Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\NgenTool.exe
|
"C:\Users\user\Desktop\NgenTool.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
86D000
|
stack
|
page read and write
|
||
1A1000
|
unkown
|
page execute read
|
||
C30000
|
heap
|
page read and write
|
||
96D000
|
stack
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
9E0000
|
heap
|
page read and write
|
||
1AD000
|
unkown
|
page readonly
|
||
9D0000
|
heap
|
page read and write
|
||
1A0000
|
unkown
|
page readonly
|
||
1B5000
|
unkown
|
page readonly
|
||
A90000
|
heap
|
page read and write
|
||
1A1000
|
unkown
|
page execute read
|
||
A2E000
|
stack
|
page read and write
|
||
1B3000
|
unkown
|
page read and write
|
||
A6E000
|
stack
|
page read and write
|
||
1B5000
|
unkown
|
page readonly
|
||
1A0000
|
unkown
|
page readonly
|
||
1AD000
|
unkown
|
page readonly
|
||
E2F000
|
stack
|
page read and write
|
||
C3A000
|
heap
|
page read and write
|
||
F2F000
|
stack
|
page read and write
|
||
C3E000
|
heap
|
page read and write
|
||
1B3000
|
unkown
|
page write copy
|
There are 13 hidden memdumps, click here to show them.