Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Google\Chrome\updater.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\drivers\etc\hosts
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_atx1kxze.b3p.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dttdhj3x.tsb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ouxzafp2.mzc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqcv2kii.ovj.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "GoogleUpdateTaskMachineQC"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "GoogleUpdateTaskMachineQC" binpath= "C:\ProgramData\Google\Chrome\updater.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "GoogleUpdateTaskMachineQC"
|
|
|
|
C:\ProgramData\Google\Chrome\updater.exe
|
C:\ProgramData\Google\Chrome\updater.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 25 hidden processes, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
794CEFF000
|
stack
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
17A81958000
|
heap
|
page read and write
|
||
|
C15DDAF000
|
stack
|
page read and write
|
||
|
7FF76C82E000
|
unkown
|
page execute read
|
||
|
F19CA7E000
|
unkown
|
page readonly
|
||
|
1FEA0470000
|
heap
|
page read and write
|
||
|
AD3F7F000
|
stack
|
page read and write
|
||
|
2AEF0202000
|
trusted library allocation
|
page read and write
|
||
|
270AE0D8000
|
heap
|
page read and write
|
||
|
1C8A38D0000
|
unkown
|
page read and write
|
||
|
276957B8000
|
heap
|
page read and write
|
||
|
7FF7A6685000
|
unkown
|
page read and write
|
||
|
16671DE0000
|
heap
|
page read and write
|
||
|
55A4D7F000
|
stack
|
page read and write
|
||
|
17A81890000
|
heap
|
page read and write
|
||
|
A0DF19E000
|
stack
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
2162D510000
|
heap
|
page read and write
|
||
|
F19CCFE000
|
stack
|
page read and write
|
||
|
F19C374000
|
stack
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
7FF76CB3A000
|
unkown
|
page readonly
|
||
|
270AE040000
|
heap
|
page read and write
|
||
|
15C08F40000
|
heap
|
page read and write
|
||
|
7FF7A6D56000
|
unkown
|
page execute and read and write
|
||
|
2A57D0A0000
|
heap
|
page read and write
|
||
|
28CD3B10000
|
heap
|
page read and write
|
||
|
C562AFE000
|
stack
|
page read and write
|
||
|
7FF76C2AE000
|
unkown
|
page readonly
|
||
|
2A57CD00000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
F19CC7E000
|
unkown
|
page readonly
|
||
|
6A035DE000
|
stack
|
page read and write
|
||
|
17974FE0000
|
heap
|
page read and write
|
||
|
270AE0D0000
|
heap
|
page read and write
|
||
|
1350F935000
|
heap
|
page read and write
|
||
|
2A57CDB8000
|
heap
|
page read and write
|
||
|
7FF76C2B5000
|
unkown
|
page readonly
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
7FF76C5E0000
|
unkown
|
page execute and read and write
|
||
|
7FF7A6D51000
|
unkown
|
page readonly
|
||
|
7FF76C5EC000
|
unkown
|
page execute and read and write
|
||
|
1FEA7D000
|
stack
|
page read and write
|
||
|
6A034DD000
|
stack
|
page read and write
|
||
|
276957B0000
|
heap
|
page read and write
|
||
|
151A8618000
|
heap
|
page read and write
|
||
|
16672400000
|
direct allocation
|
page read and write
|
||
|
17974D80000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
2162D4A0000
|
heap
|
page read and write
|
||
|
1C8A1B50000
|
unkown
|
page read and write
|
||
|
28CD3BA8000
|
heap
|
page read and write
|
||
|
F19CB7E000
|
stack
|
page read and write
|
||
|
270AE055000
|
heap
|
page read and write
|
||
|
27695A65000
|
heap
|
page read and write
|
||
|
304579F000
|
stack
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
C15DCAD000
|
stack
|
page read and write
|
||
|
7FF7A75DA000
|
unkown
|
page readonly
|
||
|
7FF7A6670000
|
unkown
|
page readonly
|
||
|
7FF76BBD1000
|
unkown
|
page execute read
|
||
|
15C09120000
|
heap
|
page read and write
|
||
|
BCDC6AD000
|
stack
|
page read and write
|
||
|
AD3E7D000
|
stack
|
page read and write
|
||
|
C562CFF000
|
stack
|
page read and write
|
||
|
E99FAFF000
|
stack
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
23CB3640000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
7FF7A7084000
|
unkown
|
page execute and read and write
|
||
|
2DD18FF000
|
stack
|
page read and write
|
||
|
151A85D0000
|
heap
|
page read and write
|
||
|
E99F79E000
|
stack
|
page read and write
|
||
|
C562AED000
|
stack
|
page read and write
|
||
|
7FF7A6671000
|
unkown
|
page execute read
|
||
|
7FF7A707A000
|
unkown
|
page execute and read and write
|
||
|
7FF7A6670000
|
unkown
|
page readonly
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
1C8A1B40000
|
unkown
|
page read and write
|
||
|
28CD3B30000
|
heap
|
page read and write
|
||
|
1FEA0810000
|
heap
|
page read and write
|
||
|
7FF76BBD0000
|
unkown
|
page readonly
|
||
|
2A57CCD0000
|
heap
|
page read and write
|
||
|
23CB3660000
|
heap
|
page read and write
|
||
|
C15E0FF000
|
stack
|
page read and write
|
||
|
2A57D0B5000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
1C8A1DE0000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
270AE050000
|
heap
|
page read and write
|
||
|
217804E0000
|
heap
|
page read and write
|
||
|
21780915000
|
heap
|
page read and write
|
||
|
151A84D0000
|
heap
|
page read and write
|
||
|
7FF7A6671000
|
unkown
|
page execute read
|
||
|
AD3EFF000
|
stack
|
page read and write
|
||
|
7FF76BBE2000
|
unkown
|
page readonly
|
||
|
1C8A38D0000
|
direct allocation
|
page read and write
|
||
|
F19C67E000
|
unkown
|
page readonly
|
||
|
7FF76CB3A000
|
unkown
|
page readonly
|
||
|
7FF76C2B5000
|
unkown
|
page readonly
|
||
|
1FEB7E000
|
stack
|
page read and write
|
||
|
2AEEFA00000
|
heap
|
page read and write
|
||
|
7FF7A6682000
|
unkown
|
page readonly
|
||
|
F19C174000
|
stack
|
page read and write
|
||
|
1C8A1B60000
|
heap
|
page read and write
|
||
|
7FF76C2B1000
|
unkown
|
page readonly
|
||
|
26190FF000
|
stack
|
page read and write
|
||
|
C562BFE000
|
stack
|
page read and write
|
||
|
304569C000
|
stack
|
page read and write
|
||
|
217805B0000
|
heap
|
page read and write
|
||
|
7FF7A7082000
|
unkown
|
page execute and read and write
|
||
|
1FEA0400000
|
heap
|
page read and write
|
||
|
27695620000
|
heap
|
page read and write
|
||
|
F19CD7E000
|
unkown
|
page readonly
|
||
|
2AEEFB02000
|
heap
|
page read and write
|
||
|
23CB36A0000
|
heap
|
page read and write
|
||
|
7FF7A6D53000
|
unkown
|
page write copy
|
||
|
28CD3BA0000
|
heap
|
page read and write
|
||
|
1FEA03D0000
|
heap
|
page read and write
|
||
|
BCDCAFE000
|
stack
|
page read and write
|
||
|
7FF76C624000
|
unkown
|
page execute and read and write
|
||
|
7FF7A6D51000
|
unkown
|
page readonly
|
||
|
7FF7A6682000
|
unkown
|
page readonly
|
||
|
7FF7A7080000
|
unkown
|
page execute and read and write
|
||
|
17A81790000
|
heap
|
page read and write
|
||
|
7FF76BBE5000
|
unkown
|
page write copy
|
||
|
151A8610000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
7FF76C2B6000
|
unkown
|
page execute and read and write
|
||
|
28CD3ED5000
|
heap
|
page read and write
|
||
|
B50E87C000
|
stack
|
page read and write
|
||
|
F19BD7D000
|
stack
|
page read and write
|
||
|
17A81BB5000
|
heap
|
page read and write
|
||
|
2A57D0B0000
|
heap
|
page read and write
|
||
|
A0DF09D000
|
stack
|
page read and write
|
||
|
2162D550000
|
heap
|
page read and write
|
||
|
2AEEFA02000
|
heap
|
page read and write
|
||
|
F19C07E000
|
unkown
|
page readonly
|
||
|
F19C77C000
|
stack
|
page read and write
|
||
|
1FEA03E0000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
7FF76C2B3000
|
unkown
|
page read and write
|
||
|
2162D4B0000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
2AEEFA2B000
|
heap
|
page read and write
|
||
|
7FF7A6D53000
|
unkown
|
page read and write
|
||
|
2A57CD98000
|
heap
|
page read and write
|
||
|
F19C27E000
|
unkown
|
page readonly
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
270AE060000
|
heap
|
page read and write
|
||
|
7FF76C2B1000
|
unkown
|
page readonly
|
||
|
B58C4FE000
|
stack
|
page read and write
|
||
|
7FF7A6D55000
|
unkown
|
page readonly
|
||
|
16671A7E000
|
heap
|
page read and write
|
||
|
1C8A1AC0000
|
heap
|
page read and write
|
||
|
2162D4D0000
|
heap
|
page read and write
|
||
|
217805C5000
|
heap
|
page read and write
|
||
|
15C08F88000
|
heap
|
page read and write
|
||
|
2AEEFA6A000
|
heap
|
page read and write
|
||
|
F19BAFE000
|
stack
|
page read and write
|
||
|
16671A60000
|
heap
|
page read and write
|
||
|
2AEEFA44000
|
heap
|
page read and write
|
||
|
2A57CCE0000
|
heap
|
page read and write
|
||
|
217805B8000
|
heap
|
page read and write
|
||
|
F19C573000
|
stack
|
page read and write
|
||
|
10047E000
|
stack
|
page read and write
|
||
|
6A038FF000
|
stack
|
page read and write
|
||
|
270AE080000
|
heap
|
page read and write
|
||
|
10017F000
|
stack
|
page read and write
|
||
|
7FF7A70CA000
|
unkown
|
page execute and read and write
|
||
|
166719F0000
|
heap
|
page read and write
|
||
|
1350F580000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
7FF7A75DA000
|
unkown
|
page readonly
|
||
|
2AEEF970000
|
heap
|
page read and write
|
||
|
2618B5D000
|
stack
|
page read and write
|
||
|
7FF76C82E000
|
unkown
|
page execute read
|
||
|
2AEEFA53000
|
heap
|
page read and write
|
||
|
10007C000
|
stack
|
page read and write
|
||
|
23CB3870000
|
heap
|
page read and write
|
||
|
15C08F60000
|
heap
|
page read and write
|
||
|
7FF76C5DA000
|
unkown
|
page execute and read and write
|
||
|
7FF76C5E4000
|
unkown
|
page execute and read and write
|
||
|
166719C0000
|
heap
|
page read and write
|
||
|
27695720000
|
heap
|
page read and write
|
||
|
2AEEF890000
|
heap
|
page read and write
|
||
|
2AEEF870000
|
heap
|
page read and write
|
||
|
55A4CFF000
|
stack
|
page read and write
|
||
|
166719D0000
|
heap
|
page read and write
|
||
|
217804F0000
|
heap
|
page read and write
|
||
|
B50E97F000
|
stack
|
page read and write
|
||
|
1350F750000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
17974DD8000
|
heap
|
page read and write
|
||
|
17A81870000
|
heap
|
page read and write
|
||
|
E99F69D000
|
stack
|
page read and write
|
||
|
7FF7A708C000
|
unkown
|
page execute and read and write
|
||
|
7FF7A6685000
|
unkown
|
page write copy
|
||
|
55A4C7D000
|
stack
|
page read and write
|
||
|
2618FFF000
|
stack
|
page read and write
|
||
|
1FEA0815000
|
heap
|
page read and write
|
||
|
27695700000
|
heap
|
page read and write
|
||
|
1350F589000
|
heap
|
page read and write
|
||
|
F19BBFF000
|
stack
|
page read and write
|
||
|
28CD3ED0000
|
heap
|
page read and write
|
||
|
23CB3665000
|
heap
|
page read and write
|
||
|
2162D515000
|
heap
|
page read and write
|
||
|
7FF76BBD0000
|
unkown
|
page readonly
|
||
|
7FF76BBE2000
|
unkown
|
page readonly
|
||
|
794CBCD000
|
stack
|
page read and write
|
||
|
F19C47E000
|
unkown
|
page readonly
|
||
|
151A85B0000
|
heap
|
page read and write
|
||
|
7FF76BBD1000
|
unkown
|
page execute read
|
||
|
17974DA0000
|
heap
|
page read and write
|
||
|
23CB36A8000
|
heap
|
page read and write
|
||
|
1350F770000
|
heap
|
page read and write
|
||
|
27695A60000
|
heap
|
page read and write
|
||
|
1AD37630000
|
heap
|
page read and write
|
||
|
7FF7A6D4E000
|
unkown
|
page readonly
|
||
|
1AD37448000
|
heap
|
page read and write
|
||
|
21780910000
|
heap
|
page read and write
|
||
|
16671A6C000
|
heap
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
F19B7AB000
|
stack
|
page read and write
|
||
|
1C8A1AF0000
|
heap
|
page read and write
|
||
|
1AD37440000
|
heap
|
page read and write
|
||
|
17974CA0000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
16671DE5000
|
heap
|
page read and write
|
||
|
7FF7A6D55000
|
unkown
|
page readonly
|
||
|
1C8A1DE5000
|
heap
|
page read and write
|
||
|
2DD15CD000
|
stack
|
page read and write
|
||
|
7FF7A70C4000
|
unkown
|
page execute and read and write
|
||
|
23CB3670000
|
heap
|
page read and write
|
||
|
2162D558000
|
heap
|
page read and write
|
||
|
7FF76C62A000
|
unkown
|
page execute and read and write
|
||
|
21780510000
|
heap
|
page read and write
|
||
|
7FF7A72CE000
|
unkown
|
page execute read
|
||
|
15C08F80000
|
heap
|
page read and write
|
||
|
1FEA0478000
|
heap
|
page read and write
|
||
|
1AD37845000
|
heap
|
page read and write
|
||
|
17A81BB0000
|
heap
|
page read and write
|
||
|
7FF76C2AE000
|
unkown
|
page readonly
|
||
|
15C08E60000
|
heap
|
page read and write
|
||
|
1AD37840000
|
heap
|
page read and write
|
||
|
C562DFF000
|
stack
|
page read and write
|
||
|
2AEEFA13000
|
heap
|
page read and write
|
||
|
1350F560000
|
heap
|
page read and write
|
||
|
2DD187F000
|
stack
|
page read and write
|
||
|
15C09125000
|
heap
|
page read and write
|
||
|
A0DF11F000
|
stack
|
page read and write
|
||
|
7FF76BBE5000
|
unkown
|
page read and write
|
||
|
F19C87E000
|
unkown
|
page readonly
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
1C8A1AD0000
|
heap
|
page read and write
|
||
|
7FF7A72CE000
|
unkown
|
page execute read
|
||
|
2618EFE000
|
stack
|
page read and write
|
||
|
1350F930000
|
heap
|
page read and write
|
||
|
7FF76C5DC000
|
unkown
|
page execute and read and write
|
||
|
B58C1CD000
|
stack
|
page read and write
|
||
|
7FF76C5E2000
|
unkown
|
page execute and read and write
|
||
|
B58C47E000
|
stack
|
page read and write
|
||
|
F19BF7E000
|
stack
|
page read and write
|
||
|
17974FE5000
|
heap
|
page read and write
|
||
|
1C8A1B20000
|
direct allocation
|
page read and write
|
||
|
1C8A4101000
|
unkown
|
page read and write
|
||
|
F19C97E000
|
stack
|
page read and write
|
||
|
28CD3B00000
|
heap
|
page read and write
|
||
|
2AEEF9A0000
|
trusted library allocation
|
page read and write
|
||
|
794CFFF000
|
stack
|
page read and write
|
||
|
16671A20000
|
direct allocation
|
page read and write
|
||
|
1AD37650000
|
heap
|
page read and write
|
||
|
7FF7A6D4E000
|
unkown
|
page readonly
|
||
|
17A81950000
|
heap
|
page read and write
|
||
|
151A8840000
|
heap
|
page read and write
|
||
|
1AD37550000
|
heap
|
page read and write
|
||
|
7FF76C2B3000
|
unkown
|
page write copy
|
||
|
3045AFF000
|
stack
|
page read and write
|
||
|
151A8845000
|
heap
|
page read and write
|
||
|
7FF7A707C000
|
unkown
|
page execute and read and write
|
||
|
1C8A1B69000
|
heap
|
page read and write
|
||
|
BCDC7AE000
|
stack
|
page read and write
|
||
|
17974DD0000
|
heap
|
page read and write
|
||
|
1C8A1B6C000
|
heap
|
page read and write
|
||
|
2A57CD90000
|
heap
|
page read and write
|
||
|
1FEC7E000
|
stack
|
page read and write
|
||
|
F19BE7E000
|
unkown
|
page readonly
|
There are 280 hidden memdumps, click here to show them.