
|
||
|
B75000
|
heap
|
page read and write
|
||
|
2375B440000
|
heap
|
page read and write
|
||
|
2A78DC15000
|
heap
|
page read and write
|
||
|
6B9AA7C000
|
stack
|
page read and write
|
||
|
2375B338000
|
heap
|
page read and write
|
||
|
7FFDA3481000
|
unkown
|
page execute read
|
||
|
2A78D930000
|
heap
|
page read and write
|
||
|
2375B230000
|
heap
|
page read and write
|
||
|
7FFDA34EE000
|
unkown
|
page readonly
|
||
|
7FFDA350E000
|
unkown
|
page readonly
|
||
|
17658FF0000
|
heap
|
page read and write
|
||
|
1B011A40000
|
heap
|
page read and write
|
||
|
7FFDA350B000
|
unkown
|
page read and write
|
||
|
2375B310000
|
heap
|
page read and write
|
||
|
1765A6F0000
|
heap
|
page read and write
|
||
|
17658B60000
|
heap
|
page read and write
|
||
|
7FFDA3481000
|
unkown
|
page execute read
|
||
|
7FFDA3509000
|
unkown
|
page read and write
|
||
|
7FFDA3481000
|
unkown
|
page execute read
|
||
|
2A78D900000
|
heap
|
page read and write
|
||
|
2A78D910000
|
heap
|
page read and write
|
||
|
1B00FF9D000
|
heap
|
page read and write
|
||
|
1B011900000
|
heap
|
page read and write
|
||
|
F30C07F000
|
stack
|
page read and write
|
||
|
2A78DC10000
|
heap
|
page read and write
|
||
|
1B00FF30000
|
heap
|
page read and write
|
||
|
7FFDA350E000
|
unkown
|
page readonly
|
||
|
7FFDA350B000
|
unkown
|
page read and write
|
||
|
F30C0FF000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
4CD87FF000
|
stack
|
page read and write
|
||
|
7FFDA3509000
|
unkown
|
page read and write
|
||
|
84B000
|
heap
|
page read and write
|
||
|
7FFDA350E000
|
unkown
|
page readonly
|
||
|
E0F097C000
|
stack
|
page read and write
|
||
|
7FFDA350A000
|
unkown
|
page write copy
|
||
|
7FFDA350A000
|
unkown
|
page write copy
|
||
|
7FFDA3509000
|
unkown
|
page read and write
|
||
|
7FFDA350A000
|
unkown
|
page write copy
|
||
|
7FFDA3509000
|
unkown
|
page read and write
|
||
|
2375B330000
|
heap
|
page read and write
|
||
|
17658C60000
|
heap
|
page read and write
|
||
|
7FFDA3481000
|
unkown
|
page execute read
|
||
|
800000
|
heap
|
page read and write
|
||
|
7FFDA350B000
|
unkown
|
page read and write
|
||
|
7FFDA34EE000
|
unkown
|
page readonly
|
||
|
17658C40000
|
heap
|
page read and write
|
||
|
1B00FF99000
|
heap
|
page read and write
|
||
|
7FFDA350B000
|
unkown
|
page read and write
|
||
|
17658D00000
|
heap
|
page read and write
|
||
|
7FFDA3480000
|
unkown
|
page readonly
|
||
|
7FFDA34EE000
|
unkown
|
page readonly
|
There are 81 hidden memdumps, click here to show them.