Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WOTZc2nssO.dll",#1
|
 |
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\WOTZc2nssO.dll",#1
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\WOTZc2nssO.dll"
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25D4000
|
heap
|
page read and write
|
||
|
24F0000
|
heap
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
25CD000
|
heap
|
page read and write
|
||
|
25E9000
|
heap
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
5FD000
|
stack
|
page read and write
|
||
|
25C5000
|
heap
|
page read and write
|
||
|
25CD000
|
heap
|
page read and write
|
||
|
ACB000
|
heap
|
page read and write
|
||
|
4264000
|
heap
|
page read and write
|
||
|
25CD000
|
heap
|
page read and write
|
||
|
28C7000
|
heap
|
page read and write
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
5B00000
|
trusted library allocation
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
25C9000
|
heap
|
page read and write
|
||
|
28CA000
|
heap
|
page read and write
|
||
|
4130000
|
trusted library allocation
|
page read and write
|
||
|
25AA000
|
heap
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
4FC000
|
stack
|
page read and write
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
25CD000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
422D000
|
stack
|
page read and write
|
||
|
25C9000
|
heap
|
page read and write
|
||
|
243A000
|
stack
|
page read and write
|
||
|
25E2000
|
heap
|
page read and write
|
||
|
258F000
|
stack
|
page read and write
|
||
|
25D4000
|
heap
|
page read and write
|
||
|
25D1000
|
heap
|
page read and write
|
||
|
25E9000
|
heap
|
page read and write
|
||
|
25C5000
|
heap
|
page read and write
|
||
|
25CA000
|
heap
|
page read and write
|
||
|
25C9000
|
heap
|
page read and write
|
||
|
25D7000
|
heap
|
page read and write
|
||
|
4260000
|
heap
|
page read and write
|
||
|
247B000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
25CE000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
There are 35 hidden memdumps, click here to show them.