Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\notepad.exe
|
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Desktop\SAH_Install.ini
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22E60800000
|
heap
|
page read and write
|
||
|
22E64360000
|
trusted library allocation
|
page read and write
|
||
|
22E60880000
|
heap
|
page read and write
|
||
|
22E607D0000
|
heap
|
page read and write
|
||
|
22E62385000
|
heap
|
page read and write
|
||
|
22E60858000
|
heap
|
page read and write
|
||
|
22E62AD0000
|
heap
|
page read and write
|
||
|
22E62380000
|
heap
|
page read and write
|
||
|
22E62190000
|
heap
|
page read and write
|
||
|
22E6238C000
|
heap
|
page read and write
|
||
|
22E60810000
|
heap
|
page read and write
|
||
|
BCE437F000
|
stack
|
page read and write
|
||
|
22E626E0000
|
heap
|
page read and write
|
||
|
22E6083B000
|
heap
|
page read and write
|
||
|
22E60840000
|
heap
|
page read and write
|
||
|
22E62260000
|
heap
|
page read and write
|
||
|
BCE3EE9000
|
stack
|
page read and write
|
||
|
22E62263000
|
heap
|
page read and write
|
||
|
BCE427D000
|
stack
|
page read and write
|
||
|
22E60808000
|
heap
|
page read and write
|
||
|
22E62280000
|
trusted library allocation
|
page read and write
|
||
|
22E607E0000
|
heap
|
page read and write
|
||
|
22E60832000
|
heap
|
page read and write
|
||
|
22E60873000
|
heap
|
page read and write
|
There are 14 hidden memdumps, click here to show them.