Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\ionic.zip.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\ionic.zip.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\ionic.zip.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.codeplex.com/DotNetZip
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6EE000
|
heap
|
page read and write
|
||
|
C87000
|
heap
|
page read and write
|
||
|
2E9000
|
stack
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
C7B000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
7CD000
|
stack
|
page read and write
|
||
|
69A000
|
heap
|
page read and write
|
||
|
43AF000
|
stack
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
C8F000
|
stack
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
F3F000
|
stack
|
page read and write
|
||
|
436E000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
32C000
|
stack
|
page read and write
|
||
|
103F000
|
stack
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
6E3000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
C7F000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
5E10000
|
trusted library allocation
|
page read and write
|
There are 39 hidden memdumps, click here to show them.