Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\NTADMD.DLL.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\NTADMD.DLL.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\NTADMD.DLL.dll,ServiceMain
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\NTADMD.DLL.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\NTADMD.DLL.dll",ServiceMain
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://registrationeasy.com/tucson/info.html
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
890000
|
heap
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
E2F000
|
stack
|
page read and write
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
C3F000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
2DCC000
|
stack
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
2BEA000
|
heap
|
page read and write
|
||
|
2D8B000
|
stack
|
page read and write
|
||
|
83D000
|
stack
|
page read and write
|
||
|
2AEA000
|
heap
|
page read and write
|
||
|
3070000
|
heap
|
page read and write
|
||
|
322A000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
341D000
|
stack
|
page read and write
|
||
|
C54000
|
heap
|
page read and write
|
||
|
9ED000
|
stack
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
3241000
|
heap
|
page read and write
|
||
|
4680000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
273B000
|
stack
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
277C000
|
stack
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
31DD000
|
stack
|
page read and write
|
||
|
33DD000
|
stack
|
page read and write
|
||
|
44BE000
|
stack
|
page read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
319D000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
2D6E000
|
stack
|
page read and write
|
||
|
27FB000
|
stack
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2A3C000
|
stack
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
4DB0000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
There are 48 hidden memdumps, click here to show them.