IOC Report
_cdrecord.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\_cdrecord.exe
"C:\Users\user\Desktop\_cdrecord.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Memdumps

Base Address
Regiontype
Protect
Malicious
100000
heap
page read and write
400000
unkown
page readonly
43D000
unkown
page readonly
45C000
unkown
page write copy
43D000
unkown
page readonly
65D000
stack
page read and write
438000
unkown
page write copy
70E000
heap
page read and write
438000
unkown
page write copy
400000
unkown
page readonly
1A0000
heap
page read and write
45C000
unkown
page read and write
9D000
stack
page read and write
70A000
heap
page read and write
F0000
heap
page read and write
401000
unkown
page execute read
700000
heap
page read and write
401000
unkown
page execute read
There are 8 hidden memdumps, click here to show them.