Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO 4500005168 NIKOLA.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO 4500005168 NIKOLA.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp7910.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\GpAHAtkovL.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\GpAHAtkovL.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hzln2qcv.kcw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvn1htfo.wak.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mcliy2pb.erd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pv30jq30.kql.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pyujz1f4.3ii.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wdm1fvyp.nsk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yekkwff3.2dp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zvmmo1ft.vev.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO 4500005168 NIKOLA.exe
|
"C:\Users\user\Desktop\PO 4500005168 NIKOLA.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO 4500005168
NIKOLA.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\GpAHAtkovL.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\GpAHAtkovL" /XML "C:\Users\user\AppData\Local\Temp\tmp7910.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GpAHAtkovL.exe
|
C:\Users\user\AppData\Roaming\GpAHAtkovL.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.13.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.iaa-airferight.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
|
|
api.ipify.org
|
104.26.13.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
|
|
104.26.13.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
42F9000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3141000
|
trusted library allocation
|
page read and write
|
|
|
|
316C000
|
trusted library allocation
|
page read and write
|
|
|
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
5791000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
7503000
|
heap
|
page read and write
|
||
|
2A7F000
|
unkown
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
57C0000
|
heap
|
page read and write
|
||
|
5B3D000
|
trusted library allocation
|
page read and write
|
||
|
6B8E000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
781E000
|
stack
|
page read and write
|
||
|
80AE000
|
stack
|
page read and write
|
||
|
1765000
|
heap
|
page read and write
|
||
|
6960000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page execute and read and write
|
||
|
65EE000
|
stack
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
101A000
|
trusted library allocation
|
page execute and read and write
|
||
|
313D000
|
trusted library allocation
|
page read and write
|
||
|
62B1000
|
heap
|
page read and write
|
||
|
7FD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1657000
|
trusted library allocation
|
page execute and read and write
|
||
|
3103000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
1733000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
34D4000
|
trusted library allocation
|
page read and write
|
||
|
34BC000
|
trusted library allocation
|
page read and write
|
||
|
5BBE000
|
stack
|
page read and write
|
||
|
80EE000
|
stack
|
page read and write
|
||
|
152D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12BC000
|
stack
|
page read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
16AD000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
heap
|
page read and write
|
||
|
6307000
|
heap
|
page read and write
|
||
|
7730000
|
trusted library section
|
page read and write
|
||
|
10B6000
|
heap
|
page read and write
|
||
|
2D21000
|
trusted library allocation
|
page read and write
|
||
|
EB2000
|
unkown
|
page readonly
|
||
|
5796000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
6311000
|
heap
|
page read and write
|
||
|
5AB0000
|
heap
|
page execute and read and write
|
||
|
62D1000
|
heap
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
6837000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
165B000
|
trusted library allocation
|
page execute and read and write
|
||
|
81F0000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
6CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1025000
|
trusted library allocation
|
page execute and read and write
|
||
|
FE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
3168000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library allocation
|
page read and write
|
||
|
3166000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page execute and read and write
|
||
|
5A1B000
|
stack
|
page read and write
|
||
|
1040000
|
trusted library allocation
|
page read and write
|
||
|
682E000
|
stack
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
6957000
|
trusted library allocation
|
page read and write
|
||
|
40F1000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
trusted library allocation
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
93B8000
|
trusted library allocation
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
74FE000
|
heap
|
page read and write
|
||
|
6230000
|
heap
|
page read and write
|
||
|
1536000
|
trusted library allocation
|
page execute and read and write
|
||
|
1022000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
trusted library allocation
|
page read and write
|
||
|
74E0000
|
heap
|
page read and write
|
||
|
5CB5000
|
heap
|
page read and write
|
||
|
761E000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
62D0000
|
heap
|
page read and write
|
||
|
5B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
542C000
|
stack
|
page read and write
|
||
|
7750000
|
trusted library allocation
|
page read and write
|
||
|
2F20000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
AC7C000
|
stack
|
page read and write
|
||
|
1513000
|
trusted library allocation
|
page execute and read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
7539000
|
heap
|
page read and write
|
||
|
27F0000
|
heap
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
FF5000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
5B30000
|
trusted library allocation
|
page read and write
|
||
|
1950000
|
heap
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5801000
|
trusted library allocation
|
page read and write
|
||
|
6B4E000
|
stack
|
page read and write
|
||
|
3493000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
heap
|
page execute and read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
16D3000
|
heap
|
page read and write
|
||
|
750D000
|
heap
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
153A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
141D000
|
stack
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
578E000
|
trusted library allocation
|
page read and write
|
||
|
1532000
|
trusted library allocation
|
page read and write
|
||
|
7EFA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3354000
|
trusted library allocation
|
page read and write
|
||
|
2ACB000
|
heap
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
5CFE000
|
stack
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
4159000
|
trusted library allocation
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page execute and read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
5774000
|
trusted library allocation
|
page read and write
|
||
|
62E0000
|
heap
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
12F8000
|
stack
|
page read and write
|
||
|
8200000
|
trusted library allocation
|
page execute and read and write
|
||
|
170A000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
831E000
|
stack
|
page read and write
|
||
|
70C0000
|
heap
|
page read and write
|
||
|
1424000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
AD90000
|
trusted library allocation
|
page read and write
|
||
|
62DD000
|
heap
|
page read and write
|
||
|
2D70000
|
heap
|
page read and write
|
||
|
43E3000
|
trusted library allocation
|
page read and write
|
||
|
6830000
|
trusted library allocation
|
page read and write
|
||
|
3174000
|
trusted library allocation
|
page read and write
|
||
|
771F000
|
stack
|
page read and write
|
||
|
795E000
|
stack
|
page read and write
|
||
|
1456000
|
heap
|
page read and write
|
||
|
151D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
316A000
|
trusted library allocation
|
page read and write
|
||
|
2D0B000
|
trusted library allocation
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
672E000
|
stack
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
62CD000
|
heap
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
3255000
|
trusted library allocation
|
page read and write
|
||
|
1920000
|
trusted library allocation
|
page read and write
|
||
|
FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D1E000
|
trusted library allocation
|
page read and write
|
||
|
5D00000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
66EE000
|
stack
|
page read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page read and write
|
||
|
317A000
|
trusted library allocation
|
page read and write
|
||
|
2D2D000
|
trusted library allocation
|
page read and write
|
||
|
16DD000
|
heap
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
1930000
|
trusted library allocation
|
page read and write
|
||
|
2D88000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
AD7C000
|
stack
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
74D0000
|
trusted library section
|
page read and write
|
||
|
628E000
|
heap
|
page read and write
|
||
|
8320000
|
trusted library section
|
page read and write
|
||
|
FE9000
|
stack
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
1940000
|
trusted library allocation
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
107B000
|
heap
|
page read and write
|
||
|
44CE000
|
trusted library allocation
|
page read and write
|
||
|
276A000
|
stack
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
6BCE000
|
stack
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
965E000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
7FAF000
|
stack
|
page read and write
|
||
|
2D12000
|
trusted library allocation
|
page read and write
|
||
|
2A3E000
|
unkown
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
64AD000
|
stack
|
page read and write
|
||
|
7AD2000
|
trusted library allocation
|
page read and write
|
||
|
5D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
42F1000
|
trusted library allocation
|
page read and write
|
||
|
2D26000
|
trusted library allocation
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
323C000
|
trusted library allocation
|
page read and write
|
||
|
1016000
|
trusted library allocation
|
page execute and read and write
|
||
|
5820000
|
trusted library allocation
|
page execute and read and write
|
||
|
1514000
|
trusted library allocation
|
page read and write
|
||
|
1027000
|
trusted library allocation
|
page execute and read and write
|
||
|
1060000
|
trusted library allocation
|
page read and write
|
||
|
4119000
|
trusted library allocation
|
page read and write
|
||
|
113F000
|
heap
|
page read and write
|
||
|
687E000
|
stack
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
102B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
EB0000
|
unkown
|
page readonly
|
||
|
73DE000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
7720000
|
trusted library allocation
|
page execute and read and write
|
||
|
81EE000
|
stack
|
page read and write
|
||
|
568C000
|
stack
|
page read and write
|
||
|
2D0E000
|
trusted library allocation
|
page read and write
|
||
|
10AC000
|
heap
|
page read and write
|
||
|
FE4000
|
trusted library allocation
|
page read and write
|
||
|
1698000
|
heap
|
page read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
62FC000
|
heap
|
page read and write
|
||
|
6CDB000
|
trusted library allocation
|
page read and write
|
||
|
2DB0000
|
heap
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
532B000
|
stack
|
page read and write
|
||
|
5B18000
|
trusted library allocation
|
page read and write
|
||
|
1154000
|
heap
|
page read and write
|
||
|
AC0E000
|
stack
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
5A30000
|
trusted library section
|
page readonly
|
||
|
272D000
|
stack
|
page read and write
|
||
|
1012000
|
trusted library allocation
|
page read and write
|
||
|
625F000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
3126000
|
trusted library allocation
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
100D000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC9000
|
stack
|
page read and write
|
||
|
579D000
|
trusted library allocation
|
page read and write
|
||
|
2D04000
|
trusted library allocation
|
page read and write
|
||
|
5AAE000
|
stack
|
page read and write
|
||
|
1523000
|
trusted library allocation
|
page read and write
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
1975000
|
heap
|
page read and write
|
||
|
2D74000
|
heap
|
page read and write
|
There are 262 hidden memdumps, click here to show them.