=== MEMORY DUMP ANALYSIS GUIDE ===

PROCESS LIST:
=============
[    4] System               PPID:     0 Threads: 120 Created: 2024-03-15 08:00:00
[   88] Registry             PPID:     4 Threads:   4 Created: 2024-03-15 08:00:02
[  332] smss.exe             PPID:     4 Threads:   3 Created: 2024-03-15 08:00:03
[  452] csrss.exe            PPID:   332 Threads:  11 Created: 2024-03-15 08:00:05
[  540] wininit.exe          PPID:   332 Threads:   1 Created: 2024-03-15 08:00:05
[  548] csrss.exe            PPID:   332 Threads:  12 Created: 2024-03-15 08:00:06
[  604] services.exe         PPID:   540 Threads:   9 Created: 2024-03-15 08:00:08
[  612] lsass.exe            PPID:   540 Threads:   8 Created: 2024-03-15 08:00:08
[  720] svchost.exe          PPID:   604 Threads:  15 Created: 2024-03-15 08:00:10
[  824] svchost.exe          PPID:   604 Threads:  22 Created: 2024-03-15 08:00:11
[  888] svchost.exe          PPID:   604 Threads:  18 Created: 2024-03-15 08:00:11
[  936] svchost.exe          PPID:   604 Threads:  27 Created: 2024-03-15 08:00:12
[ 1204] dwm.exe              PPID:   720 Threads:   7 Created: 2024-03-15 08:02:00
[ 1328] spoolsv.exe          PPID:   604 Threads:  12 Created: 2024-03-15 08:02:30
[ 1456] svchost.exe          PPID:   604 Threads:  10 Created: 2024-03-15 08:03:00
[ 1580] taskhostw.exe        PPID:  1456 Threads:   6 Created: 2024-03-15 08:03:15
[ 1712] explorer.exe         PPID:  1456 Threads:  63 Created: 2024-03-15 08:03:30
[ 1844] chrome.exe           PPID:  1712 Threads:  28 Created: 2024-03-15 08:05:00
[ 1956] chrome.exe           PPID:  1712 Threads:  15 Created: 2024-03-15 08:05:02
[ 2032] chrome.exe           PPID:  1712 Threads:  14 Created: 2024-03-15 08:05:05
[ 2156] notepad.exe          PPID:  1712 Threads:   3 Created: 2024-03-15 08:10:00
[ 2288] cmd.exe              PPID:  1712 Threads:   1 Created: 2024-03-15 08:12:00
[ 2416] OUTLOOK.EXE          PPID:  1712 Threads:  24 Created: 2024-03-15 12:00:00
[ 2528] WINWORD.EXE          PPID:  2416 Threads:   8 Created: 2024-03-15 14:23:00
[ 2644] powershell.exe       PPID:  2528 Threads:  11 Created: 2024-03-15 14:23:05
[ 2752] schtasks.exe         PPID:  2644 Threads:   2 Created: 2024-03-15 14:23:45


SUSPICIOUS ACTIVITY:
===================
Injected Process PID: 720 (svchost.exe)
Injected by PID: 604 (via powershell.exe)
Injection Time: 2024-03-15 14:23:08


MEMORY REGIONS (suspicious):
===========================
PID: 720 Start: 0x7ffa0000 Size: 245760 Protection: EXECUTE_READWRITE
PID: 720 Start: 0x7ffb5000 Size: 4096 Protection: READWRITE
  Embedded Strings:
    C2_IP=185.142.53.122
    C2_PORT=8080
    ENCRYPTION_KEY=0xAB12CD34EF56
    USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64)
    BEACON_INTERVAL=60
    JITTER=20


C2 COMMUNICATION:
================
Primary C2: 185.142.53.122:8080
Secondary C2: 45.155.205.33:8443


INJECTED SHELLCODE (hex):
========================
fc4883e4f0e8c0000000415141505251564831d265488b52603e488b52183e488b52203e488b72503e480fb74a4a4d31c94831c0ac3c617c022c2041c1c90d41ffc7e802000000c35f8b6f2431dbff7510578b7c24243e8b4f783e014f8b7c1c243e8b4c1c203e014f8b7c2424eb2c3e8b6f143e8b4f0a3e014f8b5f1c3e8b5f...