Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HBL.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp6885.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\XDumSzEQZIQ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GUIVTme.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HBL.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XDumSzEQZIQ.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4y1vi2tm.owr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2p12e4d.cpa.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eyqegz30.n2g.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_isgwbly3.snc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j45letik.ypk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rfbvyggt.doc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukkit2ig.gyg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ysqhigip.rab.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp84D7.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\XDumSzEQZIQ.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HBL.exe
|
"C:\Users\user\Desktop\HBL.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\HBL.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\XDumSzEQZIQ.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\XDumSzEQZIQ" /XML "C:\Users\user\AppData\Local\Temp\tmp6885.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\XDumSzEQZIQ.exe
|
C:\Users\user\AppData\Roaming\XDumSzEQZIQ.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\XDumSzEQZIQ" /XML "C:\Users\user\AppData\Local\Temp\tmp84D7.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe
|
"C:\Users\user\AppData\Roaming\GUIVTme\GUIVTme.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.unitechautomations.com
|
unknown
|
||
|
http://www.ctvnews.ca/rss/business/ctv-news-business-headlines-1.867648
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.ctvnews.ca/rss/ctvnews-ca-top-stories-public-rss-1.822009
|
unknown
|
||
|
http://xml.weather.yahoo.com/ns/rss/1.0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://weather.yahooapis.com/forecastrss?w=4118
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.unitechautomations.com
|
192.185.129.60
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.129.60
|
mail.unitechautomations.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
GUIVTme
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E19000
|
trusted library allocation
|
page read and write
|
|
|
|
465D000
|
trusted library allocation
|
page read and write
|
|
|
|
2D82000
|
trusted library allocation
|
page read and write
|
|
|
|
2E11000
|
trusted library allocation
|
page read and write
|
|
|
|
2D31000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2D8A000
|
trusted library allocation
|
page read and write
|
|
|
|
434E000
|
trusted library allocation
|
page read and write
|
|
|
|
2DAC000
|
trusted library allocation
|
page read and write
|
|
|
|
D40F000
|
stack
|
page read and write
|
||
|
D1D0000
|
heap
|
page read and write
|
||
|
4F50000
|
heap
|
page execute and read and write
|
||
|
51B2000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
4213000
|
trusted library allocation
|
page read and write
|
||
|
1116000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B70000
|
heap
|
page read and write
|
||
|
5A60000
|
trusted library allocation
|
page read and write
|
||
|
62CF000
|
stack
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page execute and read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
563C000
|
stack
|
page read and write
|
||
|
4CC3000
|
heap
|
page read and write
|
||
|
85C000
|
heap
|
page read and write
|
||
|
6B10000
|
trusted library allocation
|
page read and write
|
||
|
2964000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
4B6E000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
4E22000
|
trusted library allocation
|
page read and write
|
||
|
40FB000
|
trusted library allocation
|
page read and write
|
||
|
6237000
|
trusted library allocation
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
6D60000
|
trusted library section
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
3DE1000
|
trusted library allocation
|
page read and write
|
||
|
D58D000
|
stack
|
page read and write
|
||
|
222000
|
unkown
|
page readonly
|
||
|
4BA0000
|
trusted library allocation
|
page read and write
|
||
|
41C5000
|
trusted library allocation
|
page read and write
|
||
|
5350000
|
trusted library allocation
|
page read and write
|
||
|
D1CD000
|
stack
|
page read and write
|
||
|
121E000
|
stack
|
page read and write
|
||
|
AA2000
|
trusted library allocation
|
page read and write
|
||
|
4C29000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
2AA7000
|
trusted library allocation
|
page execute and read and write
|
||
|
128A000
|
heap
|
page read and write
|
||
|
B47000
|
trusted library allocation
|
page execute and read and write
|
||
|
5430000
|
heap
|
page read and write
|
||
|
2D80000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
10FF000
|
heap
|
page read and write
|
||
|
6320000
|
trusted library allocation
|
page read and write
|
||
|
24FB000
|
stack
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
6E90000
|
trusted library allocation
|
page read and write
|
||
|
4DA8000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
D68E000
|
stack
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
B2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E0F000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
4D8D000
|
trusted library allocation
|
page read and write
|
||
|
6DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
220000
|
unkown
|
page readonly
|
||
|
4B7D000
|
trusted library allocation
|
page read and write
|
||
|
61A0000
|
heap
|
page read and write
|
||
|
CEAE000
|
stack
|
page read and write
|
||
|
4D86000
|
trusted library allocation
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
2A7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E29000
|
trusted library allocation
|
page read and write
|
||
|
1397000
|
trusted library allocation
|
page execute and read and write
|
||
|
2790000
|
trusted library allocation
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
5192000
|
trusted library allocation
|
page read and write
|
||
|
52F2000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
582F000
|
stack
|
page read and write
|
||
|
6DA0000
|
trusted library section
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
B14000
|
trusted library allocation
|
page read and write
|
||
|
51C4000
|
trusted library allocation
|
page read and write
|
||
|
6090000
|
heap
|
page read and write
|
||
|
61F9000
|
heap
|
page read and write
|
||
|
13B0000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
814000
|
heap
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
5527000
|
trusted library allocation
|
page read and write
|
||
|
2BBA000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
712E000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page read and write
|
||
|
5518000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
trusted library allocation
|
page read and write
|
||
|
4D81000
|
trusted library allocation
|
page read and write
|
||
|
53EE000
|
stack
|
page read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
3DA1000
|
trusted library allocation
|
page read and write
|
||
|
4E2D000
|
trusted library allocation
|
page read and write
|
||
|
7112000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
heap
|
page execute and read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
50F5000
|
heap
|
page read and write
|
||
|
470C000
|
stack
|
page read and write
|
||
|
AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
DA5E000
|
stack
|
page read and write
|
||
|
B20000
|
trusted library allocation
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
D9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5980000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
42FE000
|
trusted library allocation
|
page read and write
|
||
|
1359000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2690000
|
heap
|
page execute and read and write
|
||
|
52EB000
|
trusted library allocation
|
page read and write
|
||
|
430E000
|
trusted library allocation
|
page read and write
|
||
|
4E10000
|
heap
|
page read and write
|
||
|
CC6E000
|
stack
|
page read and write
|
||
|
AF7000
|
heap
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A92000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
D68000
|
stack
|
page read and write
|
||
|
6930000
|
heap
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
6B8E000
|
heap
|
page read and write
|
||
|
4D60000
|
trusted library allocation
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
676E000
|
stack
|
page read and write
|
||
|
30DB000
|
heap
|
page read and write
|
||
|
28FB000
|
stack
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
26F8000
|
trusted library allocation
|
page read and write
|
||
|
2F3E000
|
unkown
|
page read and write
|
||
|
732F000
|
stack
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
2DA1000
|
trusted library allocation
|
page read and write
|
||
|
D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E2000
|
heap
|
page read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
5301000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
6F25000
|
trusted library allocation
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
D54E000
|
stack
|
page read and write
|
||
|
5988000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
B4B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2611000
|
trusted library allocation
|
page read and write
|
||
|
7F3B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
54EC000
|
stack
|
page read and write
|
||
|
27A5000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F7000
|
stack
|
page read and write
|
||
|
1390000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
10CE000
|
stack
|
page read and write
|
||
|
5A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AE7000
|
trusted library allocation
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
1148000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page read and write
|
||
|
51AD000
|
trusted library allocation
|
page read and write
|
||
|
3FEE000
|
trusted library allocation
|
page read and write
|
||
|
577E000
|
stack
|
page read and write
|
||
|
5326000
|
trusted library allocation
|
page read and write
|
||
|
6D90000
|
trusted library section
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
2A90000
|
trusted library allocation
|
page read and write
|
||
|
702E000
|
stack
|
page read and write
|
||
|
10E0000
|
trusted library allocation
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
2AAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
518B000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
598000
|
unkown
|
page readonly
|
||
|
86B000
|
heap
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
5080000
|
heap
|
page read and write
|
||
|
B1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
A1E000
|
heap
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
3F5000
|
heap
|
page read and write
|
||
|
CDAE000
|
stack
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
2A24000
|
trusted library allocation
|
page read and write
|
||
|
5403000
|
heap
|
page read and write
|
||
|
6DCF000
|
stack
|
page read and write
|
||
|
D60000
|
trusted library allocation
|
page read and write
|
||
|
A18000
|
heap
|
page read and write
|
||
|
1470000
|
trusted library allocation
|
page read and write
|
||
|
2B86000
|
trusted library allocation
|
page read and write
|
||
|
BCA000
|
stack
|
page read and write
|
||
|
2B60000
|
heap
|
page execute and read and write
|
||
|
3B5000
|
heap
|
page read and write
|
||
|
E25000
|
heap
|
page read and write
|
||
|
6950000
|
heap
|
page read and write
|
||
|
D14C000
|
stack
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
5330000
|
trusted library allocation
|
page read and write
|
||
|
4B80000
|
trusted library allocation
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
5324000
|
trusted library allocation
|
page read and write
|
||
|
69A0000
|
heap
|
page read and write
|
||
|
D82000
|
trusted library allocation
|
page read and write
|
||
|
6FE0000
|
trusted library allocation
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
D30D000
|
stack
|
page read and write
|
||
|
5400000
|
heap
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
61CC000
|
trusted library allocation
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
7FB20000
|
trusted library allocation
|
page execute and read and write
|
||
|
779F000
|
stack
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
522C000
|
stack
|
page read and write
|
||
|
3D59000
|
trusted library allocation
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
2B7D000
|
stack
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2FCE000
|
unkown
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
61EB000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page execute and read and write
|
||
|
5997000
|
trusted library allocation
|
page read and write
|
||
|
A83000
|
trusted library allocation
|
page execute and read and write
|
||
|
1097000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
4C70000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page read and write
|
||
|
7EF50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AA2000
|
trusted library allocation
|
page read and write
|
||
|
1363000
|
trusted library allocation
|
page execute and read and write
|
||
|
461E000
|
trusted library allocation
|
page read and write
|
||
|
518E000
|
trusted library allocation
|
page read and write
|
||
|
3F03000
|
trusted library allocation
|
page read and write
|
||
|
650E000
|
stack
|
page read and write
|
||
|
519E000
|
trusted library allocation
|
page read and write
|
||
|
78DE000
|
stack
|
page read and write
|
||
|
A84000
|
trusted library allocation
|
page read and write
|
||
|
64CE000
|
stack
|
page read and write
|
||
|
6310000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
3E08000
|
trusted library allocation
|
page read and write
|
||
|
D8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
1235000
|
trusted library allocation
|
page execute and read and write
|
||
|
56EE000
|
stack
|
page read and write
|
||
|
D73000
|
trusted library allocation
|
page read and write
|
||
|
4C74000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2711000
|
trusted library allocation
|
page read and write
|
||
|
2DE1000
|
trusted library allocation
|
page read and write
|
||
|
51D5000
|
heap
|
page read and write
|
||
|
4C0000
|
unkown
|
page readonly
|
||
|
A81000
|
heap
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
249C000
|
stack
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
4D64000
|
trusted library allocation
|
page read and write
|
||
|
1347000
|
heap
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
77F000
|
heap
|
page read and write
|
||
|
546E000
|
stack
|
page read and write
|
||
|
123B000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B0000
|
heap
|
page execute and read and write
|
||
|
D86000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
4E7C000
|
stack
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
557E000
|
stack
|
page read and write
|
||
|
76A000
|
heap
|
page read and write
|
||
|
145C000
|
stack
|
page read and write
|
||
|
5170000
|
trusted library allocation
|
page read and write
|
||
|
7F580000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
6DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E40000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
5A7C000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
trusted library allocation
|
page read and write
|
||
|
596C000
|
stack
|
page read and write
|
||
|
28BF000
|
stack
|
page read and write
|
||
|
4B54000
|
trusted library allocation
|
page read and write
|
||
|
B13000
|
trusted library allocation
|
page execute and read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
81B000
|
heap
|
page read and write
|
||
|
4E45000
|
trusted library allocation
|
page read and write
|
||
|
3DA9000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
4CA0000
|
trusted library section
|
page readonly
|
||
|
5090000
|
heap
|
page read and write
|
||
|
D3E000
|
stack
|
page read and write
|
||
|
E36000
|
heap
|
page read and write
|
||
|
AEF000
|
heap
|
page read and write
|
||
|
D28E000
|
stack
|
page read and write
|
||
|
4272000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
2BC000
|
stack
|
page read and write
|
||
|
A010000
|
trusted library section
|
page read and write
|
||
|
5A78000
|
trusted library allocation
|
page read and write
|
||
|
3B9000
|
stack
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
4DC0000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page execute and read and write
|
||
|
53E0000
|
heap
|
page execute and read and write
|
||
|
2A8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4178000
|
trusted library allocation
|
page read and write
|
||
|
B24000
|
trusted library allocation
|
page read and write
|
||
|
52E6000
|
trusted library allocation
|
page read and write
|
||
|
52E4000
|
trusted library allocation
|
page read and write
|
||
|
301A000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
2C2C000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
240E000
|
stack
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3619000
|
trusted library allocation
|
page read and write
|
||
|
D3CE000
|
stack
|
page read and write
|
||
|
5306000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
A44000
|
heap
|
page read and write
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page execute and read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
D91C000
|
stack
|
page read and write
|
||
|
2E25000
|
trusted library allocation
|
page read and write
|
||
|
D2CE000
|
stack
|
page read and write
|
||
|
60EE000
|
heap
|
page read and write
|
||
|
EFA000
|
stack
|
page read and write
|
||
|
622D000
|
stack
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
4C8F000
|
stack
|
page read and write
|
||
|
BED000
|
stack
|
page read and write
|
||
|
22A000
|
unkown
|
page readonly
|
||
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C2000
|
unkown
|
page readonly
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
722F000
|
stack
|
page read and write
|
||
|
52E0000
|
trusted library allocation
|
page read and write
|
||
|
2B50000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
C6A000
|
stack
|
page read and write
|
||
|
5A64000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
1345000
|
heap
|
page read and write
|
||
|
D44E000
|
stack
|
page read and write
|
||
|
3D99000
|
trusted library allocation
|
page read and write
|
||
|
2D97000
|
trusted library allocation
|
page read and write
|
||
|
4C2D000
|
trusted library allocation
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
2865000
|
trusted library allocation
|
page read and write
|
||
|
937000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
110A000
|
heap
|
page read and write
|
||
|
D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
6960000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E3A000
|
stack
|
page read and write
|
||
|
1112000
|
trusted library allocation
|
page read and write
|
||
|
D18D000
|
stack
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page execute and read and write
|
||
|
10E7000
|
heap
|
page read and write
|
||
|
4B50000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
52FE000
|
trusted library allocation
|
page read and write
|
||
|
7F8000
|
heap
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
CD6E000
|
stack
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5090000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D90000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
2A96000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A1E000
|
heap
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
6930000
|
heap
|
page read and write
|
||
|
4E8F000
|
stack
|
page read and write
|
||
|
D95E000
|
stack
|
page read and write
|
||
|
2715000
|
trusted library allocation
|
page read and write
|
||
|
4C40000
|
trusted library allocation
|
page read and write
|
||
|
58BD000
|
stack
|
page read and write
|
||
|
4DAB000
|
stack
|
page read and write
|
||
|
4BA5000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
660E000
|
stack
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
52FA000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
530D000
|
trusted library allocation
|
page read and write
|
||
|
56BF000
|
stack
|
page read and write
|
||
|
4C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
291A000
|
trusted library allocation
|
page read and write
|
||
|
2B78000
|
trusted library allocation
|
page read and write
|
||
|
6C40000
|
heap
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
4DE0000
|
heap
|
page execute and read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
A93000
|
trusted library allocation
|
page read and write
|
||
|
586D000
|
stack
|
page read and write
|
||
|
B14000
|
trusted library allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4DA3000
|
heap
|
page read and write
|
||
|
4B82000
|
trusted library allocation
|
page read and write
|
||
|
2AA5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
E91000
|
heap
|
page read and write
|
||
|
4177000
|
trusted library allocation
|
page read and write
|
||
|
52EE000
|
trusted library allocation
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
D92000
|
trusted library allocation
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
6940000
|
trusted library allocation
|
page execute and read and write
|
||
|
137D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
D04B000
|
stack
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
2874000
|
trusted library allocation
|
page read and write
|
||
|
A9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DC0000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
110D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B16000
|
trusted library allocation
|
page read and write
|
||
|
AB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
542E000
|
stack
|
page read and write
|
||
|
DB8000
|
heap
|
page read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
2921000
|
trusted library allocation
|
page read and write
|
||
|
5414000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
5000000
|
trusted library allocation
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
D0CD000
|
stack
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
4D92000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
52F5000
|
trusted library allocation
|
page read and write
|
||
|
ABB000
|
trusted library allocation
|
page execute and read and write
|
||
|
519A000
|
trusted library allocation
|
page read and write
|
||
|
EA3000
|
heap
|
page read and write
|
||
|
6B5F000
|
heap
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
CB0D000
|
stack
|
page read and write
|
||
|
5920000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
136D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5253000
|
heap
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
260F000
|
stack
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
10F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
34A000
|
stack
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
6B69000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
AA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
36A1000
|
trusted library allocation
|
page read and write
|
||
|
4C22000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
4075000
|
trusted library allocation
|
page read and write
|
||
|
527E000
|
stack
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
10F4000
|
trusted library allocation
|
page read and write
|
||
|
83A000
|
stack
|
page read and write
|
||
|
2910000
|
heap
|
page execute and read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
5530000
|
heap
|
page execute and read and write
|
||
|
26A1000
|
trusted library allocation
|
page read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
B03000
|
heap
|
page read and write
|
||
|
D81B000
|
stack
|
page read and write
|
||
|
139B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5312000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
6230000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
BA5000
|
heap
|
page read and write
|
||
|
42EE000
|
trusted library allocation
|
page read and write
|
||
|
3929000
|
trusted library allocation
|
page read and write
|
||
|
24C0000
|
trusted library allocation
|
page read and write
|
||
|
60FF000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
AB2000
|
trusted library allocation
|
page read and write
|
||
|
1302000
|
heap
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
4B71000
|
trusted library allocation
|
page read and write
|
||
|
4B76000
|
trusted library allocation
|
page read and write
|
||
|
4A1C000
|
stack
|
page read and write
|
||
|
CC0D000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library section
|
page readonly
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
2900000
|
trusted library allocation
|
page read and write
|
||
|
506B000
|
stack
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
1116000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
2A73000
|
trusted library allocation
|
page execute and read and write
|
||
|
F55000
|
heap
|
page read and write
|
||
|
2428000
|
trusted library allocation
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
4E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
61E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
608D000
|
stack
|
page read and write
|
||
|
129F000
|
stack
|
page read and write
|
||
|
6E50000
|
trusted library allocation
|
page read and write
|
||
|
3921000
|
trusted library allocation
|
page read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
1237000
|
trusted library allocation
|
page execute and read and write
|
||
|
5990000
|
trusted library allocation
|
page read and write
|
||
|
A53000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
5186000
|
trusted library allocation
|
page read and write
|
||
|
245F000
|
stack
|
page read and write
|
||
|
3D31000
|
trusted library allocation
|
page read and write
|
||
|
4D7E000
|
trusted library allocation
|
page read and write
|
||
|
4B90000
|
trusted library allocation
|
page read and write
|
||
|
3D39000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
572E000
|
stack
|
page read and write
|
||
|
DDA000
|
heap
|
page read and write
|
||
|
51A1000
|
trusted library allocation
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
1268000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
B25000
|
heap
|
page read and write
|
||
|
1374000
|
trusted library allocation
|
page read and write
|
||
|
111A000
|
trusted library allocation
|
page execute and read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
2500000
|
heap
|
page execute and read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
41F5000
|
trusted library allocation
|
page read and write
|
||
|
300E000
|
unkown
|
page read and write
|
||
|
1232000
|
trusted library allocation
|
page read and write
|
||
|
2E0D000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
heap
|
page read and write
|
||
|
50F0000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
DE7000
|
heap
|
page read and write
|
||
|
5410000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
4FF0000
|
trusted library allocation
|
page read and write
|
||
|
51A6000
|
trusted library allocation
|
page read and write
|
||
|
3611000
|
trusted library allocation
|
page read and write
|
||
|
D97000
|
trusted library allocation
|
page execute and read and write
|
||
|
6FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
65B0000
|
trusted library allocation
|
page read and write
|
||
|
1364000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
765E000
|
stack
|
page read and write
|
||
|
538C000
|
stack
|
page read and write
|
||
|
AEF000
|
stack
|
page read and write
|
||
|
3DC9000
|
trusted library allocation
|
page read and write
|
||
|
52DD000
|
stack
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page read and write
|
||
|
6E00000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
24E0000
|
heap
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page execute and read and write
|
||
|
132C000
|
heap
|
page read and write
|
||
|
4A50000
|
heap
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
There are 647 hidden memdumps, click here to show them.