Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO#86637.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO#86637.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp7AF2.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fyepece.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1zh2ec0p.2tx.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2l42hrkm.5di.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gug4f3b2.1io.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kihdwwr2.d4p.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ll4ia3nd.xnu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ocdxhmix.ws1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sdfpjben.qaz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmefsfy0.5ii.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp958F.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO#86637.exe
|
"C:\Users\user\Desktop\PO#86637.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#86637.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\Fyepece.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\Fyepece" /XML "C:\Users\user\AppData\Local\Temp\tmp7AF2.tmp"
|
|
|
|
C:\Users\user\Desktop\PO#86637.exe
|
"C:\Users\user\Desktop\PO#86637.exe"
|
|
|
|
C:\Users\user\Desktop\PO#86637.exe
|
"C:\Users\user\Desktop\PO#86637.exe"
|
|
|
|
C:\Users\user\Desktop\PO#86637.exe
|
"C:\Users\user\Desktop\PO#86637.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\Fyepece" /XML "C:\Users\user\AppData\Local\Temp\tmp958F.tmp"
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
"C:\Users\user\AppData\Roaming\Fyepece.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
"C:\Users\user\AppData\Roaming\Fyepece.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Fyepece.exe
|
"C:\Users\user\AppData\Roaming\Fyepece.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1400000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1522000
|
trusted library allocation
|
page read and write
|
||
|
855F000
|
stack
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
10E9000
|
stack
|
page read and write
|
||
|
1A8E000
|
direct allocation
|
page execute and read and write
|
||
|
164E000
|
heap
|
page read and write
|
||
|
5A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
3321000
|
trusted library allocation
|
page read and write
|
||
|
550A000
|
trusted library allocation
|
page read and write
|
||
|
1535000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
59DE000
|
trusted library allocation
|
page read and write
|
||
|
2E91000
|
trusted library allocation
|
page read and write
|
||
|
1876000
|
direct allocation
|
page execute and read and write
|
||
|
5330000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
78B5000
|
trusted library allocation
|
page read and write
|
||
|
DEAE000
|
stack
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
77A000
|
stack
|
page read and write
|
||
|
4369000
|
trusted library allocation
|
page read and write
|
||
|
4321000
|
trusted library allocation
|
page read and write
|
||
|
5F0E000
|
stack
|
page read and write
|
||
|
2E80000
|
heap
|
page execute and read and write
|
||
|
1BBD000
|
direct allocation
|
page execute and read and write
|
||
|
3E91000
|
trusted library allocation
|
page read and write
|
||
|
5ADF000
|
trusted library section
|
page readonly
|
||
|
A510000
|
trusted library section
|
page read and write
|
||
|
6160000
|
heap
|
page read and write
|
||
|
7CD5000
|
trusted library allocation
|
page read and write
|
||
|
A09D000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
1053000
|
heap
|
page read and write
|
||
|
1A27000
|
heap
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
7CAF000
|
stack
|
page read and write
|
||
|
7570000
|
heap
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
1526000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A10000
|
trusted library allocation
|
page read and write
|
||
|
D91E000
|
stack
|
page read and write
|
||
|
35D1000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DB5000
|
trusted library allocation
|
page read and write
|
||
|
A92000
|
unkown
|
page readonly
|
||
|
4E3D000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
59ED000
|
trusted library allocation
|
page read and write
|
||
|
7963000
|
heap
|
page read and write
|
||
|
18F0000
|
direct allocation
|
page execute and read and write
|
||
|
72DE000
|
heap
|
page read and write
|
||
|
59DA000
|
trusted library allocation
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
15B7000
|
direct allocation
|
page execute and read and write
|
||
|
78AE000
|
stack
|
page read and write
|
||
|
614D000
|
stack
|
page read and write
|
||
|
CDD000
|
stack
|
page read and write
|
||
|
58AF000
|
stack
|
page read and write
|
||
|
5516000
|
trusted library allocation
|
page read and write
|
||
|
7958000
|
heap
|
page read and write
|
||
|
1487000
|
heap
|
page read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
432D000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
5F4B000
|
stack
|
page read and write
|
||
|
FAD000
|
stack
|
page read and write
|
||
|
78C0000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
11E7000
|
stack
|
page read and write
|
||
|
151D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F01000
|
trusted library allocation
|
page read and write
|
||
|
DCAC000
|
stack
|
page read and write
|
||
|
1319000
|
trusted library allocation
|
page read and write
|
||
|
80AD000
|
stack
|
page read and write
|
||
|
6150000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
31FB000
|
trusted library allocation
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page read and write
|
||
|
F0D000
|
stack
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
3E9D000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
1532000
|
trusted library allocation
|
page read and write
|
||
|
156A000
|
heap
|
page read and write
|
||
|
2F3F000
|
trusted library allocation
|
page read and write
|
||
|
7ECE000
|
stack
|
page read and write
|
||
|
5522000
|
trusted library allocation
|
page read and write
|
||
|
77BE000
|
heap
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
5A40000
|
trusted library section
|
page readonly
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
309D000
|
stack
|
page read and write
|
||
|
177F000
|
stack
|
page read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
7FCE000
|
stack
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
B58000
|
unkown
|
page readonly
|
||
|
4B82000
|
trusted library allocation
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
757D000
|
heap
|
page read and write
|
||
|
551C000
|
stack
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
14FF000
|
stack
|
page read and write
|
||
|
54FB000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
5A60000
|
heap
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
1C38000
|
direct allocation
|
page execute and read and write
|
||
|
59E6000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7CD0000
|
trusted library allocation
|
page read and write
|
||
|
D71E000
|
stack
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
D5E000
|
unkown
|
page read and write
|
||
|
1861000
|
direct allocation
|
page execute and read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
31C4000
|
heap
|
page read and write
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
4EC4000
|
trusted library allocation
|
page read and write
|
||
|
1335000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
4D2E000
|
trusted library allocation
|
page read and write
|
||
|
4CA6000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
1BA1000
|
direct allocation
|
page execute and read and write
|
||
|
D8DE000
|
stack
|
page read and write
|
||
|
59CB000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
550E000
|
trusted library allocation
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
5324000
|
heap
|
page read and write
|
||
|
15B0000
|
direct allocation
|
page execute and read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
7D3E000
|
stack
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
12DA000
|
direct allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
5375000
|
trusted library allocation
|
page read and write
|
||
|
1326000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F4000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
1636000
|
direct allocation
|
page execute and read and write
|
||
|
758D000
|
heap
|
page read and write
|
||
|
5A40000
|
heap
|
page execute and read and write
|
||
|
A90000
|
unkown
|
page readonly
|
||
|
7560000
|
trusted library allocation
|
page read and write
|
||
|
337B000
|
trusted library allocation
|
page read and write
|
||
|
46F2000
|
trusted library allocation
|
page read and write
|
||
|
A7F000
|
unkown
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
1303000
|
trusted library allocation
|
page execute and read and write
|
||
|
1504000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
79D2000
|
trusted library allocation
|
page read and write
|
||
|
D62E000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
8310000
|
trusted library allocation
|
page execute and read and write
|
||
|
1332000
|
trusted library allocation
|
page read and write
|
||
|
DDC000
|
stack
|
page read and write
|
||
|
19FE000
|
stack
|
page read and write
|
||
|
131D000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A0000
|
trusted library allocation
|
page read and write
|
||
|
73D0000
|
trusted library allocation
|
page read and write
|
||
|
317B000
|
stack
|
page read and write
|
||
|
8320000
|
heap
|
page read and write
|
||
|
5CCE000
|
stack
|
page read and write
|
||
|
81AF000
|
stack
|
page read and write
|
||
|
5AC0000
|
heap
|
page read and write
|
||
|
58EE000
|
stack
|
page read and write
|
||
|
1322000
|
trusted library allocation
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
5380000
|
heap
|
page execute and read and write
|
||
|
7905000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
FBF000
|
heap
|
page read and write
|
||
|
7930000
|
heap
|
page read and write
|
||
|
1304000
|
trusted library allocation
|
page read and write
|
||
|
74D0000
|
trusted library allocation
|
page read and write
|
||
|
BEA000
|
stack
|
page read and write
|
||
|
5AD0000
|
trusted library section
|
page readonly
|
||
|
339D000
|
trusted library allocation
|
page read and write
|
||
|
2F99000
|
trusted library allocation
|
page read and write
|
||
|
1516000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
5340000
|
trusted library allocation
|
page read and write
|
||
|
14CE000
|
stack
|
page read and write
|
||
|
FAE000
|
heap
|
page read and write
|
||
|
1074000
|
heap
|
page read and write
|
||
|
1519000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
1594000
|
heap
|
page read and write
|
||
|
3E99000
|
trusted library allocation
|
page read and write
|
||
|
130D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
6184000
|
heap
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
A3E000
|
unkown
|
page read and write
|
||
|
5A3B000
|
stack
|
page read and write
|
||
|
133B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7900000
|
trusted library allocation
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
19FF000
|
stack
|
page read and write
|
||
|
5A15000
|
trusted library allocation
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
1316000
|
trusted library allocation
|
page read and write
|
||
|
14D8000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FE0000
|
heap
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
5C8F000
|
stack
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
157F000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
1A20000
|
heap
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
1BB6000
|
direct allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
12FD000
|
stack
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
2E5B000
|
stack
|
page read and write
|
||
|
1A00000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
12B0000
|
direct allocation
|
page read and write
|
||
|
15D6000
|
direct allocation
|
page execute and read and write
|
||
|
132A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
5FD0000
|
heap
|
page read and write
|
||
|
7CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
845E000
|
stack
|
page read and write
|
||
|
182F000
|
stack
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
78B0000
|
trusted library allocation
|
page read and write
|
||
|
77B0000
|
heap
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
55C5000
|
heap
|
page read and write
|
||
|
9DA000
|
stack
|
page read and write
|
||
|
1A1D000
|
direct allocation
|
page execute and read and write
|
||
|
7430000
|
trusted library section
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
4F8C000
|
stack
|
page read and write
|
||
|
153B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
7DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59C4000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page execute and read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
75BF000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
FE2000
|
heap
|
page read and write
|
||
|
797A000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
DA20000
|
heap
|
page read and write
|
||
|
59E1000
|
trusted library allocation
|
page read and write
|
||
|
7410000
|
trusted library allocation
|
page read and write
|
||
|
1503000
|
trusted library allocation
|
page execute and read and write
|
||
|
187F000
|
stack
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
66C0000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
4351000
|
trusted library allocation
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
4C14000
|
trusted library allocation
|
page read and write
|
||
|
5A43000
|
heap
|
page execute and read and write
|
||
|
1480000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
FA8000
|
heap
|
page read and write
|
||
|
82EC000
|
stack
|
page read and write
|
||
|
DDAC000
|
stack
|
page read and write
|
||
|
99D000
|
stack
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7946000
|
heap
|
page read and write
|
||
|
16D9000
|
direct allocation
|
page execute and read and write
|
||
|
D9F000
|
unkown
|
page read and write
|
||
|
77AF000
|
stack
|
page read and write
|
||
|
4329000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
16D3000
|
direct allocation
|
page execute and read and write
|
||
|
5FF0000
|
trusted library allocation
|
page read and write
|
||
|
315A000
|
trusted library allocation
|
page read and write
|
||
|
1A19000
|
direct allocation
|
page execute and read and write
|
||
|
4B69000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page execute and read and write
|
||
|
5383000
|
heap
|
page execute and read and write
|
||
|
313B000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
541F000
|
stack
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
75BD000
|
heap
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
59F2000
|
trusted library allocation
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
187D000
|
direct allocation
|
page execute and read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
59EF000
|
stack
|
page read and write
|
||
|
81EC000
|
stack
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
1672000
|
direct allocation
|
page execute and read and write
|
||
|
D5A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
551D000
|
trusted library allocation
|
page read and write
|
||
|
5A50000
|
heap
|
page read and write
|
||
|
15A1000
|
heap
|
page read and write
|
||
|
1537000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
794A000
|
heap
|
page read and write
|
||
|
5370000
|
trusted library allocation
|
page read and write
|
||
|
5AA0000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
DA1F000
|
stack
|
page read and write
|
||
|
1337000
|
trusted library allocation
|
page execute and read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
75BA000
|
heap
|
page read and write
|
||
|
12AE000
|
stack
|
page read and write
|
||
|
42D000
|
remote allocation
|
page execute and read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
heap
|
page execute and read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
CFF000
|
stack
|
page read and write
|
||
|
7925000
|
trusted library allocation
|
page read and write
|
||
|
152A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5511000
|
trusted library allocation
|
page read and write
|
||
|
5A80000
|
heap
|
page execute and read and write
|
||
|
1630000
|
direct allocation
|
page execute and read and write
|
||
|
5DCF000
|
stack
|
page read and write
|
There are 347 hidden memdumps, click here to show them.