Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\dngqoAXyDd.exe
|
"C:\Users\user\Desktop\dngqoAXyDd.exe"
|
 |
|
|
C:\Windows\System32\wermgr.exe
|
C:\Windows\system32\wermgr.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe
|
 |
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B31000
|
unkown
|
page execute and read and write
|
|
|
|
7FF582865000
|
unkown image
|
page readonly
|
|
|
|
7FF58277A000
|
unkown image
|
page readonly
|
|
|
|
511E000
|
unkown
|
page read and write
|
|
|
|
399E000
|
unkown
|
page read and write
|
|
|
|
7FF529BA2000
|
unkown image
|
page readonly
|
|
|
|
29D2000
|
unkown
|
page read and write
|
|
|
|
5400000
|
unkown
|
page read and write
|
|
|
|
4408000
|
unkown
|
page read and write
|
|
|
|
7FF5685D7000
|
unkown image
|
page readonly
|
|
|
|
7DF589890000
|
unkown image
|
page readonly
|
|
|
|
22833CA0000
|
unkown
|
page read and write
|
|
|
|
7DF5D72A2000
|
unkown image
|
page readonly
|
|
|
|
4A7A000
|
unkown
|
page read and write
|
|
|
|
7FF52955A000
|
unkown image
|
page readonly
|
|
|
|
239D40A3000
|
heap private
|
page read and write
|
|
|
|
7FF57FAB7000
|
unkown image
|
page readonly
|
|
|
|
6684000
|
unkown
|
page read and write
|
|
|
|
7DF5D72A2000
|
unkown image
|
page readonly
|
|
|
|
1AC71102000
|
unkown
|
page read and write
|
|
|
|
7FF529829000
|
unkown image
|
page readonly
|
|
|
|
3ADC000
|
unkown
|
page read and write
|
|
|
|
7FF529AD2000
|
unkown image
|
page readonly
|
|
|
|
17BD0383000
|
unkown
|
page read and write
|
|
|
|
2CA6000
|
unkown
|
page read and write
|
|
|
|
2282E5D0000
|
unkown image
|
page readonly
|
|
|
|
1776F2F0000
|
unkown image
|
page readonly
|
|
|
|
7324000
|
unkown
|
page read and write
|
|
|
|
3440000
|
unkown
|
page read and write
|
|
|
|
4A46000
|
unkown
|
page read and write
|
|
|
|
1AC7104A000
|
unkown
|
page read and write
|
|
|
|
A4E000
|
stack
|
page read and write
|
|
|
|
7FF5686B7000
|
unkown image
|
page readonly
|
|
|
|
5456000
|
unkown
|
page read and write
|
|
|
|
61FC3F7000
|
stack
|
page read and write
|
|
|
|
7AAC000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown image
|
page readonly
|
|
|
|
78F0000
|
unkown
|
page read and write
|
|
|
|
4F66000
|
unkown
|
page read and write
|
|
|
|
17BD0390000
|
unkown
|
page read and write
|
|
|
|
2880000
|
heap private
|
page read and write
|
|
|
|
7FF529A84000
|
unkown image
|
page readonly
|
|
|
|
2000E340000
|
unkown
|
page read and write
|
|
|
|
5C64000
|
unkown
|
page read and write
|
|
|
|
98C7D7F000
|
stack
|
page read and write
|
|
|
|
5DA4000
|
unkown
|
page read and write
|
|
|
|
2CD8000
|
unkown
|
page read and write
|
|
|
|
17BCFCD0000
|
unkown image
|
page readonly
|
|
|
|
619E000
|
unkown
|
page read and write
|
|
|
|
2928000
|
unkown
|
page read and write
|
|
|
|
651E000
|
unkown
|
page read and write
|
|
|
|
40AC000
|
unkown
|
page read and write
|
|
|
|
2B84000
|
unkown
|
page read and write
|
|
|
|
7DF5724C0000
|
unkown image
|
page readonly
|
|
|
|
4E78000
|
unkown
|
page read and write
|
|
|
|
397C000
|
unkown
|
page read and write
|
|
|
|
6B62000
|
unkown
|
page read and write
|
|
|
|
40F2000
|
unkown
|
page read and write
|
|
|
|
7FF57F975000
|
unkown image
|
page readonly
|
|
|
|
7FF56849A000
|
unkown image
|
page readonly
|
|
|
|
29833288000
|
unkown
|
page read and write
|
|
|
|
98C7E7D000
|
stack
|
page read and write
|
|
|
|
76B0000
|
unkown
|
page read and write
|
|
|
|
4104000
|
unkown
|
page read and write
|
|
|
|
17BD0379000
|
unkown
|
page read and write
|
|
|
|
7FF529A80000
|
unkown image
|
page readonly
|
|
|
|
239D40A3000
|
heap private
|
page read and write
|
|
|
|
7F022000
|
unkown image
|
page readonly
|
|
|
|
239D42A1000
|
heap private
|
page read and write
|
|
|
|
7FF5827D6000
|
unkown image
|
page readonly
|
|
|
|
753A000
|
unkown
|
page read and write
|
|
|
|
7FF52993A000
|
unkown image
|
page readonly
|
|
|
|
DBF000
|
stack
|
page read and write
|
|
|
|
17BCF990000
|
unkown image
|
page readonly
|
|
