Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SysWOW64\cmd.exe
|
cmd /C ""C:\Windows\System32\rundll32.exe" SHELL32.DLL,Control_RunDLL ca400cpl.cpl,@0,1"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" SHELL32.DLL,Control_RunDLL ca400cpl.cpl,@0,1
|
||
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL ca400cpl.cpl,@0,1
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3D0000
|
heap
|
page read and write
|
||
3C0000
|
heap
|
page read and write
|
||
279970B8000
|
heap
|
page read and write
|
||
DB395FC000
|
stack
|
page read and write
|
||
27996FB0000
|
heap
|
page read and write
|
||
27FE000
|
stack
|
page read and write
|
||
277E000
|
stack
|
page read and write
|
||
294A000
|
heap
|
page read and write
|
||
27997345000
|
heap
|
page read and write
|
||
31B000
|
stack
|
page read and write
|
||
27997340000
|
heap
|
page read and write
|
||
279970D1000
|
heap
|
page read and write
|
||
35C000
|
stack
|
page read and write
|
||
2940000
|
heap
|
page read and write
|
||
2810000
|
heap
|
page read and write
|
||
279970B0000
|
heap
|
page read and write
|
||
27BF000
|
stack
|
page read and write
|
||
DB398FF000
|
stack
|
page read and write
|
||
27996FD0000
|
heap
|
page read and write
|
||
28D0000
|
heap
|
page read and write
|
||
DB3987E000
|
stack
|
page read and write
|
||
285E000
|
stack
|
page read and write
|
||
27998B10000
|
heap
|
page read and write
|
||
2730000
|
heap
|
page read and write
|
||
27996ED0000
|
heap
|
page read and write
|
There are 15 hidden memdumps, click here to show them.