Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\file.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3B0000
|
heap
|
page read and write
|
||
|
21D000
|
stack
|
page read and write
|
||
|
6190000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
2F84000
|
heap
|
page read and write
|
||
|
49DE000
|
stack
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
2B9C000
|
stack
|
page read and write
|
||
|
88F000
|
heap
|
page read and write
|
||
|
317A000
|
heap
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
2F8C000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
2B59000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
2F6A000
|
heap
|
page read and write
|
||
|
61B0000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
2F88000
|
heap
|
page read and write
|
||
|
499F000
|
stack
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
2F85000
|
heap
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
6194000
|
heap
|
page read and write
|
||
|
897000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
31D000
|
stack
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
2FA5000
|
heap
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
74E000
|
stack
|
page read and write
|
||
|
2F92000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
2F88000
|
heap
|
page read and write
|
||
|
2F8D000
|
heap
|
page read and write
|
||
|
88B000
|
heap
|
page read and write
|
||
|
2F88000
|
heap
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
3177000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
2FA5000
|
heap
|
page read and write
|
||
|
2FA5000
|
heap
|
page read and write
|
There are 40 hidden memdumps, click here to show them.