Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\e.dll"
|
 |
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\e.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\e.dll",#1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
206.23.85.13.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E3F000
|
unkown
|
page readonly
|
||
|
4B3D000
|
direct allocation
|
page read and write
|
||
|
E65000
|
unkown
|
page write copy
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
E31000
|
unkown
|
page execute read
|
||
|
6420000
|
heap
|
page read and write
|
||
|
A6F000
|
heap
|
page read and write
|
||
|
8FD000
|
stack
|
page read and write
|
||
|
6454000
|
heap
|
page read and write
|
||
|
2DBA000
|
heap
|
page read and write
|
||
|
4731000
|
direct allocation
|
page read and write
|
||
|
68E0000
|
trusted library allocation
|
page read and write
|
||
|
2A6E000
|
heap
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
2A5A000
|
heap
|
page read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
279A000
|
stack
|
page read and write
|
||
|
2C30000
|
heap
|
page read and write
|
||
|
E40000
|
unkown
|
page read and write
|
||
|
49BB000
|
direct allocation
|
page readonly
|
||
|
49B1000
|
direct allocation
|
page execute read
|
||
|
4896000
|
direct allocation
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
E30000
|
unkown
|
page readonly
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
103F000
|
unkown
|
page readonly
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
2A82000
|
heap
|
page read and write
|
||
|
2A7A000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
2A6D000
|
heap
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page execute and read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
27DC000
|
stack
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
4891000
|
direct allocation
|
page execute read
|
||
|
2A7B000
|
heap
|
page read and write
|
||
|
2DB7000
|
heap
|
page read and write
|
||
|
2A9E000
|
heap
|
page read and write
|
||
|
2A7A000
|
heap
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
4AAF000
|
direct allocation
|
page read and write
|
||
|
2A7D000
|
heap
|
page read and write
|
||
|
2A95000
|
heap
|
page read and write
|
||
|
6390000
|
heap
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
2A7A000
|
heap
|
page read and write
|
||
|
4560000
|
direct allocation
|
page read and write
|
||
|
2A71000
|
heap
|
page read and write
|
||
|
E3B000
|
unkown
|
page execute read
|
||
|
2A96000
|
heap
|
page read and write
|
||
|
2A75000
|
heap
|
page read and write
|
There are 50 hidden memdumps, click here to show them.