Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\santolibre.net.mail.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\santolibre.net.mail.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\santolibre.net.mail.dll",#1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4BEE000
|
stack
|
page read and write
|
||
|
305F000
|
heap
|
page read and write
|
||
|
63B0000
|
heap
|
page read and write
|
||
|
3086000
|
heap
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
3073000
|
heap
|
page read and write
|
||
|
63C0000
|
heap
|
page read and write
|
||
|
304A000
|
heap
|
page read and write
|
||
|
128F000
|
stack
|
page read and write
|
||
|
137F000
|
heap
|
page read and write
|
||
|
63F0000
|
heap
|
page read and write
|
||
|
328D000
|
stack
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
3065000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
16A0000
|
heap
|
page read and write
|
||
|
3071000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
3040000
|
heap
|
page read and write
|
||
|
E8D000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2DBC000
|
stack
|
page read and write
|
||
|
3086000
|
heap
|
page read and write
|
||
|
3084000
|
heap
|
page read and write
|
||
|
4C2F000
|
stack
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
111E000
|
stack
|
page read and write
|
||
|
3069000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
137B000
|
heap
|
page read and write
|
||
|
32F7000
|
heap
|
page read and write
|
||
|
3071000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
3063000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
305C000
|
heap
|
page read and write
|
||
|
156F000
|
stack
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
2D79000
|
stack
|
page read and write
|
||
|
3086000
|
heap
|
page read and write
|
||
|
3068000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
3084000
|
heap
|
page read and write
|
||
|
115E000
|
stack
|
page read and write
|
||
|
63F4000
|
heap
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
There are 42 hidden memdumps, click here to show them.