Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll,azsmqfepjdouodor
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\rnxijmmczrsxavguremdpeeqkyqdtlrasgollujkwkpc.dll",azsmqfepjdouodor
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1320000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
FBD000
|
stack
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
6BC9A000
|
unkown
|
page readonly
|
||
|
83A000
|
heap
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
7DF000
|
stack
|
page read and write
|
||
|
43C0000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
6BA0A000
|
unkown
|
page readonly
|
||
|
6CE12000
|
unkown
|
page readonly
|
||
|
6C412000
|
unkown
|
page readonly
|
||
|
6D0A2000
|
unkown
|
page readonly
|
||
|
30C000
|
stack
|
page read and write
|
||
|
6BA0F000
|
unkown
|
page readonly
|
||
|
6BA00000
|
unkown
|
page readonly
|
||
|
171F000
|
stack
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
87C000
|
stack
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
6BA0D000
|
unkown
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
6BA0F000
|
unkown
|
page readonly
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
83B000
|
stack
|
page read and write
|
||
|
67F000
|
stack
|
page read and write
|
||
|
6BC90000
|
unkown
|
page readonly
|
||
|
6CE12000
|
unkown
|
page readonly
|
||
|
1A1F000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
6BA01000
|
unkown
|
page execute read
|
||
|
6BA0A000
|
unkown
|
page readonly
|
||
|
6BC9F000
|
unkown
|
page readonly
|
||
|
6BA12000
|
unkown
|
page readonly
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
B1A000
|
heap
|
page read and write
|
||
|
6BA12000
|
unkown
|
page readonly
|
||
|
152B000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
181F000
|
stack
|
page read and write
|
||
|
6BC9D000
|
unkown
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
6BCA2000
|
unkown
|
page readonly
|
||
|
153D000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
6BC91000
|
unkown
|
page execute read
|
||
|
370000
|
heap
|
page read and write
|
||
|
6C6A2000
|
unkown
|
page readonly
|
||
|
A9F000
|
stack
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
6C412000
|
unkown
|
page readonly
|
||
|
6BA01000
|
unkown
|
page execute read
|
||
|
6BA0D000
|
unkown
|
page read and write
|
||
|
152F000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
6BA00000
|
unkown
|
page readonly
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
2CB000
|
stack
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
1910000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
There are 62 hidden memdumps, click here to show them.