Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\J4o8OaYTEF.dll"
|
 |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\J4o8OaYTEF.dll",#1
|
||
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\J4o8OaYTEF.dll
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\J4o8OaYTEF.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\J4o8OaYTEF.dll,DllGetClassObject
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\J4o8OaYTEF.dll,DllMain
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\J4o8OaYTEF.dll,DllRegisterServer
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://20.25.126.96:443/whI5
|
|
||
|
http://20.25.126.96/whI5
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2093EAE0000
|
unclassified section
|
page execute read
|
|
|
|
1B9F2520000
|
unclassified section
|
page execute read
|
|
|
|
2004A240000
|
unclassified section
|
page execute read
|
|
|
|
1B58F980000
|
unclassified section
|
page execute read
|
|
|
|
24745F80000
|
unclassified section
|
page execute read
|
|
|
|
9E3487C000
|
stack
|
page read and write
|
||
|
1B58FA80000
|
heap
|
page read and write
|
||
|
24746170000
|
heap
|
page read and write
|
||
|
CEA59FA000
|
stack
|
page read and write
|
||
|
2093EB20000
|
heap
|
page read and write
|
||
|
9E348FF000
|
stack
|
page read and write
|
||
|
CEA53DC000
|
stack
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
2093EB2D000
|
heap
|
page read and write
|
||
|
2093EAB0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
24744760000
|
heap
|
page read and write
|
||
|
13D94FE000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1B9F2530000
|
heap
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
1B58DF60000
|
heap
|
page read and write
|
||
|
1B9F27F0000
|
heap
|
page read and write
|
||
|
1B9F27F5000
|
heap
|
page read and write
|
||
|
24744795000
|
heap
|
page read and write
|
||
|
9E34A7D000
|
stack
|
page read and write
|
||
|
AE65D7D000
|
stack
|
page read and write
|
||
|
2004A260000
|
heap
|
page read and write
|
||
|
24744740000
|
heap
|
page read and write
|
||
|
1B9F2538000
|
heap
|
page read and write
|
||
|
2004A1A0000
|
heap
|
page read and write
|
||
|
24744660000
|
heap
|
page read and write
|
||
|
24744560000
|
heap
|
page read and write
|
||
|
1B9F24D0000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
AE659EF000
|
stack
|
page read and write
|
||
|
1B58E040000
|
heap
|
page read and write
|
||
|
210592E000
|
stack
|
page read and write
|
||
|
1B58E140000
|
heap
|
page read and write
|
||
|
CEA56FE000
|
stack
|
page read and write
|
||
|
1B9F24F0000
|
heap
|
page read and write
|
||
|
2004A268000
|
heap
|
page read and write
|
||
|
24744790000
|
heap
|
page read and write
|
||
|
2004A520000
|
heap
|
page read and write
|
||
|
CEA57FF000
|
stack
|
page read and write
|
||
|
21059AE000
|
stack
|
page read and write
|
||
|
1B58E1C0000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
1B9F2552000
|
heap
|
page read and write
|
||
|
2093ED90000
|
heap
|
page read and write
|
||
|
1B58E04F000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
21058AC000
|
stack
|
page read and write
|
||
|
1B9F3E60000
|
heap
|
page read and write
|
||
|
1B58E1C5000
|
heap
|
page read and write
|
||
|
9E3497F000
|
stack
|
page read and write
|
||
|
2004A1B0000
|
heap
|
page read and write
|
||
|
CEA58FE000
|
stack
|
page read and write
|
||
|
2004A555000
|
heap
|
page read and write
|
||
|
AE65C7F000
|
stack
|
page read and write
|
||
|
2004A550000
|
heap
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
CEA5BFF000
|
stack
|
page read and write
|
||
|
1B58E048000
|
heap
|
page read and write
|
||
|
1B9F23F0000
|
heap
|
page read and write
|
||
|
1B58E062000
|
heap
|
page read and write
|
||
|
C7B000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
13D957E000
|
stack
|
page read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
24744568000
|
heap
|
page read and write
|
||
|
13D947C000
|
stack
|
page read and write
|
||
|
2093EA80000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
C90000
|
heap
|
page read and write
|
||
|
2093EB38000
|
heap
|
page read and write
|
||
|
24744584000
|
heap
|
page read and write
|
||
|
2105CFD000
|
stack
|
page read and write
|
||
|
AE6596C000
|
stack
|
page read and write
|
||
|
2093EA90000
|
heap
|
page read and write
|
||
|
DC5000
|
heap
|
page read and write
|
||
|
1B58E160000
|
heap
|
page read and write
|
||
|
13D967D000
|
stack
|
page read and write
|
||
|
2093ED95000
|
heap
|
page read and write
|
||
|
CEA5AFF000
|
stack
|
page read and write
|
||
|
2004A1D0000
|
heap
|
page read and write
|
There are 76 hidden memdumps, click here to show them.