Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Lisect_AVT_24003_G1A_89.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe
|
MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\7-Zip\Uninstall.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\jHYZko.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_jHYZko.exe_d8685fa3666ef0170de53ca60392592e0c360b1_2472fd22_e3a77683-1b53-4759-a244-058d1fe851d7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA7B2.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Jul 25 03:10:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAADF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB0F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k1[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k1[2].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k2[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k2[2].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k3[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k3[2].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k4[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\k5[1].rar
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1E3A2110.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2b7051ed.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3EFE34B7.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\412E45BE.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\459048D5.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5F314FF5.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\78CB03FC.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7EF10F8C.exe
|
ASCII text
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\7F7A79A8.exe
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
|
ASCII text, with no line terminators
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Lisect_AVT_24003_G1A_89.exe
|
"C:\Users\user\Desktop\Lisect_AVT_24003_G1A_89.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\jHYZko.exe
|
C:\Users\user\AppData\Local\Temp\jHYZko.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\jHYZko.exe
|
C:\Users\user\AppData\Local\Temp\jHYZko.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 1612
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\2b7051ed.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ddos.dnsnb8.net:799/cj//k1.rarky.tth.txtp
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarZ
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rar=x
|
unknown
|
|
|
|
http://ddos.dnsnb8.net/=
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rar=x
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k4.rar(y
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarl
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k4.rarC:
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rarL
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rarO
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k5.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rarR
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rartC:
|
unknown
|
|
|
|
http://ddos.dnsnb8.net/
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k5.rarsC:
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarExh
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k4.rar
|
44.221.84.105
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k1.rarm
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k5.rarHxg
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k3.rarpy_
|
unknown
|
|
|
|
http://ddos.dnsnb8.net:799/cj//k2.rarfC:
|
unknown
|
|
|
|
http://www.scintilla.org/scite.rng
|
unknown
|
||
|
http://www.rftp.comJosiah
|
unknown
|
||
|
http://www.activestate.com
|
unknown
|
||
|
http://www.activestate.comHolger
|
unknown
|
||
|
http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
|
unknown
|
||
|
http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE
|
unknown
|
||
|
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.rftp.com
|
unknown
|
||
|
https://t.me/RiseProSUPPORT
|
unknown
|
||
|
http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
|
unknown
|
||
|
http://www.baanboard.comBrendon
|
unknown
|
||
|
https://www.smartsharesystems.com/
|
unknown
|
||
|
http://www.scintilla.org
|
unknown
|
||
|
http://www.spaceblue.comMathias
|
unknown
|
||
|
https://www.smartsharesystems.com/Morten
|
unknown
|
||
|
http://www.develop.com
|
unknown
|
||
|
http://pki-ocsp.symauth.com0
|
unknown
|
||
|
http://www.lua.org
|
unknown
|
||
|
http://www.spaceblue.com
|
unknown
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
http://www.baanboard.com
|
unknown
|
||
|
http://www.develop.comDeepak
|
unknown
|
||
|
https://t.me/RiseProSUPPORTz
|
unknown
|
There are 38 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ddos.dnsnb8.net
|
44.221.84.105
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
44.221.84.105
|
ddos.dnsnb8.net
|
United States
|
||
|
193.233.132.62
|
unknown
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RageMP131
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
ProgramId
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
FileId
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
LongPathHash
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Name
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
OriginalFileName
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Publisher
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Version
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
BinFileVersion
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
BinaryType
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
ProductName
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
ProductVersion
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
LinkDate
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
BinProductVersion
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Size
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Language
|
||
|
\REGISTRY\A\{4030ea80-f80f-f2c7-a4f4-57af305670df}\Root\InventoryApplicationFile\jhyzko.exe|cffec1f08f9af141
|
Usn
|
||
|
HKEY_CURRENT_USER_Classes\VirtualStore\MACHINE\SOFTWARE\WOW6432Node\GTplus
|
Time
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
FB1000
|
unkown
|
page execute and read and write
|
|
|
|
8C1000
|
unkown
|
page execute and read and write
|
|
|
|
571000
|
unkown
|
page execute and read and write
|
|
|
|
571000
|
unkown
|
page execute and read and write
|
|
|
|
3827000
|
direct allocation
|
page execute and read and write
|
||
|
6C2000
|
unkown
|
page readonly
|
||
|
4060000
|
direct allocation
|
page execute and read and write
|
||
|
13AA000
|
heap
|
page read and write
|
||
|
4EFE000
|
stack
|
page read and write
|
||
|
1AAA000
|
heap
|
page read and write
|
||
|
3B40000
|
direct allocation
|
page execute and read and write
|
||
|
3DA0000
|
heap
|
page read and write
|
||
|
CDA000
|
heap
|
page read and write
|
||
|
3827000
|
direct allocation
|
page execute and read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
1102000
|
unkown
|
page readonly
|
||
|
D15000
|
heap
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
33A0000
|
heap
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
125E000
|
heap
|
page read and write
|
||
|
1E0000
|
unkown
|
page readonly
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
1B50000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
8C1000
|
unkown
|
page execute and write copy
|
||
|
3520000
|
direct allocation
|
page execute and read and write
|
||
|
1B40000
|
heap
|
page read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
3E10000
|
heap
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
1240000
|
direct allocation
|
page read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
1970000
|
heap
|
page read and write
|
||
|
6C2000
|
unkown
|
page readonly
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
4233000
|
heap
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
3420000
|
direct allocation
|
page execute and read and write
|
||
|
81C000
|
unkown
|
page execute and read and write
|
||
|
1AED000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
384E000
|
stack
|
page read and write
|
||
|
3B57000
|
direct allocation
|
page execute and read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
1E1000
|
unkown
|
page execute read
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
6CB000
|
stack
|
page read and write
|
||
|
3C90000
|
heap
|
page read and write
|
||
|
3BDD000
|
stack
|
page read and write
|
||
|
21A7000
|
heap
|
page read and write
|
||
|
67C000
|
unkown
|
page execute and write copy
|
||
|
370E000
|
stack
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
C65000
|
heap
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
4053000
|
direct allocation
|
page execute and read and write
|
||
|
6A3000
|
unkown
|
page execute and read and write
|
||
|
3ACE000
|
stack
|
page read and write
|
||
|
2F9A000
|
stack
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
7F220000
|
direct allocation
|
page execute and read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
F6D000
|
stack
|
page read and write
|
||
|
A08000
|
unkown
|
page execute and write copy
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
1840000
|
heap
|
page read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
A12000
|
unkown
|
page readonly
|
||
|
3DB0000
|
heap
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
A12000
|
unkown
|
page readonly
|
||
|
1E0000
|
unkown
|
page readonly
|
||
|
A08000
|
unkown
|
page execute and read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
A22000
|
unkown
|
page execute and read and write
|
||
|
10E3000
|
unkown
|
page execute and write copy
|
||
|
1066000
|
heap
|
page read and write
|
||
|
46CB000
|
heap
|
page read and write
|
||
|
1AAE000
|
heap
|
page read and write
|
||
|
2E99000
|
stack
|
page read and write
|
||
|
3804000
|
direct allocation
|
page execute and read and write
|
||
|
3217000
|
stack
|
page read and write
|
||
|
3A70000
|
direct allocation
|
page execute and read and write
|
||
|
12F4000
|
heap
|
page read and write
|
||
|
4398000
|
heap
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
E0B000
|
stack
|
page read and write
|
||
|
109B000
|
unkown
|
page execute and write copy
|
||
|
257F000
|
stack
|
page read and write
|
||
|
3953000
|
heap
|
page read and write
|
||
|
3E00000
|
heap
|
page read and write
|
||
|
35EB000
|
stack
|
page read and write
|
||
|
8C0000
|
unkown
|
page readonly
|
||
|
6B8000
|
unkown
|
page execute and write copy
|
||
|
12D9000
|
heap
|
page read and write
|
||
|
A6D000
|
stack
|
page read and write
|
||
|
3970000
|
direct allocation
|
page execute and read and write
|
||
|
3AF0000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
1B30000
|
heap
|
page read and write
|
||
|
6D2000
|
unkown
|
page execute and write copy
|
||
|
1102000
|
unkown
|
page readonly
|
||
|
6B8000
|
unkown
|
page execute and read and write
|
||
|
218E000
|
heap
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
7ECA0000
|
direct allocation
|
page execute and read and write
|
||
|
12C5000
|
heap
|
page read and write
|
||
|
3577000
|
direct allocation
|
page execute and read and write
|
||
|
12EE000
|
heap
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
1847000
|
heap
|
page read and write
|
||
|
9F3000
|
unkown
|
page execute and read and write
|
||
|
E61000
|
unkown
|
page execute and write copy
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
AD0000
|
direct allocation
|
page read and write
|
||
|
12DF000
|
heap
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
10BC000
|
unkown
|
page execute and write copy
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
10F8000
|
unkown
|
page execute and read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
1AEB000
|
heap
|
page read and write
|
||
|
4230000
|
heap
|
page read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
129C000
|
stack
|
page read and write
|
||
|
AE0000
|
direct allocation
|
page read and write
|
||
|
125C000
|
unkown
|
page execute and read and write
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
6C2000
|
unkown
|
page readonly
|
||
|
3BC0000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
398E000
|
stack
|
page read and write
|
||
|
3553000
|
direct allocation
|
page execute and read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
1277000
|
heap
|
page read and write
|
||
|
3C1E000
|
stack
|
page read and write
|
||
|
AE0000
|
direct allocation
|
page read and write
|
||
|
11C0000
|
unkown
|
page execute and read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
169B000
|
heap
|
page read and write
|
||
|
1E1000
|
unkown
|
page execute and write copy
|
||
|
401F000
|
stack
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
BC8000
|
unkown
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
E6D000
|
unkown
|
page execute and write copy
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
AE0000
|
direct allocation
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
81C000
|
unkown
|
page execute and read and write
|
||
|
8AB000
|
unkown
|
page execute and read and write
|
||
|
12AC000
|
heap
|
page read and write
|
||
|
1326000
|
heap
|
page read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
3310000
|
direct allocation
|
page execute and read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
1E6000
|
unkown
|
page execute and read and write
|
||
|
3ADB000
|
stack
|
page read and write
|
||
|
F18000
|
unkown
|
page execute and read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
3810000
|
direct allocation
|
page execute and read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
AD0000
|
direct allocation
|
page read and write
|
||
|
E70000
|
unkown
|
page execute and write copy
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
1FFC000
|
stack
|
page read and write
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
9F3000
|
unkown
|
page execute and write copy
|
||
|
34B0000
|
direct allocation
|
page execute and read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
36C4000
|
heap
|
page read and write
|
||
|
1E3000
|
unkown
|
page write copy
|
||
|
4ACE000
|
heap
|
page read and write
|
||
|
187C000
|
stack
|
page read and write
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
6D2000
|
unkown
|
page execute and read and write
|
||
|
184A000
|
heap
|
page read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
12C0000
|
direct allocation
|
page execute and read and write
|
||
|
123E000
|
stack
|
page read and write
|
||
|
E64000
|
unkown
|
page read and write
|
||
|
1E3000
|
unkown
|
page readonly
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
37D0000
|
direct allocation
|
page execute and read and write
|
||
|
1AA0000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
4054000
|
direct allocation
|
page execute and read and write
|
||
|
3CA0000
|
heap
|
page read and write
|
||
|
7F220000
|
direct allocation
|
page execute and read and write
|
||
|
440E000
|
stack
|
page read and write
|
||
|
16A5000
|
heap
|
page read and write
|
||
|
2F8E000
|
stack
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
193E000
|
stack
|
page read and write
|
||
|
1ADB000
|
unkown
|
page execute and write copy
|
||
|
CBE000
|
heap
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
ECE000
|
stack
|
page read and write
|
||
|
3D1E000
|
stack
|
page read and write
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
A22000
|
unkown
|
page execute and write copy
|
||
|
320E000
|
stack
|
page read and write
|
||
|
3577000
|
direct allocation
|
page execute and read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
D14000
|
heap
|
page read and write
|
||
|
1240000
|
direct allocation
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
11C0000
|
unkown
|
page execute and write copy
|
||
|
9CC000
|
unkown
|
page execute and write copy
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
CE1000
|
heap
|
page read and write
|
||
|
AE0000
|
direct allocation
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
10F8000
|
unkown
|
page execute and write copy
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
1240000
|
direct allocation
|
page read and write
|
||
|
3C80000
|
heap
|
page read and write
|
||
|
C58000
|
heap
|
page read and write
|
||
|
12F5000
|
heap
|
page read and write
|
||
|
6A3000
|
unkown
|
page execute and write copy
|
||
|
3B00000
|
direct allocation
|
page execute and read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
4CC7000
|
heap
|
page read and write
|
||
|
7F7F0000
|
direct allocation
|
page execute and read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
E60000
|
unkown
|
page readonly
|
||
|
21D0000
|
heap
|
page read and write
|
||
|
B52000
|
unkown
|
page execute and read and write
|
||
|
21BF000
|
heap
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
1BE0000
|
heap
|
page read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
FF0000
|
direct allocation
|
page read and write
|
||
|
15FC000
|
stack
|
page read and write
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
6A3000
|
unkown
|
page execute and write copy
|
||
|
438F000
|
stack
|
page read and write
|
||
|
109B000
|
unkown
|
page execute and write copy
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
3840000
|
direct allocation
|
page execute and read and write
|
||
|
4077000
|
direct allocation
|
page execute and read and write
|
||
|
10E3000
|
unkown
|
page execute and read and write
|
||
|
5620000
|
trusted library allocation
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
1667000
|
heap
|
page read and write
|
||
|
131B000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
12EB000
|
unkown
|
page execute and read and write
|
||
|
3B33000
|
direct allocation
|
page execute and read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
571000
|
unkown
|
page execute and write copy
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
334E000
|
stack
|
page read and write
|
||
|
4077000
|
direct allocation
|
page execute and read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
CE1000
|
heap
|
page read and write
|
||
|
E63000
|
unkown
|
page readonly
|
||
|
3E1F000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7C9000
|
stack
|
page read and write
|
||
|
3A8E000
|
stack
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
B6C000
|
unkown
|
page execute and read and write
|
||
|
167F000
|
stack
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
E70000
|
unkown
|
page execute and read and write
|
||
|
67C000
|
unkown
|
page execute and write copy
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
1608000
|
unkown
|
page execute and read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
3814000
|
direct allocation
|
page execute and read and write
|
||
|
3E03000
|
heap
|
page read and write
|
||
|
BC8000
|
unkown
|
page execute and read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
21C8000
|
heap
|
page read and write
|
||
|
167B000
|
stack
|
page read and write
|
||
|
1E6000
|
unkown
|
page execute and write copy
|
||
|
570000
|
unkown
|
page readonly
|
||
|
4064000
|
direct allocation
|
page execute and read and write
|
||
|
802000
|
unkown
|
page execute and read and write
|
||
|
18B0000
|
unkown
|
page execute and read and write
|
||
|
802000
|
unkown
|
page execute and read and write
|
||
|
1365000
|
heap
|
page read and write
|
||
|
129D000
|
heap
|
page read and write
|
||
|
1E4000
|
unkown
|
page read and write
|
||
|
31E0000
|
direct allocation
|
page execute and read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
1975000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
E6D000
|
unkown
|
page execute and write copy
|
||
|
18AD000
|
unkown
|
page execute and write copy
|
||
|
2E04000
|
heap
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
2120000
|
direct allocation
|
page execute and read and write
|
||
|
3430000
|
heap
|
page read and write
|
||
|
36D0000
|
direct allocation
|
page execute and read and write
|
||
|
13DD000
|
heap
|
page read and write
|
||
|
3803000
|
direct allocation
|
page execute and read and write
|
||
|
2A2C000
|
stack
|
page read and write
|
||
|
FB0000
|
unkown
|
page readonly
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
6B8000
|
unkown
|
page execute and write copy
|
||
|
3B34000
|
direct allocation
|
page execute and read and write
|
||
|
446A000
|
heap
|
page read and write
|
||
|
4020000
|
direct allocation
|
page execute and read and write
|
||
|
1691000
|
heap
|
page read and write
|
||
|
6C2000
|
unkown
|
page readonly
|
||
|
6A3000
|
unkown
|
page execute and read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
3B57000
|
direct allocation
|
page execute and read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
3930000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
46BF000
|
stack
|
page read and write
|
||
|
418F000
|
stack
|
page read and write
|
||
|
3F20000
|
direct allocation
|
page execute and read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
12F2000
|
heap
|
page read and write
|
||
|
1112000
|
unkown
|
page execute and write copy
|
||
|
218A000
|
heap
|
page read and write
|
||
|
3EF0000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
E70000
|
unkown
|
page execute and write copy
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
1E9F000
|
stack
|
page read and write
|
||
|
317D000
|
stack
|
page read and write
|
||
|
1112000
|
unkown
|
page execute and read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
BFB000
|
unkown
|
page execute and read and write
|
||
|
349B000
|
stack
|
page read and write
|
||
|
E66000
|
unkown
|
page execute and write copy
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
1242000
|
unkown
|
page execute and read and write
|
||
|
6B8000
|
unkown
|
page execute and read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
359C000
|
stack
|
page read and write
|
||
|
1AEB000
|
heap
|
page read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
3560000
|
direct allocation
|
page execute and read and write
|
||
|
4270000
|
heap
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
14B000
|
stack
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
571000
|
unkown
|
page execute and write copy
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
E5C000
|
stack
|
page read and write
|
||
|
AF5000
|
heap
|
page read and write
|
||
|
12F4000
|
heap
|
page read and write
|
||
|
2000000
|
direct allocation
|
page execute and read and write
|
||
|
6D2000
|
unkown
|
page execute and write copy
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
31CF000
|
stack
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
E63000
|
unkown
|
page write copy
|
||
|
3390000
|
heap
|
page read and write
|
||
|
1AE3000
|
heap
|
page read and write
|
||
|
11BD000
|
unkown
|
page execute and write copy
|
||
|
12D3000
|
heap
|
page read and write
|
||
|
E70000
|
unkown
|
page execute and read and write
|
||
|
FB1000
|
unkown
|
page execute and write copy
|
||
|
106A000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
8AB000
|
unkown
|
page execute and read and write
|
||
|
3960000
|
heap
|
page read and write
|
||
|
1240000
|
direct allocation
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
6D2000
|
unkown
|
page execute and read and write
|
||
|
380F000
|
stack
|
page read and write
|
||
|
1AED000
|
heap
|
page read and write
|
||
|
C5F000
|
heap
|
page read and write
|
||
|
12DF000
|
heap
|
page read and write
|
||
|
125A000
|
heap
|
page read and write
|
||
|
112B000
|
stack
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
3554000
|
direct allocation
|
page execute and read and write
|
||
|
12D9000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
CE1000
|
heap
|
page read and write
|
||
|
3B44000
|
direct allocation
|
page execute and read and write
|
||
|
13EB000
|
unkown
|
page execute and write copy
|
||
|
E61000
|
unkown
|
page execute read
|
||
|
E66000
|
unkown
|
page execute and read and write
|
||
|
381C000
|
stack
|
page read and write
|
||
|
CB1000
|
heap
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
16A5000
|
heap
|
page read and write
|
||
|
40F2000
|
heap
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
18B0000
|
unkown
|
page execute and write copy
|
||
|
13AD000
|
heap
|
page read and write
|
||
|
3564000
|
direct allocation
|
page execute and read and write
|
||
|
FF0000
|
direct allocation
|
page read and write
|
There are 429 hidden memdumps, click here to show them.