Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /C ""C:\Windows\System32\rundll32.exe" SHELL32.DLL,Control_RunDLL ca400cpl.cpl,@0,1"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
"C:\Windows\System32\rundll32.exe" SHELL32.DLL,Control_RunDLL ca400cpl.cpl,@0,1
|
||
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL ca400cpl.cpl,@0,1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D0000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
279970B8000
|
heap
|
page read and write
|
||
|
DB395FC000
|
stack
|
page read and write
|
||
|
27996FB0000
|
heap
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
294A000
|
heap
|
page read and write
|
||
|
27997345000
|
heap
|
page read and write
|
||
|
31B000
|
stack
|
page read and write
|
||
|
27997340000
|
heap
|
page read and write
|
||
|
279970D1000
|
heap
|
page read and write
|
||
|
35C000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
279970B0000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
DB398FF000
|
stack
|
page read and write
|
||
|
27996FD0000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
DB3987E000
|
stack
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
27998B10000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
27996ED0000
|
heap
|
page read and write
|
There are 15 hidden memdumps, click here to show them.