Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
MSBuild.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\MPGPH131\MPGPH131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
|
ASCII text, with no line terminators
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\MSBuild.exe
|
"C:\Users\user\Desktop\MSBuild.exe"
|
||
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
|
||
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
|
||
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
||
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
||
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
||
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
|
unknown
|
||
http://www.winimage.com/zLibDll
|
unknown
|
||
https://t.me/RiseProSUPPORT
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
193.233.132.62
|
unknown
|
Russian Federation
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RageMP131
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
4C30000
|
direct allocation
|
page read and write
|
||
4EF0000
|
direct allocation
|
page read and write
|
||
50B0000
|
direct allocation
|
page read and write
|
||
5180000
|
direct allocation
|
page read and write
|
||
E21000
|
unkown
|
page execute and read and write
|
||
381000
|
unkown
|
page execute and read and write
|
||
E21000
|
unkown
|
page execute and read and write
|
||
771000
|
unkown
|
page execute and read and write
|
||
381000
|
unkown
|
page execute and read and write
|
||
4C50000
|
direct allocation
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
A2E000
|
unkown
|
page execute and read and write
|
||
332F000
|
stack
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
76C000
|
unkown
|
page execute and write copy
|
||
483E000
|
stack
|
page read and write
|
||
324F000
|
stack
|
page read and write
|
||
496E000
|
stack
|
page read and write
|
||
EED000
|
heap
|
page read and write
|
||
4C20000
|
direct allocation
|
page read and write
|
||
4ABE000
|
stack
|
page read and write
|
||
5120000
|
direct allocation
|
page execute and read and write
|
||
37BF000
|
stack
|
page read and write
|
||
496F000
|
stack
|
page read and write
|
||
442F000
|
stack
|
page read and write
|
||
11B4000
|
unkown
|
page execute and read and write
|
||
4A7F000
|
stack
|
page read and write
|
||
367F000
|
stack
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
151A000
|
heap
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
4BC000
|
unkown
|
page execute and read and write
|
||
47C0000
|
heap
|
page read and write
|
||
14D8000
|
heap
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
67C000
|
stack
|
page read and write
|
||
357E000
|
stack
|
page read and write
|
||
3D8F000
|
stack
|
page read and write
|
||
346E000
|
stack
|
page read and write
|
||
2F6B000
|
stack
|
page read and write
|
||
5380000
|
direct allocation
|
page execute and read and write
|
||
350E000
|
stack
|
page read and write
|
||
120C000
|
unkown
|
page execute and write copy
|
||
4E30000
|
direct allocation
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
5340000
|
direct allocation
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
5340000
|
direct allocation
|
page execute and read and write
|
||
351E000
|
stack
|
page read and write
|
||
5360000
|
direct allocation
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
47C1000
|
heap
|
page read and write
|
||
F32000
|
heap
|
page read and write
|
||
3C9E000
|
stack
|
page read and write
|
||
E20000
|
unkown
|
page readonly
|
||
4C11000
|
heap
|
page read and write
|
||
3FAE000
|
stack
|
page read and write
|
||
302F000
|
stack
|
page read and write
|
||
366F000
|
stack
|
page read and write
|
||
31EE000
|
stack
|
page read and write
|
||
5320000
|
direct allocation
|
page execute and read and write
|
||
EFE000
|
stack
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
360F000
|
stack
|
page read and write
|
||
3E6E000
|
stack
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
36EE000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
CFD000
|
stack
|
page read and write
|
||
433E000
|
stack
|
page read and write
|
||
4E40000
|
direct allocation
|
page execute and read and write
|
||
4DC0000
|
direct allocation
|
page execute and read and write
|
||
406F000
|
stack
|
page read and write
|
||
4D00000
|
heap
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
4C8B000
|
stack
|
page read and write
|
||
310F000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
4E70000
|
direct allocation
|
page execute and read and write
|
||
51EF000
|
stack
|
page read and write
|
||
3BBE000
|
stack
|
page read and write
|
||
4E60000
|
direct allocation
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
404E000
|
stack
|
page read and write
|
||
75D000
|
unkown
|
page execute and read and write
|
||
D54000
|
heap
|
page read and write
|
||
454E000
|
stack
|
page read and write
|
||
35AE000
|
stack
|
page read and write
|
||
52BF000
|
stack
|
page read and write
|
||
99C000
|
stack
|
page read and write
|
||
F2A000
|
heap
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
4E50000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
F20000
|
heap
|
page read and write
|
||
3DEF000
|
stack
|
page read and write
|
||
534B000
|
heap
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
436E000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
50C0000
|
direct allocation
|
page execute and read and write
|
||
F58000
|
unkown
|
page write copy
|
||
5110000
|
direct allocation
|
page execute and read and write
|
||
46FE000
|
stack
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
3AAE000
|
stack
|
page read and write
|
||
2F20000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
120B000
|
unkown
|
page execute and read and write
|
||
41EF000
|
stack
|
page read and write
|
||
4E80000
|
direct allocation
|
page execute and read and write
|
||
11F2000
|
unkown
|
page execute and read and write
|
||
E00000
|
heap
|
page read and write
|
||
11F2000
|
unkown
|
page execute and read and write
|
||
401F000
|
stack
|
page read and write
|
||
E21000
|
unkown
|
page execute and write copy
|
||
12E5000
|
heap
|
page read and write
|
||
1518000
|
heap
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
1510000
|
heap
|
page read and write
|
||
3B1F000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
4D90000
|
direct allocation
|
page execute and read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
12E7000
|
heap
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
DD0000
|
heap
|
page read and write
|
||
4C20000
|
direct allocation
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
329E000
|
stack
|
page read and write
|
||
2ABF000
|
stack
|
page read and write
|
||
8A8000
|
unkown
|
page write copy
|
||
DF0000
|
direct allocation
|
page read and write
|
||
714000
|
unkown
|
page execute and read and write
|
||
C95000
|
heap
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
53E0000
|
direct allocation
|
page execute and read and write
|
||
4C11000
|
heap
|
page read and write
|
||
40BE000
|
stack
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
379E000
|
stack
|
page read and write
|
||
472E000
|
stack
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
F20000
|
heap
|
page read and write
|
||
3CFE000
|
stack
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
5080000
|
direct allocation
|
page execute and read and write
|
||
38EF000
|
stack
|
page read and write
|
||
47A0000
|
heap
|
page read and write
|
||
B5B000
|
unkown
|
page execute and write copy
|
||
11FD000
|
unkown
|
page execute and read and write
|
||
752000
|
unkown
|
page execute and read and write
|
||
4791000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
DFC000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
5140000
|
direct allocation
|
page execute and read and write
|
||
456F000
|
stack
|
page read and write
|
||
76B000
|
unkown
|
page execute and read and write
|
||
479F000
|
stack
|
page read and write
|
||
2B3E000
|
stack
|
page read and write
|
||
4D83000
|
direct allocation
|
page read and write
|
||
12E5000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
325F000
|
stack
|
page read and write
|
||
464F000
|
stack
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
2B57000
|
heap
|
page read and write
|
||
10DE000
|
unkown
|
page execute and read and write
|
||
4AEE000
|
stack
|
page read and write
|
||
2B4F000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
4EA0000
|
direct allocation
|
page execute and read and write
|
||
8AC000
|
unkown
|
page execute and read and write
|
||
31AF000
|
stack
|
page read and write
|
||
45AE000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
F58000
|
unkown
|
page read and write
|
||
3B4E000
|
stack
|
page read and write
|
||
428F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
4EB0000
|
direct allocation
|
page execute and read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
380000
|
unkown
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
4E00000
|
direct allocation
|
page execute and read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
4E50000
|
direct allocation
|
page execute and read and write
|
||
4C10000
|
heap
|
page read and write
|
||
3F3F000
|
stack
|
page read and write
|
||
45AF000
|
stack
|
page read and write
|
||
DE0000
|
heap
|
page read and write
|
||
F58000
|
unkown
|
page write copy
|
||
51E3000
|
direct allocation
|
page read and write
|
||
42CE000
|
stack
|
page read and write
|
||
422D000
|
stack
|
page read and write
|
||
3D9F000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
5070000
|
direct allocation
|
page execute and read and write
|
||
5200000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
534D000
|
heap
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4ED6000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
2F27000
|
heap
|
page read and write
|
||
3CEE000
|
stack
|
page read and write
|
||
381000
|
unkown
|
page execute and write copy
|
||
361F000
|
stack
|
page read and write
|
||
1195000
|
heap
|
page read and write
|
||
3C5F000
|
stack
|
page read and write
|
||
3E3E000
|
stack
|
page read and write
|
||
2E2F000
|
stack
|
page read and write
|
||
14C0000
|
direct allocation
|
page execute and read and write
|
||
40AF000
|
stack
|
page read and write
|
||
B04000
|
unkown
|
page execute and read and write
|
||
53D0000
|
direct allocation
|
page execute and read and write
|
||
4E40000
|
direct allocation
|
page execute and read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
4E20000
|
direct allocation
|
page execute and read and write
|
||
301E000
|
stack
|
page read and write
|
||
11DC000
|
stack
|
page read and write
|
||
52D0000
|
direct allocation
|
page execute and read and write
|
||
E40000
|
heap
|
page read and write
|
||
3B5E000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
4D80000
|
direct allocation
|
page execute and read and write
|
||
1280000
|
direct allocation
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
12D9000
|
heap
|
page read and write
|
||
905000
|
unkown
|
page execute and write copy
|
||
36AE000
|
stack
|
page read and write
|
||
563E000
|
stack
|
page read and write
|
||
146E000
|
stack
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
76B000
|
unkown
|
page execute and write copy
|
||
D54000
|
heap
|
page read and write
|
||
4CFF000
|
stack
|
page read and write
|
||
52B0000
|
direct allocation
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
2D8E000
|
stack
|
page read and write
|
||
5330000
|
direct allocation
|
page execute and read and write
|
||
2D5F000
|
stack
|
page read and write
|
||
3D2E000
|
stack
|
page read and write
|
||
5240000
|
direct allocation
|
page execute and read and write
|
||
53F0000
|
heap
|
page read and write
|
||
3CBF000
|
stack
|
page read and write
|
||
1505000
|
heap
|
page read and write
|
||
469E000
|
stack
|
page read and write
|
||
2F1F000
|
stack
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
306F000
|
stack
|
page read and write
|
||
52B3000
|
direct allocation
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
50F0000
|
direct allocation
|
page execute and read and write
|
||
13A4000
|
unkown
|
page execute and read and write
|
||
51BC000
|
stack
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
D4C000
|
heap
|
page read and write
|
||
120B000
|
unkown
|
page execute and read and write
|
||
455E000
|
stack
|
page read and write
|
||
405E000
|
stack
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
52A0000
|
direct allocation
|
page execute and read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
50A0000
|
direct allocation
|
page execute and read and write
|
||
356E000
|
stack
|
page read and write
|
||
52C0000
|
direct allocation
|
page execute and read and write
|
||
F03000
|
heap
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
5090000
|
direct allocation
|
page execute and read and write
|
||
380000
|
unkown
|
page readonly
|
||
446E000
|
stack
|
page read and write
|
||
432F000
|
stack
|
page read and write
|
||
389F000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
4B8000
|
unkown
|
page write copy
|
||
F32000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4E30000
|
direct allocation
|
page execute and read and write
|
||
2EDE000
|
stack
|
page read and write
|
||
39DF000
|
stack
|
page read and write
|
||
492F000
|
stack
|
page read and write
|
||
4EF0000
|
direct allocation
|
page execute and read and write
|
||
5060000
|
direct allocation
|
page execute and read and write
|
||
2E8F000
|
stack
|
page read and write
|
||
380000
|
unkown
|
page read and write
|
||
120B000
|
unkown
|
page execute and write copy
|
||
3DCE000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
E20000
|
unkown
|
page readonly
|
||
47EF000
|
stack
|
page read and write
|
||
382E000
|
stack
|
page read and write
|
||
45BE000
|
stack
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
353F000
|
stack
|
page read and write
|
||
50A0000
|
direct allocation
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
2FDF000
|
stack
|
page read and write
|
||
342F000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
BD0000
|
heap
|
page read and write
|
||
5320000
|
direct allocation
|
page execute and read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
29FC000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
375F000
|
stack
|
page read and write
|
||
4E60000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
125E000
|
stack
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
770000
|
unkown
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
50B0000
|
direct allocation
|
page execute and read and write
|
||
52F0000
|
direct allocation
|
page execute and read and write
|
||
33DE000
|
stack
|
page read and write
|
||
41AF000
|
stack
|
page read and write
|
||
10DE000
|
unkown
|
page execute and read and write
|
||
3BAF000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
CFE000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
770000
|
unkown
|
page readonly
|
||
ED0000
|
direct allocation
|
page read and write
|
||
37FE000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
3A1E000
|
stack
|
page read and write
|
||
4D10000
|
trusted library allocation
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
51FE000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
4BEF000
|
stack
|
page read and write
|
||
486E000
|
stack
|
page read and write
|
||
2E6E000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
5330000
|
direct allocation
|
page execute and read and write
|
||
4B4000
|
unkown
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
A6C000
|
stack
|
page read and write
|
||
4ED0000
|
direct allocation
|
page execute and read and write
|
||
47C1000
|
heap
|
page read and write
|
||
4DE0000
|
direct allocation
|
page execute and read and write
|
||
322F000
|
stack
|
page read and write
|
||
4791000
|
heap
|
page read and write
|
||
4D80000
|
heap
|
page read and write
|
||
4EE0000
|
direct allocation
|
page execute and read and write
|
||
76C000
|
unkown
|
page execute and write copy
|
||
4B8000
|
unkown
|
page read and write
|
||
4C6C000
|
stack
|
page read and write
|
||
4890000
|
trusted library allocation
|
page read and write
|
||
4EED000
|
stack
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
1290000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
CF5000
|
unkown
|
page execute and write copy
|
||
37EE000
|
stack
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
4D01000
|
heap
|
page read and write
|
||
32EF000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
B6D000
|
stack
|
page read and write
|
||
1160000
|
heap
|
page read and write
|
||
45EE000
|
stack
|
page read and write
|
||
4E10000
|
direct allocation
|
page execute and read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
5050000
|
direct allocation
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
CFD000
|
stack
|
page read and write
|
||
129A000
|
heap
|
page read and write
|
||
468E000
|
stack
|
page read and write
|
||
E45000
|
heap
|
page read and write
|
||
13A5000
|
unkown
|
page execute and write copy
|
||
DE4000
|
heap
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
12D2000
|
heap
|
page read and write
|
||
419E000
|
stack
|
page read and write
|
||
2F27000
|
heap
|
page read and write
|
||
5310000
|
direct allocation
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
36BE000
|
stack
|
page read and write
|
||
4BF0000
|
heap
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
5130000
|
direct allocation
|
page execute and read and write
|
||
4E80000
|
direct allocation
|
page execute and read and write
|
||
4C3D000
|
stack
|
page read and write
|
||
63E000
|
unkown
|
page execute and read and write
|
||
B4D000
|
unkown
|
page execute and read and write
|
||
378E000
|
stack
|
page read and write
|
||
4C0E000
|
stack
|
page read and write
|
||
3CAF000
|
stack
|
page read and write
|
||
3BAE000
|
stack
|
page read and write
|
||
F00000
|
heap
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
4D01000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
4791000
|
heap
|
page read and write
|
||
2FEE000
|
stack
|
page read and write
|
||
4EC0000
|
direct allocation
|
page execute and read and write
|
||
4A6F000
|
stack
|
page read and write
|
||
4DC0000
|
direct allocation
|
page execute and read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
3030000
|
heap
|
page read and write
|
||
3C8E000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
6F0000
|
heap
|
page read and write
|
||
3E2E000
|
stack
|
page read and write
|
||
40EE000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
364E000
|
stack
|
page read and write
|
||
34DF000
|
stack
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
4DE0000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
6E0000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
2D4F000
|
stack
|
page read and write
|
||
DE0000
|
heap
|
page read and write
|
||
2C5F000
|
stack
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
418E000
|
stack
|
page read and write
|
||
F2A000
|
heap
|
page read and write
|
||
312F000
|
stack
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
4B8000
|
unkown
|
page read and write
|
||
4AAF000
|
stack
|
page read and write
|
||
4E90000
|
direct allocation
|
page execute and read and write
|
||
3BEE000
|
stack
|
page read and write
|
||
3B6F000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
42DE000
|
stack
|
page read and write
|
||
46EF000
|
stack
|
page read and write
|
||
5250000
|
direct allocation
|
page execute and read and write
|
||
42EF000
|
stack
|
page read and write
|
||
313F000
|
stack
|
page read and write
|
||
497E000
|
stack
|
page read and write
|
||
3A2F000
|
stack
|
page read and write
|
||
508D000
|
stack
|
page read and write
|
||
392F000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
5310000
|
direct allocation
|
page execute and read and write
|
||
B5C000
|
unkown
|
page execute and write copy
|
||
50EB000
|
stack
|
page read and write
|
||
5300000
|
direct allocation
|
page execute and read and write
|
||
42FF000
|
stack
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
34CF000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
432E000
|
stack
|
page read and write
|
||
44AE000
|
stack
|
page read and write
|
||
3037000
|
heap
|
page read and write
|
||
3A7E000
|
stack
|
page read and write
|
||
457F000
|
stack
|
page read and write
|
||
3C4F000
|
stack
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
302E000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
400F000
|
stack
|
page read and write
|
||
2A47000
|
heap
|
page read and write
|
||
CF4000
|
unkown
|
page execute and read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
352F000
|
stack
|
page read and write
|
||
F5C000
|
unkown
|
page execute and read and write
|
||
43DF000
|
stack
|
page read and write
|
||
F54000
|
unkown
|
page execute and read and write
|
||
2ECE000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
2AFB000
|
stack
|
page read and write
|
||
EE0000
|
heap
|
page read and write
|
||
CFD000
|
stack
|
page read and write
|
||
F54000
|
unkown
|
page execute and read and write
|
||
F58000
|
unkown
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
3DFF000
|
stack
|
page read and write
|
||
3F2F000
|
stack
|
page read and write
|
||
714000
|
unkown
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
2F10000
|
direct allocation
|
page execute and read and write
|
||
311F000
|
stack
|
page read and write
|
||
76B000
|
unkown
|
page execute and write copy
|
||
4791000
|
heap
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
904000
|
unkown
|
page execute and read and write
|
||
2C4F000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
46BF000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
5220000
|
direct allocation
|
page execute and read and write
|
||
63E000
|
unkown
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
1518000
|
heap
|
page read and write
|
||
2FAE000
|
stack
|
page read and write
|
||
465F000
|
stack
|
page read and write
|
||
429F000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
338F000
|
stack
|
page read and write
|
||
4BFE000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
14AB000
|
stack
|
page read and write
|
||
2EEE000
|
stack
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
52D0000
|
direct allocation
|
page execute and read and write
|
||
4791000
|
heap
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
4D6F000
|
stack
|
page read and write
|
||
3F7E000
|
stack
|
page read and write
|
||
3CEF000
|
stack
|
page read and write
|
||
4791000
|
heap
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
53B0000
|
direct allocation
|
page execute and read and write
|
||
E34000
|
heap
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
4C40000
|
direct allocation
|
page read and write
|
||
F5E000
|
heap
|
page read and write
|
||
11B4000
|
unkown
|
page execute and read and write
|
||
75D000
|
unkown
|
page execute and read and write
|
||
4791000
|
heap
|
page read and write
|
||
443F000
|
stack
|
page read and write
|
||
5100000
|
direct allocation
|
page execute and read and write
|
||
415F000
|
stack
|
page read and write
|
||
482E000
|
stack
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
4A70000
|
heap
|
page read and write
|
||
2E9F000
|
stack
|
page read and write
|
||
93C000
|
stack
|
page read and write
|
||
39CF000
|
stack
|
page read and write
|
||
332E000
|
stack
|
page read and write
|
||
50E0000
|
direct allocation
|
page execute and read and write
|
||
3F6E000
|
stack
|
page read and write
|
||
D41000
|
heap
|
page read and write
|
||
407F000
|
stack
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
4791000
|
heap
|
page read and write
|
||
5260000
|
direct allocation
|
page execute and read and write
|
||
2EAE000
|
stack
|
page read and write
|
||
356F000
|
stack
|
page read and write
|
||
447E000
|
stack
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
40AE000
|
stack
|
page read and write
|
||
BE0000
|
heap
|
page read and write
|
||
374F000
|
stack
|
page read and write
|
||
48C0000
|
trusted library allocation
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
9A0000
|
heap
|
page read and write
|
||
904000
|
unkown
|
page execute and read and write
|
||
47FF000
|
stack
|
page read and write
|
||
3B7F000
|
stack
|
page read and write
|
||
323F000
|
stack
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
4D63000
|
direct allocation
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
4F0C000
|
heap
|
page read and write
|
||
388F000
|
stack
|
page read and write
|
||
4EB0000
|
direct allocation
|
page execute and read and write
|
||
414F000
|
stack
|
page read and write
|
||
D0E000
|
heap
|
page read and write
|
||
46AF000
|
stack
|
page read and write
|
||
3DDD000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
5390000
|
direct allocation
|
page execute and read and write
|
||
51BE000
|
stack
|
page read and write
|
||
E30000
|
heap
|
page read and write
|
||
5280000
|
direct allocation
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
12E7000
|
heap
|
page read and write
|
||
41FE000
|
stack
|
page read and write
|
||
4E00000
|
direct allocation
|
page execute and read and write
|
||
4B4000
|
unkown
|
page execute and read and write
|
||
3A3F000
|
stack
|
page read and write
|
||
5270000
|
direct allocation
|
page execute and read and write
|
||
53C0000
|
direct allocation
|
page execute and read and write
|
||
B5B000
|
unkown
|
page execute and read and write
|
||
5155000
|
heap
|
page read and write
|
||
2F20000
|
heap
|
page read and write
|
||
396E000
|
stack
|
page read and write
|
||
4EA0000
|
direct allocation
|
page execute and read and write
|
||
E21000
|
unkown
|
page execute and write copy
|
||
4791000
|
heap
|
page read and write
|
||
3A6E000
|
stack
|
page read and write
|
||
EEA000
|
heap
|
page read and write
|
||
5023000
|
direct allocation
|
page read and write
|
||
4C40000
|
direct allocation
|
page read and write
|
||
38FF000
|
stack
|
page read and write
|
||
2A3E000
|
stack
|
page read and write
|
||
120C000
|
unkown
|
page execute and write copy
|
||
115E000
|
stack
|
page read and write
|
||
3ECE000
|
stack
|
page read and write
|
||
4E90000
|
direct allocation
|
page execute and read and write
|
||
13A5000
|
unkown
|
page execute and write copy
|
||
314E000
|
stack
|
page read and write
|
||
300E000
|
stack
|
page read and write
|
||
4E20000
|
direct allocation
|
page execute and read and write
|
||
129E000
|
heap
|
page read and write
|
||
52C0000
|
direct allocation
|
page execute and read and write
|
||
4DF0000
|
direct allocation
|
page execute and read and write
|
||
381000
|
unkown
|
page execute and write copy
|
||
120B000
|
unkown
|
page execute and write copy
|
||
4BC000
|
unkown
|
page execute and read and write
|
||
50A0000
|
direct allocation
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
53A0000
|
direct allocation
|
page execute and read and write
|
||
2B50000
|
heap
|
page read and write
|
||
41EE000
|
stack
|
page read and write
|
||
14D0000
|
heap
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
365E000
|
stack
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
DE4000
|
heap
|
page read and write
|
||
3A6F000
|
stack
|
page read and write
|
||
5040000
|
direct allocation
|
page execute and read and write
|
||
F5C000
|
unkown
|
page execute and read and write
|
||
38DE000
|
stack
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
5350000
|
direct allocation
|
page execute and read and write
|
||
1280000
|
direct allocation
|
page read and write
|
||
1190000
|
heap
|
page read and write
|
||
905000
|
unkown
|
page execute and write copy
|
||
1260000
|
direct allocation
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
50D0000
|
direct allocation
|
page execute and read and write
|
||
52C0000
|
heap
|
page read and write
|
||
8A4000
|
unkown
|
page execute and read and write
|
||
9D0000
|
heap
|
page read and write
|
||
4B70000
|
trusted library allocation
|
page read and write
|
||
4DA0000
|
direct allocation
|
page execute and read and write
|
||
446E000
|
stack
|
page read and write
|
||
13A4000
|
unkown
|
page execute and read and write
|
||
4A71000
|
heap
|
page read and write
|
||
493F000
|
stack
|
page read and write
|
||
50A0000
|
direct allocation
|
page read and write
|
||
41BF000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
752000
|
unkown
|
page execute and read and write
|
||
99C000
|
stack
|
page read and write
|
||
4E10000
|
direct allocation
|
page execute and read and write
|
||
5030000
|
direct allocation
|
page execute and read and write
|
||
3B0F000
|
stack
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
342F000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
1170000
|
heap
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
D00000
|
heap
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
43CF000
|
stack
|
page read and write
|
||
5210000
|
direct allocation
|
page execute and read and write
|
||
3F6F000
|
stack
|
page read and write
|
||
3A0E000
|
stack
|
page read and write
|
||
F5E000
|
heap
|
page read and write
|
||
451F000
|
stack
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4C40000
|
direct allocation
|
page read and write
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
3F1E000
|
stack
|
page read and write
|
||
37AF000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
343F000
|
stack
|
page read and write
|
||
5370000
|
direct allocation
|
page execute and read and write
|
||
502F000
|
stack
|
page read and write
|
||
11FD000
|
unkown
|
page execute and read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
121E000
|
stack
|
page read and write
|
||
478F000
|
stack
|
page read and write
|
||
29BE000
|
stack
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
37EF000
|
stack
|
page read and write
|
||
56DE000
|
stack
|
page read and write
|
||
F10000
|
direct allocation
|
page read and write
|
||
4A71000
|
heap
|
page read and write
|
||
440E000
|
stack
|
page read and write
|
||
4D8F000
|
stack
|
page read and write
|
||
328E000
|
stack
|
page read and write
|
||
49AE000
|
stack
|
page read and write
|
||
1280000
|
direct allocation
|
page read and write
|
||
441E000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
F56000
|
heap
|
page read and write
|
||
30AE000
|
stack
|
page read and write
|
||
8A8000
|
unkown
|
page read and write
|
||
33CE000
|
stack
|
page read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
4E70000
|
direct allocation
|
page execute and read and write
|
||
47C1000
|
heap
|
page read and write
|
||
2D9E000
|
stack
|
page read and write
|
||
C90000
|
heap
|
page read and write
|
||
D56000
|
heap
|
page read and write
|
||
543E000
|
stack
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
52F0000
|
direct allocation
|
page execute and read and write
|
||
4EC0000
|
direct allocation
|
page execute and read and write
|
||
5300000
|
direct allocation
|
page execute and read and write
|
||
4C20000
|
direct allocation
|
page read and write
|
||
2F00000
|
direct allocation
|
page execute and read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
2FCF000
|
stack
|
page read and write
|
||
517E000
|
stack
|
page read and write
|
||
36AF000
|
stack
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
B42000
|
unkown
|
page execute and read and write
|
||
E20000
|
unkown
|
page read and write
|
||
392E000
|
stack
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
46EE000
|
stack
|
page read and write
|
||
393E000
|
stack
|
page read and write
|
||
52E0000
|
direct allocation
|
page execute and read and write
|
||
D0A000
|
heap
|
page read and write
|
||
4E00000
|
trusted library allocation
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
5354000
|
heap
|
page read and write
|
||
3E2F000
|
stack
|
page read and write
|
||
5230000
|
direct allocation
|
page execute and read and write
|
||
E20000
|
unkown
|
page read and write
|
||
4C11000
|
heap
|
page read and write
|
||
4DA0000
|
direct allocation
|
page execute and read and write
|
||
4B8000
|
unkown
|
page write copy
|
||
315E000
|
stack
|
page read and write
|
||
4DF0000
|
direct allocation
|
page execute and read and write
|
||
4DD0000
|
direct allocation
|
page execute and read and write
|
||
3F0E000
|
stack
|
page read and write
|
||
E34000
|
heap
|
page read and write
|
||
76B000
|
unkown
|
page execute and read and write
|
||
3EDF000
|
stack
|
page read and write
|
||
333F000
|
stack
|
page read and write
|
||
4D01000
|
heap
|
page read and write
|
||
4791000
|
heap
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
339F000
|
stack
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
771000
|
unkown
|
page execute and write copy
|
||
450F000
|
stack
|
page read and write
|
||
E10000
|
direct allocation
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
DF0000
|
direct allocation
|
page read and write
|
||
4790000
|
heap
|
page read and write
|
||
5290000
|
direct allocation
|
page execute and read and write
|
||
380000
|
unkown
|
page readonly
|
||
4DB0000
|
direct allocation
|
page execute and read and write
|
||
E30000
|
heap
|
page read and write
|
||
DE4000
|
heap
|
page read and write
|
||
4F2C000
|
stack
|
page read and write
|
||
1260000
|
direct allocation
|
page read and write
|
||
ED0000
|
direct allocation
|
page read and write
|
||
482F000
|
stack
|
page read and write
|
||
47C1000
|
heap
|
page read and write
|
||
38CE000
|
stack
|
page read and write
|
||
4BBF000
|
stack
|
page read and write
|
||
2A40000
|
heap
|
page read and write
|
There are 804 hidden memdumps, click here to show them.