Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\watermarkedMagistrates.cmd" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D27726B000
|
heap
|
page read and write
|
||
|
167AE9B2000
|
heap
|
page read and write
|
||
|
167AE92A000
|
heap
|
page read and write
|
||
|
BE0F17A000
|
stack
|
page read and write
|
||
|
167AE9A0000
|
heap
|
page read and write
|
||
|
210A3046000
|
heap
|
page read and write
|
||
|
167AE9C5000
|
heap
|
page read and write
|
||
|
E77BBAB000
|
stack
|
page read and write
|
||
|
276D6E88000
|
heap
|
page read and write
|
||
|
2B6F7A54000
|
heap
|
page read and write
|
||
|
167AE974000
|
heap
|
page read and write
|
||
|
1D277270000
|
heap
|
page read and write
|
||
|
167AE9DD000
|
heap
|
page read and write
|
||
|
2730B713000
|
heap
|
page read and write
|
||
|
167AF497000
|
heap
|
page read and write
|
||
|
155FD25B000
|
heap
|
page read and write
|
||
|
167AE91A000
|
heap
|
page read and write
|
||
|
276D66E7000
|
heap
|
page read and write
|
||
|
155FD213000
|
heap
|
page read and write
|
||
|
167AE94F000
|
heap
|
page read and write
|
||
|
167AF31C000
|
heap
|
page read and write
|
||
|
167AF32B000
|
heap
|
page read and write
|
||
|
276D66BB000
|
heap
|
page read and write
|
||
|
167AF49E000
|
heap
|
page read and write
|
||
|
167AE9C4000
|
heap
|
page read and write
|
||
|
1D277267000
|
heap
|
page read and write
|
||
|
167AE993000
|
heap
|
page read and write
|
||
|
167AE9C2000
|
heap
|
page read and write
|
||
|
167AE9A0000
|
heap
|
page read and write
|
||
|
276D66A0000
|
heap
|
page read and write
|
||
|
167AE93E000
|
heap
|
page read and write
|
||
|
167AE9BD000
|
heap
|
page read and write
|
||
|
1D277258000
|
heap
|
page read and write
|
||
|
167AE9AE000
|
heap
|
page read and write
|
||
|
155FD266000
|
heap
|
page read and write
|
||
|
155FD22B000
|
heap
|
page read and write
|
||
|
276D6E8C000
|
heap
|
page read and write
|
||
|
2859BF02000
|
heap
|
page read and write
|
||
|
22F157E000
|
stack
|
page read and write
|
||
|
167AF311000
|
heap
|
page read and write
|
||
|
167AE9E0000
|
heap
|
page read and write
|
||
|
167AE9C9000
|
heap
|
page read and write
|
||
|
167AE9BE000
|
heap
|
page read and write
|
||
|
1D27728F000
|
heap
|
page read and write
|
||
|
167AE90B000
|
heap
|
page read and write
|
||
|
4C26D7C000
|
stack
|
page read and write
|
||
|
2859BE43000
|
heap
|
page read and write
|
||
|
167AE9BA000
|
heap
|
page read and write
|
||
|
167AE9E7000
|
heap
|
page read and write
|
||
|
167AE9A1000
|
heap
|
page read and write
|
||
|
E77C2FE000
|
stack
|
page read and write
|
||
|
1D277276000
|
heap
|
page read and write
|
||
|
E8EFFFE000
|
stack
|
page read and write
|
||
|
167AE9ED000
|
heap
|
page read and write
|
||
|
155FD050000
|
heap
|
page read and write
|
||
|
2377FFD0000
|
trusted library allocation
|
page read and write
|
||
|
2859BE2B000
|
heap
|
page read and write
|
||
|
167AE9DA000
|
heap
|
page read and write
|
||
|
167AE94B000
|
heap
|
page read and write
|
||
|
65767F000
|
stack
|
page read and write
|
||
|
E8EFEF9000
|
stack
|
page read and write
|
||
|
167AE9B0000
|
heap
|
page read and write
|
||
|
23D07130000
|
trusted library allocation
|
page read and write
|
||
|
167AE97D000
|
heap
|
page read and write
|
||
|
276D6650000
|
heap
|
page read and write
|
||
|
155FD200000
|
heap
|
page read and write
|
||
|
155FD302000
|
heap
|
page read and write
|
||
|
2730B4B0000
|
heap
|
page read and write
|
||
|
167AE9E8000
|
heap
|
page read and write
|
||
|
167AE9E7000
|
heap
|
page read and write
|
||
|
276D66D5000
|
heap
|
page read and write
|
||
|
167AE9A7000
|
heap
|
page read and write
|
||
|
167AE9CF000
|
heap
|
page read and write
|
||
|
657157000
|
stack
|
page read and write
|
||
|
167AE94F000
|
heap
|
page read and write
|
||
|
167AE9B0000
|
heap
|
page read and write
|
||
|
167AE9DA000
|
heap
|
page read and write
|
||
|
167AE96C000
|
heap
|
page read and write
|
||
|
167AE965000
|
heap
|
page read and write
|
||
|
167AE9E0000
|
heap
|
page read and write
|
||
|
167AE987000
|
heap
|
page read and write
|
||
|
1D277265000
|
heap
|
page read and write
|
||
|
276D6E96000
|
heap
|
page read and write
|
||
|
167AE890000
|
heap
|
page read and write
|
||
|
167AF329000
|
heap
|
page read and write
|
||
|
167AE968000
|
heap
|
page read and write
|
||
|
B71E6FE000
|
stack
|
page read and write
|
||
|
167AE96C000
|
heap
|
page read and write
|
||
|
167AE987000
|
heap
|
page read and write
|
||
|
167AE9C5000
|
heap
|
page read and write
|
||
|
167AE9DD000
|
heap
|
page read and write
|
||
|
E77C378000
|
stack
|
page read and write
|
||
|
22F137C000
|
stack
|
page read and write
|
||
|
2730BE02000
|
trusted library allocation
|
page read and write
|
||
|
2B6F7980000
|
trusted library allocation
|
page read and write
|
||
|
167AE99C000
|
heap
|
page read and write
|
||
|
155FD28B000
|
heap
|
page read and write
|
||
|
167AE972000
|
heap
|
page read and write
|
||
|
2730B613000
|
heap
|
page read and write
|
||
|
1D277241000
|
heap
|
page read and write
|
||
|
23780000000
|
heap
|
page read and write
|
||
|
167AE9DA000
|
heap
|
page read and write
|
||
|
1D277262000
|
heap
|
page read and write
|
||
|
E8F017F000
|
stack
|
page read and write
|
||
|
210A3000000
|
heap
|
page read and write
|
||
|
4C26B7C000
|
stack
|
page read and write
|
||
|
155FD279000
|
heap
|
page read and write
|
||
|
210A30D3000
|
heap
|
page read and write
|
||
|
167AE983000
|
heap
|
page read and write
|
||
|
2B6F78F0000
|
heap
|
page read and write
|
||
|
167AE981000
|
heap
|
page read and write
|
||
|
276D670B000
|
heap
|
page read and write
|
||
|
2730B440000
|
heap
|
page read and write
|
||
|
276D65A0000
|
heap
|
page read and write
|