Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
September payments.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\September payments.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpF1AE.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YifGIcnmZiWfn.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\YifGIcnmZiWfn.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YifGIcnmZiWfn.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tgp2hrl.4vp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_31xb4ngx.xec.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4x504xsh.u0r.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5vk2ojvp.ewz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0b20p4i.i1u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exqnzfwr.b5u.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mnsomywv.gwq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yn350xzu.3bw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp304.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\September payments.exe
|
"C:\Users\user\Desktop\September payments.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\September
payments.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\YifGIcnmZiWfn.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YifGIcnmZiWfn" /XML "C:\Users\user\AppData\Local\Temp\tmpF1AE.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\YifGIcnmZiWfn.exe
|
C:\Users\user\AppData\Roaming\YifGIcnmZiWfn.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YifGIcnmZiWfn" /XML "C:\Users\user\AppData\Local\Temp\tmp304.tmp"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
25CE000
|
stack
|
page read and write
|
||
|
4FF1000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
5020000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2684000
|
trusted library allocation
|
page read and write
|
||
|
8F5000
|
heap
|
page read and write
|
||
|
B68000
|
heap
|
page read and write
|
||
|
2668000
|
trusted library allocation
|
page read and write
|
||
|
6CA5000
|
trusted library allocation
|
page read and write
|
||
|
26B0000
|
heap
|
page execute and read and write
|
||
|
4FA5000
|
heap
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
26A5000
|
trusted library allocation
|
page read and write
|
||
|
B6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2805000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
heap
|
page read and write
|
||
|
4C50000
|
trusted library section
|
page readonly
|
||
|
CA10000
|
heap
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
6A00000
|
heap
|
page read and write
|
||
|
2CD7000
|
heap
|
page read and write
|
||
|
D87F000
|
stack
|
page read and write
|
||
|
4F1D000
|
stack
|
page read and write
|
||
|
CB5D000
|
stack
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
4B3E000
|
trusted library allocation
|
page read and write
|
||
|
902000
|
heap
|
page read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
A52000
|
trusted library allocation
|
page read and write
|
||
|
C78F000
|
stack
|
page read and write
|
||
|
2830000
|
heap
|
page execute and read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
4BF0000
|
trusted library allocation
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
3FCD000
|
trusted library allocation
|
page read and write
|
||
|
CF3C000
|
stack
|
page read and write
|
||
|
6B01000
|
trusted library allocation
|
page read and write
|
||
|
4C80000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
CADE000
|
stack
|
page read and write
|
||
|
CD9F000
|
stack
|
page read and write
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
86D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D17F000
|
stack
|
page read and write
|
||
|
A3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F3A000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
263D000
|
trusted library allocation
|
page read and write
|
||
|
370A000
|
trusted library allocation
|
page read and write
|
||
|
6DE2000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
D5FE000
|
stack
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
A40000
|
trusted library allocation
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
8B6000
|
heap
|
page read and write
|
||
|
B67000
|
trusted library allocation
|
page execute and read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
2631000
|
trusted library allocation
|
page read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
6AE0000
|
trusted library section
|
page read and write
|
||
|
6981000
|
heap
|
page read and write
|
||
|
6973000
|
heap
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26E1000
|
trusted library allocation
|
page read and write
|
||
|
4C4C000
|
stack
|
page read and write
|
||
|
C4DE000
|
stack
|
page read and write
|
||
|
4443000
|
trusted library allocation
|
page read and write
|
||
|
A2D000
|
stack
|
page read and write
|
||
|
5000000
|
heap
|
page read and write
|
||
|
4280000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
2690000
|
trusted library allocation
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
4B20000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
2B12000
|
trusted library allocation
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
87D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2ABB000
|
trusted library allocation
|
page read and write
|
||
|
2603000
|
heap
|
page read and write
|
||
|
DAC000
|
stack
|
page read and write
|
||
|
D01D000
|
stack
|
page read and write
|
||
|
4C00000
|
heap
|
page execute and read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
295B000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
C7CE000
|
stack
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
AD8000
|
heap
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
94C000
|
heap
|
page read and write
|
||
|
D020000
|
heap
|
page read and write
|
||
|
3FA000
|
stack
|
page read and write
|
||
|
D07E000
|
stack
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page read and write
|
||
|
C450000
|
trusted library allocation
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
4FE8000
|
heap
|
page read and write
|
||
|
69DF000
|
stack
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
6850000
|
trusted library allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
292000
|
unkown
|
page readonly
|
||
|
47DC000
|
stack
|
page read and write
|
||
|
CA0D000
|
stack
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
B56000
|
trusted library allocation
|
page execute and read and write
|
||
|
4060000
|
trusted library allocation
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
25F0000
|
trusted library allocation
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
4170000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
8A9000
|
heap
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
2642000
|
trusted library allocation
|
page read and write
|
||
|
B52000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
trusted library allocation
|
page read and write
|
||
|
D77E000
|
stack
|
page read and write
|
||
|
CEDE000
|
stack
|
page read and write
|
||
|
261B000
|
trusted library allocation
|
page read and write
|
||
|
4FFF000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
unkown
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
heap
|
page read and write
|
||
|
CC5E000
|
stack
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
A33000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B2B000
|
trusted library allocation
|
page read and write
|
||
|
A67000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
A62000
|
trusted library allocation
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
8DE000
|
stack
|
page read and write
|
||
|
A20000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
A30000
|
trusted library allocation
|
page read and write
|
||
|
41F8000
|
trusted library allocation
|
page read and write
|
||
|
70D000
|
stack
|
page read and write
|
||
|
CDBE000
|
stack
|
page read and write
|
||
|
3849000
|
trusted library allocation
|
page read and write
|
||
|
4B4D000
|
trusted library allocation
|
page read and write
|
||
|
2FD0000
|
heap
|
page read and write
|
||
|
D39E000
|
stack
|
page read and write
|
||
|
4BC2000
|
trusted library allocation
|
page read and write
|
||
|
4400000
|
trusted library allocation
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
ADE000
|
heap
|
page read and write
|
||
|
99D0000
|
trusted library section
|
page read and write
|
||
|
4E20000
|
heap
|
page read and write
|
||
|
2680000
|
trusted library allocation
|
page read and write
|
||
|
CA9E000
|
stack
|
page read and write
|
||
|
4B41000
|
trusted library allocation
|
page read and write
|
||
|
A6A000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
A34000
|
trusted library allocation
|
page read and write
|
||
|
C45F000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
6B4E000
|
stack
|
page read and write
|
||
|
ACE000
|
stack
|
page read and write
|
||
|
864000
|
trusted library allocation
|
page read and write
|
||
|
4BD2000
|
trusted library allocation
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
CF1D000
|
stack
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page execute and read and write
|
||
|
CEBE000
|
stack
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
5123000
|
heap
|
page read and write
|
||
|
6870000
|
trusted library allocation
|
page read and write
|
||
|
3841000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page execute and read and write
|
||
|
749000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
6CE0000
|
trusted library allocation
|
page read and write
|
||
|
42E3000
|
trusted library allocation
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
heap
|
page execute and read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page execute and read and write
|
||
|
A56000
|
trusted library allocation
|
page execute and read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
2686000
|
trusted library allocation
|
page read and write
|
||
|
26A0000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
31DA000
|
heap
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
36E1000
|
trusted library allocation
|
page read and write
|
||
|
28E7000
|
trusted library allocation
|
page read and write
|
||
|
4DC0000
|
trusted library section
|
page readonly
|
||
|
4B24000
|
trusted library allocation
|
page read and write
|
||
|
4C5F000
|
trusted library section
|
page readonly
|
||
|
4FB0000
|
heap
|
page read and write
|
||
|
A4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
A5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
D4FD000
|
stack
|
page read and write
|
||
|
6A8E000
|
stack
|
page read and write
|
||
|
6964000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
CDDE000
|
stack
|
page read and write
|
||
|
4C83000
|
heap
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
C8CE000
|
stack
|
page read and write
|
||
|
6C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2787000
|
trusted library allocation
|
page read and write
|
||
|
B62000
|
trusted library allocation
|
page read and write
|
||
|
7FE000
|
unkown
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
50B0000
|
heap
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
heap
|
page read and write
|
||
|
3F9000
|
stack
|
page read and write
|
||
|
C68F000
|
stack
|
page read and write
|
||
|
2E3E000
|
unkown
|
page read and write
|
||
|
2E7F000
|
unkown
|
page read and write
|
||
|
29BA000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
D73C000
|
stack
|
page read and write
|
||
|
D29E000
|
stack
|
page read and write
|
||
|
88A000
|
heap
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
840000
|
trusted library allocation
|
page read and write
|
||
|
CD8000
|
trusted library allocation
|
page read and write
|
||
|
6CA0000
|
trusted library allocation
|
page read and write
|
||
|
409A000
|
trusted library allocation
|
page read and write
|
||
|
D25E000
|
stack
|
page read and write
|
||
|
66EE000
|
heap
|
page read and write
|
||
|
2C0F000
|
stack
|
page read and write
|
||
|
D15E000
|
stack
|
page read and write
|
||
|
2670000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
D03C000
|
stack
|
page read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
C0C000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
36E9000
|
trusted library allocation
|
page read and write
|
||
|
3722000
|
trusted library allocation
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
290000
|
unkown
|
page readonly
|
||
|
695B000
|
heap
|
page read and write
|
||
|
4B46000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
27FC000
|
stack
|
page read and write
|
||
|
42A0000
|
trusted library allocation
|
page read and write
|
||
|
8C3000
|
heap
|
page read and write
|
||
|
C455000
|
trusted library allocation
|
page read and write
|
||
|
2841000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
trusted library allocation
|
page read and write
|
||
|
6C4E000
|
stack
|
page read and write
|
||
|
4E1B000
|
stack
|
page read and write
|
||
|
40E8000
|
trusted library allocation
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
D63B000
|
stack
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
C90D000
|
stack
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
373A000
|
trusted library allocation
|
page read and write
|
||
|
2B24000
|
trusted library allocation
|
page read and write
|
||
|
4BB0000
|
heap
|
page read and write
|
||
|
B5A000
|
trusted library allocation
|
page execute and read and write
|
||
|
262E000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C49E000
|
stack
|
page read and write
|
||
|
2636000
|
trusted library allocation
|
page read and write
|
||
|
CC9E000
|
stack
|
page read and write
|
There are 281 hidden memdumps, click here to show them.