Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\N00LMS9L.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\N00LMS9L.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\N00LMS9L.dll",#1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D90000
|
heap
|
page read and write
|
||
|
311A000
|
heap
|
page read and write
|
||
|
6880000
|
trusted library allocation
|
page read and write
|
||
|
32F5000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
50E000
|
stack
|
page read and write
|
||
|
32F3000
|
heap
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
51F000
|
heap
|
page read and write
|
||
|
1FD000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
6474000
|
heap
|
page read and write
|
||
|
6470000
|
heap
|
page read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
32D8000
|
heap
|
page read and write
|
||
|
32D5000
|
heap
|
page read and write
|
||
|
32D8000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
32D9000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
32E4000
|
heap
|
page read and write
|
||
|
6430000
|
heap
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2D3C000
|
stack
|
page read and write
|
||
|
32E5000
|
heap
|
page read and write
|
||
|
FD000
|
stack
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
32D4000
|
heap
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
CC9000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
32E4000
|
heap
|
page read and write
|
||
|
3117000
|
heap
|
page read and write
|
||
|
32D8000
|
heap
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
32D9000
|
heap
|
page read and write
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
6420000
|
heap
|
page read and write
|
||
|
32D8000
|
heap
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
There are 40 hidden memdumps, click here to show them.