drop procmemdump or memory dump · scan mz pe headers · filter known modules · packer fingerprint imports overlay · export csv · runs locally
memory dump
drop memory dump · ldrmodules txt
or click
include ldrmodules/dlllist export to filter known module bases — otherwise all PEs flagged for review
drop procmemdump · memory dump · optional ldrmodules txt