Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002A_191.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
|
ASCII text, with no line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002A_191.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_191.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
|
unknown
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
https://t.me/RiseProSUPPORT
|
unknown
|
||
|
https://ipinfo.io/
|
unknown
|
||
|
https://www.maxmind.com/en/locate-my-ip-address
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.233.132.62
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RageMP131
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
571000
|
unkown
|
page execute and read and write
|
|
|
|
151000
|
unkown
|
page execute and read and write
|
|
|
|
4820000
|
direct allocation
|
page read and write
|
|
|
|
4820000
|
direct allocation
|
page read and write
|
|
|
|
4640000
|
direct allocation
|
page read and write
|
|
|
|
4720000
|
direct allocation
|
page read and write
|
|
|
|
C81000
|
unkown
|
page execute and read and write
|
|
|
|
C81000
|
unkown
|
page execute and read and write
|
|
|
|
4450000
|
direct allocation
|
page read and write
|
|
|
|
571000
|
unkown
|
page execute and read and write
|
|
|
|
2A1F000
|
stack
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
2D6F000
|
stack
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
347E000
|
stack
|
page read and write
|
||
|
4835000
|
heap
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
151000
|
unkown
|
page execute and write copy
|
||
|
449E000
|
stack
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
919000
|
unkown
|
page execute and read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
4974000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
87A000
|
unkown
|
page execute and read and write
|
||
|
F4C000
|
unkown
|
page execute and write copy
|
||
|
416F000
|
stack
|
page read and write
|
||
|
101A000
|
unkown
|
page execute and write copy
|
||
|
DB8000
|
unkown
|
page write copy
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
3D9F000
|
stack
|
page read and write
|
||
|
1277000
|
heap
|
page read and write
|
||
|
919000
|
unkown
|
page execute and write copy
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
452F000
|
stack
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
6B8000
|
unkown
|
page execute and write copy
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
F64000
|
unkown
|
page execute and write copy
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
391E000
|
stack
|
page read and write
|
||
|
DB3000
|
unkown
|
page execute and read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
459F000
|
stack
|
page read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
28C000
|
unkown
|
page execute and write copy
|
||
|
101A000
|
unkown
|
page execute and write copy
|
||
|
854000
|
unkown
|
page execute and write copy
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
CEF000
|
stack
|
page read and write
|
||
|
82F000
|
unkown
|
page execute and read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
9F5000
|
heap
|
page read and write
|
||
|
F76000
|
unkown
|
page execute and read and write
|
||
|
47B000
|
unkown
|
page execute and read and write
|
||
|
DBB000
|
unkown
|
page read and write
|
||
|
298000
|
unkown
|
page execute and write copy
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
838000
|
unkown
|
page execute and read and write
|
||
|
32FF000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
312F000
|
stack
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
82C000
|
unkown
|
page execute and read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and write copy
|
||
|
2EAF000
|
stack
|
page read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
3BFD000
|
stack
|
page read and write
|
||
|
856000
|
unkown
|
page execute and read and write
|
||
|
DC6000
|
unkown
|
page execute and write copy
|
||
|
3CFF000
|
stack
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
89A000
|
unkown
|
page execute and write copy
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
4465000
|
heap
|
page read and write
|
||
|
F20000
|
unkown
|
page execute and read and write
|
||
|
82F000
|
unkown
|
page execute and read and write
|
||
|
C81000
|
unkown
|
page execute and write copy
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
1029000
|
unkown
|
page execute and write copy
|
||
|
345E000
|
stack
|
page read and write
|
||
|
6B6000
|
unkown
|
page execute and write copy
|
||
|
316E000
|
stack
|
page read and write
|
||
|
DBC000
|
unkown
|
page execute and write copy
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
F5B000
|
unkown
|
page execute and write copy
|
||
|
A42000
|
heap
|
page read and write
|
||
|
260E000
|
stack
|
page read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
1029000
|
unkown
|
page execute and write copy
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
90A000
|
unkown
|
page execute and write copy
|
||
|
866000
|
unkown
|
page execute and read and write
|
||
|
351E000
|
stack
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
2AC0000
|
direct allocation
|
page execute and read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page execute and read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
4C8000
|
unkown
|
page execute and write copy
|
||
|
4F9000
|
unkown
|
page execute and read and write
|
||
|
6AC000
|
unkown
|
page execute and write copy
|
||
|
101A000
|
unkown
|
page execute and write copy
|
||
|
1137000
|
heap
|
page read and write
|
||
|
A36000
|
heap
|
page read and write
|
||
|
274E000
|
stack
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
DB8000
|
unkown
|
page write copy
|
||
|
3CDF000
|
stack
|
page read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
F7E000
|
unkown
|
page execute and write copy
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
4996000
|
heap
|
page read and write
|
||
|
838000
|
unkown
|
page execute and read and write
|
||
|
FE5000
|
unkown
|
page execute and read and write
|
||
|
3FBE000
|
stack
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
DB8000
|
unkown
|
page write copy
|
||
|
812000
|
unkown
|
page execute and write copy
|
||
|
980000
|
heap
|
page read and write
|
||
|
F3F000
|
unkown
|
page execute and read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
C80000
|
unkown
|
page read and write
|
||
|
844000
|
unkown
|
page execute and read and write
|
||
|
434000
|
unkown
|
page execute and write copy
|
||
|
FF8000
|
unkown
|
page execute and write copy
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
497B000
|
heap
|
page read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
84C000
|
unkown
|
page execute and read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
FFB000
|
unkown
|
page execute and write copy
|
||
|
445E000
|
stack
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
101A000
|
unkown
|
page execute and write copy
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
288000
|
unkown
|
page write copy
|
||
|
FAB000
|
unkown
|
page execute and read and write
|
||
|
2FEF000
|
stack
|
page read and write
|
||
|
8D5000
|
unkown
|
page execute and read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
437E000
|
stack
|
page read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
45BF000
|
stack
|
page read and write
|
||
|
AF8000
|
heap
|
page read and write
|
||
|
B32000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
DC7000
|
unkown
|
page execute and read and write
|
||
|
302E000
|
stack
|
page read and write
|
||
|
865000
|
unkown
|
page execute and write copy
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
810000
|
unkown
|
page execute and read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
84C000
|
unkown
|
page execute and read and write
|
||
|
F5C000
|
unkown
|
page execute and read and write
|
||
|
40DE000
|
stack
|
page read and write
|
||
|
4790000
|
heap
|
page read and write
|
||
|
28B000
|
unkown
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
296000
|
unkown
|
page execute and write copy
|
||
|
3ABE000
|
stack
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
6A8000
|
unkown
|
page write copy
|
||
|
418000
|
unkown
|
page execute and write copy
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
6B7000
|
unkown
|
page execute and read and write
|
||
|
108F000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
391F000
|
stack
|
page read and write
|
||
|
6AC000
|
unkown
|
page execute and read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
150000
|
unkown
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
31BF000
|
stack
|
page read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
DB8000
|
unkown
|
page write copy
|
||
|
389F000
|
stack
|
page read and write
|
||
|
1029000
|
unkown
|
page execute and read and write
|
||
|
E9A000
|
heap
|
page read and write
|
||
|
4A5E000
|
stack
|
page read and write
|
||
|
90A000
|
unkown
|
page execute and write copy
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
571000
|
unkown
|
page execute and write copy
|
||
|
435E000
|
stack
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
F64000
|
unkown
|
page execute and write copy
|
||
|
89B000
|
unkown
|
page execute and read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
4582000
|
direct allocation
|
page read and write
|
||
|
4654000
|
heap
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
82C000
|
unkown
|
page execute and read and write
|
||
|
F3C000
|
unkown
|
page execute and read and write
|
||
|
FFB000
|
unkown
|
page execute and write copy
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
838000
|
unkown
|
page execute and write copy
|
||
|
4EA000
|
unkown
|
page execute and write copy
|
||
|
4CB000
|
unkown
|
page execute and write copy
|
||
|
F20000
|
unkown
|
page execute and read and write
|
||
|
DC8000
|
unkown
|
page execute and write copy
|
||
|
6A3000
|
unkown
|
page execute and read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
F5C000
|
unkown
|
page execute and read and write
|
||
|
28C000
|
unkown
|
page execute and read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
4952000
|
direct allocation
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
865000
|
unkown
|
page execute and write copy
|
||
|
41DF000
|
stack
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
8D3000
|
unkown
|
page execute and read and write
|
||
|
DC8000
|
unkown
|
page execute and write copy
|
||
|
86E000
|
unkown
|
page execute and write copy
|
||
|
3DA0000
|
heap
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
F22000
|
unkown
|
page execute and write copy
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
115E000
|
stack
|
page read and write
|
||
|
902000
|
unkown
|
page execute and write copy
|
||
|
A38000
|
heap
|
page read and write
|
||
|
47A000
|
unkown
|
page execute and write copy
|
||
|
419F000
|
stack
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
376F000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
3E7E000
|
stack
|
page read and write
|
||
|
4A5D000
|
stack
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
441F000
|
stack
|
page read and write
|
||
|
4977000
|
heap
|
page read and write
|
||
|
2BDF000
|
stack
|
page read and write
|
||
|
4B3000
|
unkown
|
page execute and read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
6B6000
|
unkown
|
page execute and write copy
|
||
|
89A000
|
unkown
|
page execute and write copy
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
FAB000
|
unkown
|
page execute and read and write
|
||
|
4E2000
|
unkown
|
page execute and write copy
|
||
|
4929000
|
heap
|
page read and write
|
||
|
357F000
|
stack
|
page read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
A42000
|
heap
|
page read and write
|
||
|
6A3000
|
unkown
|
page execute and read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
2B1F000
|
stack
|
page read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
902000
|
unkown
|
page execute and write copy
|
||
|
DBC000
|
unkown
|
page execute and read and write
|
||
|
40F000
|
unkown
|
page execute and read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
8D5000
|
unkown
|
page execute and read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
4B5000
|
unkown
|
page execute and read and write
|
||
|
87A000
|
unkown
|
page execute and read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
38DE000
|
stack
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
297000
|
unkown
|
page execute and read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
B32000
|
heap
|
page read and write
|
||
|
9AC000
|
stack
|
page read and write
|
||
|
45A000
|
unkown
|
page execute and read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and read and write
|
||
|
F54000
|
unkown
|
page execute and read and write
|
||
|
445F000
|
stack
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
812000
|
unkown
|
page execute and write copy
|
||
|
3F7F000
|
stack
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
DBB000
|
unkown
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
424000
|
unkown
|
page execute and read and write
|
||
|
8AC000
|
stack
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
42B000
|
unkown
|
page execute and write copy
|
||
|
930000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page execute and write copy
|
||
|
37FF000
|
stack
|
page read and write
|
||
|
F48000
|
unkown
|
page execute and write copy
|
||
|
3F9E000
|
stack
|
page read and write
|
||
|
FE3000
|
unkown
|
page execute and read and write
|
||
|
446000
|
unkown
|
page execute and read and write
|
||
|
84B000
|
unkown
|
page execute and write copy
|
||
|
E6F000
|
heap
|
page read and write
|
||
|
343F000
|
stack
|
page read and write
|
||
|
1014000
|
unkown
|
page execute and write copy
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
1029000
|
unkown
|
page execute and read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
3B9F000
|
stack
|
page read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
6A8000
|
unkown
|
page write copy
|
||
|
83C000
|
unkown
|
page execute and write copy
|
||
|
63C000
|
stack
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
4852000
|
direct allocation
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
4993000
|
heap
|
page read and write
|
||
|
40BF000
|
stack
|
page read and write
|
||
|
3A9E000
|
stack
|
page read and write
|
||
|
2F3F000
|
stack
|
page read and write
|
||
|
4E4000
|
unkown
|
page execute and write copy
|
||
|
C80000
|
unkown
|
page read and write
|
||
|
35BE000
|
stack
|
page read and write
|
||
|
F3F000
|
unkown
|
page execute and read and write
|
||
|
40C000
|
unkown
|
page execute and read and write
|
||
|
102A000
|
unkown
|
page execute and write copy
|
||
|
E90000
|
heap
|
page read and write
|
||
|
8D3000
|
unkown
|
page execute and read and write
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
40E000
|
unkown
|
page execute and write copy
|
||
|
76A000
|
heap
|
page read and write
|
||
|
FAA000
|
unkown
|
page execute and write copy
|
||
|
3A7F000
|
stack
|
page read and write
|
||
|
150000
|
unkown
|
page readonly
|
||
|
436000
|
unkown
|
page execute and read and write
|
||
|
82E000
|
unkown
|
page execute and write copy
|
||
|
919000
|
unkown
|
page execute and read and write
|
||
|
1013000
|
unkown
|
page execute and read and write
|
||
|
433F000
|
stack
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
F75000
|
unkown
|
page execute and write copy
|
||
|
DB3000
|
unkown
|
page execute and read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
3F2000
|
unkown
|
page execute and write copy
|
||
|
4825000
|
heap
|
page read and write
|
||
|
326F000
|
stack
|
page read and write
|
||
|
289E000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
902000
|
unkown
|
page execute and write copy
|
||
|
810000
|
unkown
|
page execute and read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
844000
|
unkown
|
page execute and read and write
|
||
|
283000
|
unkown
|
page execute and read and write
|
||
|
E6F000
|
heap
|
page read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
903000
|
unkown
|
page execute and read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
4830000
|
direct allocation
|
page execute and read and write
|
||
|
9AC000
|
stack
|
page read and write
|
||
|
F76000
|
unkown
|
page execute and read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
8E5000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
2B1E000
|
stack
|
page read and write
|
||
|
33AF000
|
stack
|
page read and write
|
||
|
6B7000
|
unkown
|
page execute and read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
40FE000
|
stack
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
4E3000
|
unkown
|
page execute and read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
11E7000
|
heap
|
page read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
904000
|
unkown
|
page execute and write copy
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
6AB000
|
unkown
|
page read and write
|
||
|
4460000
|
direct allocation
|
page execute and read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
570000
|
unkown
|
page read and write
|
||
|
F4C000
|
unkown
|
page execute and write copy
|
||
|
856000
|
unkown
|
page execute and read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
86E000
|
unkown
|
page execute and write copy
|
||
|
F5B000
|
unkown
|
page execute and write copy
|
||
|
3BDE000
|
stack
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
4925000
|
heap
|
page read and write
|
||
|
421E000
|
stack
|
page read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
423E000
|
stack
|
page read and write
|
||
|
39DF000
|
stack
|
page read and write
|
||
|
445000
|
unkown
|
page execute and write copy
|
||
|
4E2000
|
unkown
|
page execute and write copy
|
||
|
4F9000
|
unkown
|
page execute and write copy
|
||
|
6AC000
|
unkown
|
page execute and write copy
|
||
|
DBC000
|
unkown
|
page execute and read and write
|
||
|
41FF000
|
stack
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
2B7F000
|
stack
|
page read and write
|
||
|
F8A000
|
unkown
|
page execute and read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
DBC000
|
unkown
|
page execute and write copy
|
||
|
4772000
|
direct allocation
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
409F000
|
stack
|
page read and write
|
||
|
4680000
|
direct allocation
|
page execute and read and write
|
||
|
495D000
|
stack
|
page read and write
|
||
|
F22000
|
unkown
|
page execute and write copy
|
||
|
3A5F000
|
stack
|
page read and write
|
||
|
E9E000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
903000
|
unkown
|
page execute and read and write
|
||
|
41C000
|
unkown
|
page execute and write copy
|
||
|
3C5F000
|
stack
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
33EE000
|
stack
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
904000
|
unkown
|
page execute and write copy
|
||
|
291E000
|
stack
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
285F000
|
stack
|
page read and write
|
||
|
C81000
|
unkown
|
page execute and write copy
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
FE5000
|
unkown
|
page execute and read and write
|
||
|
866000
|
unkown
|
page execute and read and write
|
||
|
393F000
|
stack
|
page read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
570000
|
unkown
|
page readonly
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
ED6000
|
heap
|
page read and write
|
||
|
431F000
|
stack
|
page read and write
|
||
|
84B000
|
unkown
|
page execute and write copy
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
C80000
|
unkown
|
page readonly
|
||
|
73C000
|
stack
|
page read and write
|
||
|
3E1F000
|
stack
|
page read and write
|
||
|
4FA000
|
unkown
|
page execute and write copy
|
||
|
571000
|
unkown
|
page execute and write copy
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
6AB000
|
unkown
|
page read and write
|
||
|
3F5F000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
B0C000
|
heap
|
page read and write
|
||
|
89B000
|
unkown
|
page execute and read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
1012000
|
unkown
|
page execute and write copy
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
6A8000
|
unkown
|
page write copy
|
||
|
2A70000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
F3C000
|
unkown
|
page execute and read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
36FE000
|
stack
|
page read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
F54000
|
unkown
|
page execute and read and write
|
||
|
90A000
|
unkown
|
page execute and write copy
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
F66000
|
unkown
|
page execute and read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
3E5E000
|
stack
|
page read and write
|
||
|
919000
|
unkown
|
page execute and write copy
|
||
|
FF8000
|
unkown
|
page execute and write copy
|
||
|
1270000
|
heap
|
page read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
570000
|
unkown
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
4740000
|
direct allocation
|
page execute and read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
F8A000
|
unkown
|
page execute and read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
466F000
|
stack
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
3D1E000
|
stack
|
page read and write
|
||
|
6B8000
|
unkown
|
page execute and write copy
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
55D000
|
stack
|
page read and write
|
||
|
E67000
|
heap
|
page read and write
|
||
|
44BE000
|
stack
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
838000
|
unkown
|
page execute and write copy
|
||
|
499A000
|
heap
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
3D3E000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
4490000
|
direct allocation
|
page execute and read and write
|
||
|
83C000
|
unkown
|
page execute and write copy
|
||
|
F7E000
|
unkown
|
page execute and write copy
|
||
|
854000
|
unkown
|
page execute and write copy
|
||
|
8EB000
|
unkown
|
page execute and write copy
|
||
|
91A000
|
unkown
|
page execute and write copy
|
||
|
890000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
36BF000
|
stack
|
page read and write
|
||
|
395E000
|
stack
|
page read and write
|
||
|
8EB000
|
unkown
|
page execute and write copy
|
||
|
498F000
|
heap
|
page read and write
|
||
|
4A4E000
|
stack
|
page read and write
|
||
|
3F0000
|
unkown
|
page execute and read and write
|
||
|
102A000
|
unkown
|
page execute and write copy
|
||
|
FAA000
|
unkown
|
page execute and write copy
|
||
|
6A8000
|
unkown
|
page write copy
|
||
|
341F000
|
stack
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
DC7000
|
unkown
|
page execute and read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
2AD0000
|
heap
|
page read and write
|
||
|
8E8000
|
unkown
|
page execute and write copy
|
||
|
8E8000
|
unkown
|
page execute and write copy
|
||
|
F66000
|
unkown
|
page execute and read and write
|
||
|
F75000
|
unkown
|
page execute and write copy
|
||
|
355F000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
4EA000
|
unkown
|
page execute and write copy
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
6AC000
|
unkown
|
page execute and read and write
|
||
|
B26000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
90A000
|
unkown
|
page execute and write copy
|
||
|
FE3000
|
unkown
|
page execute and read and write
|
||
|
91A000
|
unkown
|
page execute and write copy
|
||
|
44E000
|
unkown
|
page execute and write copy
|
||
|
DC6000
|
unkown
|
page execute and write copy
|
||
|
447F000
|
stack
|
page read and write
|
||
|
E2A000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
1014000
|
unkown
|
page execute and write copy
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
11D0000
|
direct allocation
|
page execute and read and write
|
||
|
4650000
|
direct allocation
|
page execute and read and write
|
||
|
4978000
|
heap
|
page read and write
|
||
|
288000
|
unkown
|
page write copy
|
||
|
1013000
|
unkown
|
page execute and read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
468D000
|
stack
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
902000
|
unkown
|
page execute and write copy
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
C70000
|
direct allocation
|
page execute and read and write
|
||
|
418000
|
unkown
|
page execute and read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
4952000
|
direct allocation
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
82E000
|
unkown
|
page execute and write copy
|
||
|
472D000
|
heap
|
page read and write
|
||
|
4860000
|
direct allocation
|
page execute and read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page execute and write copy
|
||
|
3C9E000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
416F000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1197000
|
heap
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
101F000
|
stack
|
page read and write
|
There are 647 hidden memdumps, click here to show them.