Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
download.ps1
|
ASCII text, with very long lines (10320), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i2w4nqk0.nbt.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iedoaxqs.bdm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k4cnmnia.vvy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mfyjl3wg.5kn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0IAK5GP6B5ULWKSPZ4RM.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\download.ps1"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/intl/en/about/products?tab=wh
|
unknown
|
||
|
https://www.google.com/intl/en/about/products?tab=whXzx
|
unknown
|
||
|
https://photos.google.com/?tab=wq&pageId=none
|
unknown
|
||
|
https://csp.withgoogle.com/csp/gws/other-hp
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/default-user=s24p
|
unknown
|
||
|
https://news.google.com/?tab=wn
|
unknown
|
||
|
https://docs.google.com/document/?usp=docs_alc
|
unknown
|
||
|
http://schema.org/WebPage
|
unknown
|
||
|
https://www.google.com/webhp?tab=ww
|
unknown
|
||
|
http://lalclenfjhkinbn.top
|
unknown
|
||
|
http://schema.org/WebPageXzx
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/default-user=s96Xzx
|
unknown
|
||
|
https://github.com/Pester/PesterXzx
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://www.google.com/finance?tab=we
|
unknown
|
||
|
http://maps.google.com/maps?hl=en&tab=wl
|
unknown
|
||
|
https://apis.google.comXzx
|
unknown
|
||
|
http://www.google.com
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.blogger.com/?tab=wj
|
unknown
|
||
|
http://www.google.com/mobile/?hl=en&tab=wD
|
unknown
|
||
|
http://www.google.comp
|
unknown
|
||
|
https://play.google.com/?hl=en&tab=w8
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.pngXzx
|
unknown
|
||
|
https://www.google.com/imghp?hl=en&tab=wi
|
unknown
|
||
|
https://www.google.com/shopping?hl=en&source=og&tab=wf
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/default-user=s96
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://drive.google.com/?tab=wo
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/default-user=s24Xzx
|
unknown
|
||
|
http://crl.mic
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://mail.google.com/mail/?tab=wm
|
unknown
|
||
|
http://www.google.com/preferences?hl=en
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.youtube.com/?tab=w1
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.htmlXzx
|
unknown
|
||
|
http://$kxbdcawrt2lnhgf/$dew5vi9zth6k3g2.php?id=$env:computername&key=$bwszohcuixy&s=527
|
unknown
|
||
|
https://lh3.googleusercontent.com/ogw/default-user=s24
|
unknown
|
||
|
http://www.google.com/history/optout?hl=en
|
unknown
|
||
|
https://books.google.com/?hl=en&tab=wp
|
unknown
|
||
|
https://translate.google.com/?hl=en&tab=wT
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://calendar.google.com/calendar?tab=wc
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.google.com/
|
172.253.62.99
|
There are 42 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
lalclenfjhkinbn.top
|
45.61.136.138
|
|
|
|
www.google.com
|
172.253.62.99
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.61.136.138
|
lalclenfjhkinbn.top
|
United States
|
|
|
|
172.253.62.99
|
www.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF9BC290000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC194000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC00C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9BC3B0000
|
trusted library allocation
|
page read and write
|
||
|
1E83DB74000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC2A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC2C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFB0000
|
trusted library allocation
|
page read and write
|
||
|
1E83DCDB000
|
trusted library allocation
|
page read and write
|
||
|
1E83CA20000
|
heap
|
page read and write
|
||
|
7FF9BC3B4000
|
trusted library allocation
|
page read and write
|
||
|
1E84CD17000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC16A000
|
trusted library allocation
|
page read and write
|
||
|
7DF411320000
|
trusted library allocation
|
page execute and read and write
|
||
|
A74E67D000
|
stack
|
page read and write
|
||
|
1E83DE87000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFB4000
|
trusted library allocation
|
page read and write
|
||
|
1E854E79000
|
heap
|
page read and write
|
||
|
1E83E20D000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFD0000
|
trusted library allocation
|
page read and write
|
||
|
A74F4CA000
|
stack
|
page read and write
|
||
|
1E83DB79000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC260000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC1F0000
|
trusted library allocation
|
page read and write
|
||
|
1E83ADC0000
|
heap
|
page read and write
|
||
|
A74DE7E000
|
stack
|
page read and write
|
||
|
1E83E1FA000
|
trusted library allocation
|
page read and write
|
||
|
1E83AB66000
|
heap
|
page read and write
|
||
|
1E83E208000
|
trusted library allocation
|
page read and write
|
||
|
1E83AD50000
|
heap
|
page read and write
|
||
|
1E83DE83000
|
trusted library allocation
|
page read and write
|
||
|
1E855040000
|
heap
|
page execute and read and write
|
||
|
7FF9BC3D0000
|
trusted library allocation
|
page read and write
|
||
|
1E83AC60000
|
heap
|
page read and write
|
||
|
1E854BF5000
|
heap
|
page read and write
|
||
|
7FF9BC390000
|
trusted library allocation
|
page read and write
|
||
|
1E83ABBD000
|
heap
|
page read and write
|
||
|
A74E4FC000
|
stack
|
page read and write
|
||
|
7FF9BC300000
|
trusted library allocation
|
page read and write
|
||
|
A74E778000
|
stack
|
page read and write
|
||
|
1E83ABF0000
|
heap
|
page read and write
|
||
|
A74E8FE000
|
stack
|
page read and write
|
||
|
A74E17A000
|
stack
|
page read and write
|
||
|
A74DF7A000
|
stack
|
page read and write
|
||
|
1E854D00000
|
trusted library allocation
|
page read and write
|
||
|
A74E1F9000
|
stack
|
page read and write
|
||
|
1E83DD47000
|
trusted library allocation
|
page read and write
|
||
|
A74E2F8000
|
stack
|
page read and write
|
||
|
7FF9BC1B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC2D0000
|
trusted library allocation
|
page read and write
|
||
|
1E85501F000
|
heap
|
page read and write
|
||
|
7FF9BC2B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83DE8C000
|
trusted library allocation
|
page read and write
|
||
|
1E83CD7B000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC320000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9BC2E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC270000
|
trusted library allocation
|
page read and write
|
||
|
1E84CB51000
|
trusted library allocation
|
page read and write
|
||
|
1E855322000
|
heap
|
page read and write
|
||
|
1E854B8D000
|
heap
|
page read and write
|
||
|
7DF411310000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9BC180000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E854E30000
|
heap
|
page execute and read and write
|
||
|
A74DB3E000
|
stack
|
page read and write
|
||
|
1E83C900000
|
trusted library allocation
|
page read and write
|
||
|
1E854B94000
|
heap
|
page read and write
|
||
|
A74E9F8000
|
stack
|
page read and write
|
||
|
A74DEFD000
|
stack
|
page read and write
|
||
|
A74E878000
|
stack
|
page read and write
|
||
|
A74DBFE000
|
stack
|
page read and write
|
||
|
1E83DB5E000
|
trusted library allocation
|
page read and write
|
||
|
1E84CE41000
|
trusted library allocation
|
page read and write
|
||
|
A74F54C000
|
stack
|
page read and write
|
||
|
7FF9BC400000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC150000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC161000
|
trusted library allocation
|
page read and write
|
||
|
1E855032000
|
heap
|
page read and write
|
||
|
7FF9BC06C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83DE7D000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC450000
|
trusted library allocation
|
page read and write
|
||
|
A74F74D000
|
stack
|
page read and write
|
||
|
7FF9BC096000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83C910000
|
heap
|
page readonly
|
||
|
1E83EA30000
|
trusted library allocation
|
page read and write
|
||
|
1E83DB63000
|
trusted library allocation
|
page read and write
|
||
|
A74E3FE000
|
stack
|
page read and write
|
||
|
7FF9BC393000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC330000
|
trusted library allocation
|
page read and write
|
||
|
1E83D948000
|
trusted library allocation
|
page read and write
|
||
|
1E83ABA6000
|
heap
|
page read and write
|
||
|
1E83ADF5000
|
heap
|
page read and write
|
||
|
1E854B50000
|
heap
|
page read and write
|
||
|
1E854BF3000
|
heap
|
page read and write
|
||
|
A74E57C000
|
stack
|
page read and write
|
||
|
1E83D918000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC2F0000
|
trusted library allocation
|
page read and write
|
||
|
1E83CB40000
|
heap
|
page execute and read and write
|
||
|
1E855310000
|
heap
|
page read and write
|
||
|
7FF9BBFB2000
|
trusted library allocation
|
page read and write
|
||
|
A74F64B000
|
stack
|
page read and write
|
||
|
1E83E8BC000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC220000
|
trusted library allocation
|
page read and write
|
||
|
1E854F30000
|
heap
|
page read and write
|
||
|
1E83E8EE000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC310000
|
trusted library allocation
|
page read and write
|
||
|
1E854EAD000
|
heap
|
page read and write
|
||
|
1E84CD1E000
|
trusted library allocation
|
page read and write
|
||
|
A74E0FE000
|
stack
|
page read and write
|
||
|
A74E277000
|
stack
|
page read and write
|
||
|
1E83DE90000
|
trusted library allocation
|
page read and write
|
||
|
1E854E40000
|
heap
|
page read and write
|
||
|
1E83DB97000
|
trusted library allocation
|
page read and write
|
||
|
1E83DA98000
|
trusted library allocation
|
page read and write
|
||
|
1E83E94A000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC200000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC240000
|
trusted library allocation
|
page read and write
|
||
|
1E83DB67000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC4A0000
|
trusted library allocation
|
page read and write
|
||
|
1E854C4B000
|
heap
|
page read and write
|
||
|
7FF9BC1E0000
|
trusted library allocation
|
page read and write
|
||
|
1E83ADE0000
|
trusted library allocation
|
page read and write
|
||
|
1E854FF4000
|
heap
|
page read and write
|
||
|
7FF9BC1D0000
|
trusted library allocation
|
page read and write
|
||
|
1E83E204000
|
trusted library allocation
|
page read and write
|
||
|
1E83AAF0000
|
heap
|
page read and write
|
||
|
1E854D30000
|
heap
|
page read and write
|
||
|
1E83DE6A000
|
trusted library allocation
|
page read and write
|
||
|
1E8552F3000
|
heap
|
page read and write
|
||
|
1E83CA3D000
|
heap
|
page read and write
|
||
|
1E83DB59000
|
trusted library allocation
|
page read and write
|
||
|
1E83EA65000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC192000
|
trusted library allocation
|
page read and write
|
||
|
1E83ACD0000
|
heap
|
page read and write
|
||
|
1E83ABEB000
|
heap
|
page read and write
|
||
|
7FF9BC3CC000
|
trusted library allocation
|
page read and write
|
||
|
A74F88A000
|
stack
|
page read and write
|
||
|
7FF9BC1C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC480000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC3C8000
|
trusted library allocation
|
page read and write
|
||
|
1E84CB81000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC360000
|
trusted library allocation
|
page read and write
|
||
|
1E83DE6F000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC230000
|
trusted library allocation
|
page read and write
|
||
|
1E83EB36000
|
trusted library allocation
|
page read and write
|
||
|
A74F5CA000
|
stack
|
page read and write
|
||
|
7FF9BC210000
|
trusted library allocation
|
page read and write
|
||
|
1E83AB77000
|
heap
|
page read and write
|
||
|
1E854EB0000
|
heap
|
page read and write
|
||
|
1E83E7D9000
|
trusted library allocation
|
page read and write
|
||
|
A74F78E000
|
stack
|
page read and write
|
||
|
7FF9BC3C0000
|
trusted library allocation
|
page read and write
|
||
|
A74E6FE000
|
stack
|
page read and write
|
||
|
1E83DEA3000
|
trusted library allocation
|
page read and write
|
||
|
1E83C990000
|
trusted library allocation
|
page read and write
|
||
|
A74F80E000
|
stack
|
page read and write
|
||
|
1E83E1FF000
|
trusted library allocation
|
page read and write
|
||
|
1E83C950000
|
trusted library allocation
|
page read and write
|
||
|
1E83D92E000
|
trusted library allocation
|
page read and write
|
||
|
1E854E36000
|
heap
|
page execute and read and write
|
||
|
7FF9BC170000
|
trusted library allocation
|
page execute and read and write
|
||
|
A74E379000
|
stack
|
page read and write
|
||
|
7FF9BC490000
|
trusted library allocation
|
page execute and read and write
|
||
|
A74F44F000
|
stack
|
page read and write
|
||
|
7FF9BC3B9000
|
trusted library allocation
|
page read and write
|
||
|
1E83DC6F000
|
trusted library allocation
|
page read and write
|
||
|
1E84CBC8000
|
trusted library allocation
|
page read and write
|
||
|
1E854B9E000
|
heap
|
page read and write
|
||
|
1E83DB6C000
|
trusted library allocation
|
page read and write
|
||
|
1E84CE51000
|
trusted library allocation
|
page read and write
|
||
|
A74DFFB000
|
stack
|
page read and write
|
||
|
1E83CBD7000
|
trusted library allocation
|
page read and write
|
||
|
A74DBBE000
|
stack
|
page read and write
|
||
|
7FF9BC250000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC3F0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC060000
|
trusted library allocation
|
page read and write
|
||
|
A74E7FE000
|
stack
|
page read and write
|
||
|
A74E07F000
|
stack
|
page read and write
|
||
|
7FF9BC3E0000
|
trusted library allocation
|
page read and write
|
||
|
1E83ADF0000
|
heap
|
page read and write
|
||
|
A74E47E000
|
stack
|
page read and write
|
||
|
1E83A960000
|
heap
|
page read and write
|
||
|
A74E5FB000
|
stack
|
page read and write
|
||
|
1E83DE79000
|
trusted library allocation
|
page read and write
|
||
|
A74DAB4000
|
stack
|
page read and write
|
||
|
7FF9BC066000
|
trusted library allocation
|
page read and write
|
||
|
1E8552F8000
|
heap
|
page read and write
|
||
|
1E84CDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC1A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83EB98000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC370000
|
trusted library allocation
|
page read and write
|
||
|
1E83AB9C000
|
heap
|
page read and write
|
||
|
1E83ABE4000
|
heap
|
page read and write
|
||
|
1E8552F0000
|
heap
|
page read and write
|
||
|
1E854E5D000
|
heap
|
page read and write
|
||
|
7FF9BC198000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC453000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC460000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC0D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9BBFCB000
|
trusted library allocation
|
page read and write
|
||
|
1E83C920000
|
trusted library allocation
|
page read and write
|
||
|
1E85502D000
|
heap
|
page read and write
|
||
|
7FF9BC340000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E84CD2F000
|
trusted library allocation
|
page read and write
|
||
|
1E854FAD000
|
heap
|
page read and write
|
||
|
1E83D77B000
|
trusted library allocation
|
page read and write
|
||
|
1E83DE74000
|
trusted library allocation
|
page read and write
|
||
|
7DF411330000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83EADB000
|
trusted library allocation
|
page read and write
|
||
|
1E83DE95000
|
trusted library allocation
|
page read and write
|
||
|
1E855324000
|
heap
|
page read and write
|
||
|
1E854E84000
|
heap
|
page read and write
|
||
|
1E854E97000
|
heap
|
page read and write
|
||
|
1E84CD15000
|
trusted library allocation
|
page read and write
|
||
|
A74F408000
|
stack
|
page read and write
|
||
|
7FF9BC4B0000
|
trusted library allocation
|
page read and write
|
||
|
1E83C954000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC470000
|
trusted library allocation
|
page read and write
|
||
|
1E83E9AE000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BBFBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E83CB51000
|
trusted library allocation
|
page read and write
|
||
|
A74F6CE000
|
stack
|
page read and write
|
||
|
A74E978000
|
stack
|
page read and write
|
||
|
1E83ADC5000
|
heap
|
page read and write
|
||
|
7FF9BC350000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC380000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E854F54000
|
heap
|
page read and write
|
||
|
1E83EADD000
|
trusted library allocation
|
page read and write
|
||
|
7FF9BC280000
|
trusted library allocation
|
page read and write
|
There are 220 hidden memdumps, click here to show them.