Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\diaoyu.dll.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\diaoyu.dll.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\diaoyu.dll.dll,VMProtectSDK32
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\diaoyu.dll.dll",#1
|
||
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\diaoyu.dll.dll",VMProtectSDK32
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2865C340000
|
heap
|
page read and write
|
||
|
24E291C8000
|
heap
|
page read and write
|
||
|
27E3B2F0000
|
heap
|
page read and write
|
||
|
24E2ACF0000
|
heap
|
page read and write
|
||
|
2B48DF50000
|
heap
|
page read and write
|
||
|
2865DE80000
|
heap
|
page read and write
|
||
|
2865DE80000
|
heap
|
page read and write
|
||
|
27E3B358000
|
heap
|
page read and write
|
||
|
2865C350000
|
heap
|
page read and write
|
||
|
27E3B350000
|
heap
|
page read and write
|
||
|
D46EEDC000
|
stack
|
page read and write
|
||
|
2865C380000
|
heap
|
page read and write
|
||
|
CDA587C000
|
stack
|
page read and write
|
||
|
CDA59FE000
|
stack
|
page read and write
|
||
|
A8FC59C000
|
stack
|
page read and write
|
||
|
A8FC8FE000
|
stack
|
page read and write
|
||
|
2B48DF60000
|
heap
|
page read and write
|
||
|
24E29140000
|
heap
|
page read and write
|
||
|
CDA597F000
|
stack
|
page read and write
|
||
|
A8FC9FF000
|
stack
|
page read and write
|
||
|
2865DD00000
|
heap
|
page read and write
|
||
|
2B48DFA0000
|
heap
|
page read and write
|
||
|
CDA58FF000
|
stack
|
page read and write
|
||
|
24E29160000
|
heap
|
page read and write
|
||
|
7F9819F000
|
stack
|
page read and write
|
||
|
D46EF5E000
|
stack
|
page read and write
|
||
|
2865DD00000
|
heap
|
page read and write
|
||
|
D46EFDF000
|
stack
|
page read and write
|
||
|
27E3B5C5000
|
heap
|
page read and write
|
||
|
24E29165000
|
heap
|
page read and write
|
||
|
2865C38D000
|
heap
|
page read and write
|
||
|
24E29110000
|
heap
|
page read and write
|
||
|
27E3B320000
|
heap
|
page read and write
|
||
|
24E291C0000
|
heap
|
page read and write
|
||
|
2B48DFA8000
|
heap
|
page read and write
|
||
|
2B48E170000
|
heap
|
page read and write
|
||
|
27E3B300000
|
heap
|
page read and write
|
||
|
7F9811F000
|
stack
|
page read and write
|
||
|
2B48FA40000
|
heap
|
page read and write
|
||
|
2B48DF80000
|
heap
|
page read and write
|
||
|
2865C398000
|
heap
|
page read and write
|
||
|
24E29120000
|
heap
|
page read and write
|
||
|
7F9809C000
|
stack
|
page read and write
|
||
|
27E3CE90000
|
heap
|
page read and write
|
||
|
2B48DF85000
|
heap
|
page read and write
|
||
|
7F9847E000
|
stack
|
page read and write
|
||
|
27E3B5C0000
|
heap
|
page read and write
|
There are 37 hidden memdumps, click here to show them.