Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe 'C:\Users\user\Desktop\VolumeConverter.dll'
|
 |
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\VolumeConverter.dll',#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe 'C:\Users\user\Desktop\VolumeConverter.dll',#1
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5866F1000
|
unkown image
|
page readonly
|
|
|
|
7DF594372000
|
unkown image
|
page readonly
|
|
|
|
3098000
|
unkown image
|
page readonly
|
|
|
|
17AF000
|
stack
|
page read and write
|
|
|
|
159E000
|
stack
|
page read and write
|
|
|
|
7FCD0000
|
unkown image
|
page readonly
|
|
|
|
7FF5866EA000
|
unkown image
|
page readonly
|
|
|
|
6DD000
|
unkown
|
page read and write
|
|
|
|
7FF30000
|
unkown image
|
page readonly
|
|
|
|
7FF58660F000
|
unkown image
|
page readonly
|
|
|
|
6E5000
|
unkown
|
page read and write
|
|
|
|
7FF586609000
|
unkown image
|
page readonly
|
|
|
|
13F0000
|
unkown image
|
page readonly
|
|
|
|
2FDF000
|
unkown image
|
page readonly
|
|
|
|
3064000
|
unkown image
|
page readonly
|
|
|
|
7FF586677000
|
unkown image
|
page readonly
|
|
|
|
2FED000
|
unkown image
|
page readonly
|
|
|
|
7FF586512000
|
unkown image
|
page readonly
|
|
|
|
2648B1E0000
|
heap private
|
page read and write
|
|
|
|
6C7CEFA000
|
unkown
|
page read and write
|
|
|
|
7FCE0000
|
unkown image
|
page readonly
|
|
|
|
2648CDA0000
|
unkown
|
page read and write
|
|
|
|
305B000
|
unkown image
|
page readonly
|
|
|
|
61E000
|
stack
|
page read and write
|
|
|
|
2FA7000
|
unkown image
|
page readonly
|
|
|
|
2648B600000
|
unkown image
|
page readonly
|
|
|
|
2FD5000
|
unkown image
|
page readonly
|
|
|
|
670000
|
unkown
|
page read and write
|
|
|
|
7FF5866FA000
|
unkown image
|
page readonly
|
|
|
|
2648B429000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown
|
page read and write
|
|
|
|
6C7CB2B000
|
unkown
|
page read and write
|
|
|
|
2FA4000
|
unkown image
|
page readonly
|
|
|
|
6F9000
|
unkown
|
page read and write
|
|
|
|
18AF000
|
stack
|
page read and write
|
|
|
|
6D5000
|
unkown
|
page read and write
|
|
|
|
7FF58667D000
|
unkown image
|
page readonly
|
|
|
|
1220000
|
unkown image
|
page readonly
|
|
|
|
2FBA000
|
unkown image
|
page readonly
|
|
|
|
7FF5862DC000
|
unkown image
|
page readonly
|
|
|
|
7FF5865D1000
|
unkown image
|
page readonly
|
|
|
|
7DF594362000
|
unkown image
|
page readonly
|
|
|
|
7FF42000
|
unkown image
|
page readonly
|
|
|
|
7DF594360000
|
unkown image
|
page readonly
|
|
|
|
7FF50000
|
unkown image
|
page readonly
|
|
|
|
7FCD2000
|
unkown image
|
page readonly
|
|
|
|
9B0000
|
unkown image
|
page readonly
|
|
|
|
FF0000
|
unkown image
|
page read and write
|
|
|
|
3086000
|
unkown image
|
page readonly
|
|
|
|
1100000
|
unkown
|
page read and write
|
|
|
|
2F85000
|
unkown image
|
page readonly
|
|
|
|
6D5000
|
unkown
|
page read and write
|
|
|
|
203000
|
unkown
|
page read and write
|
|
|
|
7FF32000
|
unkown image
|
page readonly
|
|
|
|
7FCD2000
|
unkown image
|
page readonly
|
|
|
|
6B0000
|
heap default
|
page read and write
|
|
|
|
2648B210000
|
unkown image
|
page readonly
|
|
|
|
7FF58665E000
|
unkown image
|
page readonly
|
|
|
|
307B000
|
unkown image
|
page readonly
|
|
|
|
7FF5863C7000
|
unkown image
|
page readonly
|
|
|
|
2FB0000
|
unkown image
|
page readonly
|
|
|
|
2E91000
|
unkown image
|
page readonly
|
|
|
|
7FF5862CE000
|
unkown image
|
page readonly
|
|
|
|
7FCC2000
|
unkown image
|
page readonly
|
|
|
|
6D9000
|
unkown
|
page read and write
|
|
|
|
6DE000
|
unkown
|
page read and write
|
|
|
|
7FF5863D2000
|
unkown image
|
page readonly
|
|
|
|
2648B320000
|
unkown image
|
page write copy
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
2FAB000
|
unkown image
|
page readonly
|
|
|
|
308C000
|
unkown image
|
page readonly
|
|
|
|
7FCD0000
|
unkown image
|
page readonly
|
|
|
|
4E0000
|
unkown image
|
page readonly
|
|
|
|
11A000
|
unkown
|
page read and write
|
|
|
|
13F0000
|
unkown image
|
page readonly
|
|
|
|
2FC9000
|
unkown image
|
page readonly
|
|
|
|
6DA000
|
unkown
|
page read and write
|
|
|
|
6E5000
|
unkown
|
page read and write
|
|
|
|
500000
|
heap private
|
page read and write
|
|
|
|
7FF586627000
|
unkown image
|
page readonly
|
|
|
|
305F000
|
unkown image
|
page readonly
|
|
|
|
7FF5865B1000
|
unkown image
|
page readonly
|
|
|
|
127D000
|
unkown
|
page read and write
|
|
|
|
58E000
|
stack
|
page read and write
|
|
|
|
2648B1F0000
|
unkown image
|
page readonly
|
|
|
|
7FF586517000
|
unkown image
|
page readonly
|
|
|
|
7FF586637000
|
unkown image
|
page readonly
|
|
|
|
137D000
|
unkown
|
page read and write
|
|
|
|
6E6000
|
unkown
|
page read and write
|
|
|
|
507000
|
heap private
|
page read and write
|
|
|
|
306B000
|
unkown image
|
page readonly
|
|
|
|
13F0000
|
unkown image
|
page readonly
|
|
|
|
65E000
|
stack
|
page read and write
|
|
|
|
3010000
|
unkown image
|
page readonly
|
|
|
|
7FF32000
|
unkown image
|
page readonly
|
|
|
|
2648B1F0000
|
unkown image
|
page readonly
|
|
|
|
7FF586616000
|
unkown image
|
page readonly
|
|
|
|
5C60000
|
unkown
|
page read and write
|
|
|
|
7FF585F09000
|
unkown image
|
page readonly
|
|
|
|
7FCE0000
|
unkown image
|
page readonly
|
|
|
|
3093000
|
unkown image
|
page readonly
|
|
|
|
2E68000
|
unkown image
|
page readonly
|
|
|
|
3071000
|
unkown image
|
page readonly
|
|
|
|
7FF586655000
|
unkown image
|
page readonly
|
|
|
|
7DF594380000
|
unkown image
|
page readonly
|
|
|
|
7FF40000
|
unkown image
|
page readonly
|
|
|
|
2FA1000
|
unkown image
|
page readonly
|
|
|
|
660000
|
heap private
|
page read and write
|
|
|
|
1420000
|
heap default
|
page read and write
|
|
|
|
7FF30000
|
unkown image
|
page readonly
|
|
|
|
7FF586613000
|
unkown image
|
page readonly
|
|
|
|
300C000
|
unkown image
|
page readonly
|
|
|
|
7FF5862D7000
|
unkown image
|
page readonly
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
54E000
|
stack
|
page read and write
|
|
|
|
2FC6000
|
unkown image
|
page readonly
|
|
|
|
7FF586701000
|
unkown image
|
page readonly
|
|
|
|
7FF5866D9000
|
unkown image
|
page readonly
|
|
|
|
7DF492230000
|
unkown image
|
page readonly
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
2648B800000
|
unkown image
|
page readonly
|
|
|
|
15D0000
|
heap default
|
page read and write
|
|
|
|
7FF5865AF000
|
unkown image
|
page readonly
|
|
|
|
2648B990000
|
unkown image
|
page readonly
|
|
|
|
2648B370000
|
unkown image
|
page readonly
|
|
|
|
6D9000
|
unkown
|
page read and write
|
|
|
|
155E000
|
stack
|
page read and write
|
|
|
|
5C0000
|
heap default
|
page read and write
|
|
|
|
6C7CF7C000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
2648B413000
|
unkown
|
page read and write
|
|
|
|
112F000
|
unkown
|
page read and write
|
|
|
|
1380000
|
unkown image
|
page readonly
|
|
|
|
1E0000
|
unkown image
|
page readonly
|
|
|
|
7FF58664B000
|
unkown image
|
page readonly
|
|
|
|
6BA000
|
heap default
|
page read and write
|
|
|
|
7FCC0000
|
unkown image
|
page readonly
|
|
|
|
7DF594370000
|
unkown image
|
page readonly
|
|
|
|
7FF586701000
|
unkown image
|
page readonly
|
|
|
|
7FF58667A000
|
unkown image
|
page readonly
|
|
|
|
5B0000
|
unkown image
|
page readonly
|
|
|
|
2648B400000
|
unkown
|
page read and write
|
|
|
|
6C7CFFE000
|
unkown
|
page read and write
|
|
|
|
7FF58647B000
|
unkown image
|
page readonly
|
|
|
|
1990000
|
heap private
|
page read and write
|
|
|
|
7DF594372000
|
unkown image
|
page readonly
|
|
|
|
7FCC0000
|
unkown image
|
page readonly
|
|
|
|
4E0000
|
unkown image
|
page readonly
|
|
|
|
50A000
|
heap private
|
page read and write
|
|
|
|
6E7000
|
unkown
|
page read and write
|
|
|
|
6D9000
|
unkown
|
page read and write
|
|
|
|
1040000
|
unkown image
|
page readonly
|
|
|
|
B30000
|
unkown image
|
page readonly
|
|
|
|
7FBC0000
|
unkown image
|
page readonly
|
|
|
|
4D0000
|
unkown image
|
page readonly
|
|
|
|
7FF58662E000
|
unkown image
|
page readonly
|
|
|
|
3098000
|
unkown image
|
page readonly
|
|
|
|
7FF5866E4000
|
unkown image
|
page readonly
|
|
|
|
7FF586620000
|
unkown image
|
page readonly
|
|
|
|
7FF5866D2000
|
unkown image
|
page readonly
|
|
|
|
6DD000
|
unkown
|
page read and write
|
|
|
|
2648B980000
|
unkown image
|
page readonly
|
|
|
|
207000
|
unkown
|
page read and write
|
|
|
|
2648B1D0000
|
unkown image
|
page read and write
|
|
|
|
2648B240000
|
heap default
|
page read and write
|
|
|
|
7FF586623000
|
unkown image
|
page readonly
|
|
|
|
6C7CE7E000
|
unkown
|
page read and write
|
|
|
|
2648B43F000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown image
|
page readonly
|
|
|
|
2EC5000
|
unkown image
|
page readonly
|
|
|
|
6DD000
|
unkown
|
page read and write
|
|
|
|
7DF594360000
|
unkown image
|
page readonly
|
|
|
|
7DF594362000
|
unkown image
|
page readonly
|
|
|
|
142B000
|
heap default
|
page read and write
|
|
|
|
1220000
|
unkown image
|
page readonly
|
|
|
|
2FF6000
|
unkown image
|
page readonly
|
|
|
|
112B000
|
unkown
|
page read and write
|
|
|
|
7FCC2000
|
unkown image
|
page readonly
|
|
|
|
1390000
|
unkown image
|
page readonly
|
|
|
|
7FF5864D0000
|
unkown image
|
page readonly
|
|
|
|
2E9D000
|
unkown image
|
page readonly
|
|
|
|
7FF586435000
|
unkown image
|
page readonly
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
2FDB000
|
unkown image
|
page readonly
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
6E5000
|
unkown
|
page read and write
|
|
|
|
1438000
|
heap default
|
page read and write
|
|
|
|
2648B455000
|
unkown
|
page read and write
|
|
|
|
B0000
|
unkown image
|
page read and write
|
|
|
|
1435000
|
heap default
|
page read and write
|
|
|
|
7DF594370000
|
unkown image
|
page readonly
|
|
|
|
7FF40000
|
unkown image
|
page readonly
|
|
|
|
13E0000
|
unkown
|
page read and write
|
|
|
|
664000
|
heap private
|
page read and write
|
|
|
|
7DF594380000
|
unkown image
|
page readonly
|
|
|
|
2648B502000
|
unkown
|
page read and write
|
|
|
|
2648B402000
|
unkown
|
page read and write
|
|
|
|
2FFB000
|
unkown image
|
page readonly
|
|
|
|
7FF58660D000
|
unkown image
|
page readonly
|
|
|
|
2F7E000
|
unkown image
|
page readonly
|
|
|
|
7FF50000
|
unkown image
|
page readonly
|
|
|
|
160000
|
unkown image
|
page readonly
|
|
|
|
6F9000
|
unkown
|
page read and write
|
|
|
|
2E74000
|
unkown image
|
page readonly
|
|
|
|
7FF586431000
|
unkown image
|
page readonly
|
|
|
|
6C7CBAF000
|
unkown
|
page read and write
|
|
|
|
6DD000
|
unkown
|
page read and write
|
|
|
|
2F8E000
|
unkown image
|
page readonly
|
|
|
|
7FF42000
|
unkown image
|
page readonly
|
|
|
|
7FE30000
|
unkown image
|
page readonly
|
|
There are 200 hidden memdumps, click here to show them.