Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002A_151.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
|
ASCII text, with no line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002A_151.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_151.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
|
unknown
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
https://t.me/RiseProSUPPORT
|
unknown
|
||
|
https://ipinfo.io/
|
unknown
|
||
|
https://t.me/RiseProSUPPORT2
|
unknown
|
||
|
https://www.maxmind.com/en/locate-my-ip-address
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.233.132.62
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RageMP131
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5E1000
|
unkown
|
page execute and read and write
|
|
|
|
49C0000
|
direct allocation
|
page read and write
|
|
|
|
4DC0000
|
direct allocation
|
page read and write
|
|
|
|
E91000
|
unkown
|
page execute and read and write
|
|
|
|
9C1000
|
unkown
|
page execute and read and write
|
|
|
|
4B60000
|
direct allocation
|
page read and write
|
|
|
|
E91000
|
unkown
|
page execute and read and write
|
|
|
|
4320000
|
direct allocation
|
page read and write
|
|
|
|
5E1000
|
unkown
|
page execute and read and write
|
|
|
|
4AA0000
|
direct allocation
|
page read and write
|
|
|
|
2B1F000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
8AE000
|
unkown
|
page execute and write copy
|
||
|
C6B000
|
unkown
|
page execute and write copy
|
||
|
FC3000
|
unkown
|
page execute and read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
419F000
|
stack
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
11BD000
|
unkown
|
page execute and write copy
|
||
|
728000
|
unkown
|
page execute and write copy
|
||
|
436F000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
5026000
|
heap
|
page read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
3E5E000
|
stack
|
page read and write
|
||
|
8A0000
|
unkown
|
page execute and read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and write copy
|
||
|
1165000
|
unkown
|
page execute and read and write
|
||
|
372E000
|
stack
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
113B000
|
unkown
|
page execute and write copy
|
||
|
1197000
|
unkown
|
page execute and write copy
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
713000
|
unkown
|
page execute and read and write
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
1820000
|
direct allocation
|
page execute and read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
12FA000
|
heap
|
page read and write
|
||
|
5E0000
|
unkown
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
40EF000
|
stack
|
page read and write
|
||
|
97C000
|
unkown
|
page execute and write copy
|
||
|
1139000
|
unkown
|
page execute and read and write
|
||
|
17FE000
|
stack
|
page read and write
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
AF3000
|
unkown
|
page execute and read and write
|
||
|
A7C000
|
stack
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
49AF000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
486F000
|
stack
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
B52000
|
heap
|
page read and write
|
||
|
E4F000
|
stack
|
page read and write
|
||
|
421E000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
B08000
|
unkown
|
page execute and write copy
|
||
|
12FD000
|
heap
|
page read and write
|
||
|
CD3000
|
unkown
|
page execute and read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
11C0000
|
unkown
|
page execute and read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
718000
|
unkown
|
page write copy
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
8B5000
|
unkown
|
page execute and read and write
|
||
|
1214000
|
unkown
|
page execute and write copy
|
||
|
3A5F000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
391F000
|
stack
|
page read and write
|
||
|
386E000
|
stack
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
1211000
|
unkown
|
page execute and write copy
|
||
|
35EE000
|
stack
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
C95000
|
unkown
|
page execute and read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
D5C000
|
unkown
|
page execute and write copy
|
||
|
122B000
|
unkown
|
page execute and read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
FC8000
|
unkown
|
page write copy
|
||
|
1232000
|
unkown
|
page execute and write copy
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
4DCF000
|
heap
|
page read and write
|
||
|
DCA000
|
heap
|
page read and write
|
||
|
122B000
|
unkown
|
page execute and write copy
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
5044000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
40DE000
|
stack
|
page read and write
|
||
|
409E000
|
stack
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
3AAF000
|
stack
|
page read and write
|
||
|
346F000
|
stack
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
3BDE000
|
stack
|
page read and write
|
||
|
9C0000
|
unkown
|
page read and write
|
||
|
3A1F000
|
stack
|
page read and write
|
||
|
4BD2000
|
direct allocation
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
3AEE000
|
stack
|
page read and write
|
||
|
4C3F000
|
stack
|
page read and write
|
||
|
4A5F000
|
stack
|
page read and write
|
||
|
3F9E000
|
stack
|
page read and write
|
||
|
459F000
|
stack
|
page read and write
|
||
|
4EF2000
|
direct allocation
|
page read and write
|
||
|
8DC000
|
unkown
|
page execute and write copy
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
4FD6000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
118D000
|
unkown
|
page execute and read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
B46000
|
heap
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
CBD000
|
unkown
|
page execute and read and write
|
||
|
455D000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
D44000
|
unkown
|
page execute and write copy
|
||
|
1242000
|
unkown
|
page execute and read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
961000
|
unkown
|
page execute and write copy
|
||
|
49D2000
|
heap
|
page read and write
|
||
|
D2D000
|
unkown
|
page execute and read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
FCB000
|
unkown
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
122C000
|
unkown
|
page execute and write copy
|
||
|
355E000
|
stack
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
8B3000
|
unkown
|
page execute and write copy
|
||
|
309E000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
137E000
|
heap
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
4AEF000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
4D9D000
|
stack
|
page read and write
|
||
|
DC6000
|
heap
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
D4F000
|
stack
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
462E000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
97B000
|
unkown
|
page execute and read and write
|
||
|
455F000
|
stack
|
page read and write
|
||
|
449E000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
37DE000
|
stack
|
page read and write
|
||
|
1466000
|
heap
|
page read and write
|
||
|
71B000
|
unkown
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
8E7000
|
unkown
|
page execute and write copy
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
4CCD000
|
stack
|
page read and write
|
||
|
3A9E000
|
stack
|
page read and write
|
||
|
32DF000
|
stack
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
29DF000
|
stack
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
11A3000
|
unkown
|
page execute and read and write
|
||
|
D72000
|
unkown
|
page execute and write copy
|
||
|
1150000
|
unkown
|
page execute and read and write
|
||
|
CF0000
|
unkown
|
page execute and read and write
|
||
|
4327000
|
heap
|
page read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
8AE000
|
unkown
|
page execute and read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
322E000
|
stack
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
4FCD000
|
heap
|
page read and write
|
||
|
D0C000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
5040000
|
heap
|
page read and write
|
||
|
345E000
|
stack
|
page read and write
|
||
|
4B70000
|
direct allocation
|
page execute and read and write
|
||
|
992000
|
unkown
|
page execute and write copy
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
36EF000
|
stack
|
page read and write
|
||
|
992000
|
unkown
|
page execute and read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
CBC000
|
unkown
|
page execute and write copy
|
||
|
C30000
|
heap
|
page read and write
|
||
|
503D000
|
heap
|
page read and write
|
||
|
369F000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
FC8000
|
unkown
|
page write copy
|
||
|
B50000
|
heap
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
341F000
|
stack
|
page read and write
|
||
|
B7C000
|
stack
|
page read and write
|
||
|
5029000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
C69000
|
unkown
|
page execute and read and write
|
||
|
3F5F000
|
stack
|
page read and write
|
||
|
AFB000
|
unkown
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
94D000
|
unkown
|
page execute and read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
391D000
|
stack
|
page read and write
|
||
|
5023000
|
heap
|
page read and write
|
||
|
5026000
|
heap
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
4FCA000
|
heap
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
8B5000
|
unkown
|
page execute and read and write
|
||
|
97B000
|
unkown
|
page execute and read and write
|
||
|
AFD000
|
stack
|
page read and write
|
||
|
122B000
|
unkown
|
page execute and read and write
|
||
|
45EF000
|
stack
|
page read and write
|
||
|
88B000
|
unkown
|
page execute and write copy
|
||
|
3CDF000
|
stack
|
page read and write
|
||
|
422F000
|
stack
|
page read and write
|
||
|
3C2E000
|
stack
|
page read and write
|
||
|
713000
|
unkown
|
page execute and read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
1232000
|
unkown
|
page execute and write copy
|
||
|
395E000
|
stack
|
page read and write
|
||
|
D62000
|
unkown
|
page execute and write copy
|
||
|
445F000
|
stack
|
page read and write
|
||
|
4EA0000
|
heap
|
page read and write
|
||
|
412E000
|
stack
|
page read and write
|
||
|
982000
|
unkown
|
page execute and write copy
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
379F000
|
stack
|
page read and write
|
||
|
122C000
|
unkown
|
page execute and write copy
|
||
|
1850000
|
heap
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
1232000
|
unkown
|
page execute and write copy
|
||
|
441F000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
982000
|
unkown
|
page execute and write copy
|
||
|
423F000
|
stack
|
page read and write
|
||
|
42DF000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
C8E000
|
unkown
|
page execute and write copy
|
||
|
C8E000
|
unkown
|
page execute and read and write
|
||
|
34AE000
|
stack
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and write copy
|
||
|
1211000
|
unkown
|
page execute and write copy
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
4DD0000
|
heap
|
page read and write
|
||
|
8B3000
|
unkown
|
page execute and write copy
|
||
|
8DD000
|
unkown
|
page execute and read and write
|
||
|
355F000
|
stack
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
133D000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
118C000
|
unkown
|
page execute and write copy
|
||
|
383F000
|
stack
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
473F000
|
stack
|
page read and write
|
||
|
910000
|
unkown
|
page execute and read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
289F000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
43AE000
|
stack
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
FC3000
|
unkown
|
page execute and read and write
|
||
|
133D000
|
heap
|
page read and write
|
||
|
951000
|
unkown
|
page execute and read and write
|
||
|
431F000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
AFC000
|
unkown
|
page execute and read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
982000
|
unkown
|
page execute and write copy
|
||
|
510000
|
heap
|
page read and write
|
||
|
137E000
|
heap
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
97B000
|
unkown
|
page execute and write copy
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
1242000
|
unkown
|
page execute and read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
4B74000
|
heap
|
page read and write
|
||
|
CC7000
|
unkown
|
page execute and write copy
|
||
|
341E000
|
stack
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
118C000
|
unkown
|
page execute and write copy
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
33DF000
|
stack
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
94D000
|
unkown
|
page execute and read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
FCC000
|
unkown
|
page execute and write copy
|
||
|
419F000
|
stack
|
page read and write
|
||
|
1CD000
|
stack
|
page read and write
|
||
|
481F000
|
stack
|
page read and write
|
||
|
491F000
|
stack
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
13F7000
|
heap
|
page read and write
|
||
|
3A5E000
|
stack
|
page read and write
|
||
|
AFC000
|
unkown
|
page execute and write copy
|
||
|
405F000
|
stack
|
page read and write
|
||
|
11FD000
|
unkown
|
page execute and read and write
|
||
|
FC8000
|
unkown
|
page write copy
|
||
|
8F3000
|
unkown
|
page execute and read and write
|
||
|
476E000
|
stack
|
page read and write
|
||
|
FCB000
|
unkown
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
269F000
|
stack
|
page read and write
|
||
|
44AF000
|
stack
|
page read and write
|
||
|
B18000
|
heap
|
page read and write
|
||
|
3B9F000
|
stack
|
page read and write
|
||
|
CED000
|
unkown
|
page execute and write copy
|
||
|
DBE000
|
heap
|
page read and write
|
||
|
1201000
|
unkown
|
page execute and read and write
|
||
|
964000
|
unkown
|
page execute and write copy
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
992000
|
unkown
|
page execute and write copy
|
||
|
E90000
|
unkown
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
FC8000
|
unkown
|
page write copy
|
||
|
3D6E000
|
stack
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
11FD000
|
unkown
|
page execute and read and write
|
||
|
4E9E000
|
stack
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
459E000
|
stack
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
97B000
|
unkown
|
page execute and write copy
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
1242000
|
unkown
|
page execute and write copy
|
||
|
5E1000
|
unkown
|
page execute and write copy
|
||
|
391E000
|
stack
|
page read and write
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
113B000
|
unkown
|
page execute and write copy
|
||
|
CC000
|
stack
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
964000
|
unkown
|
page execute and write copy
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
11C0000
|
unkown
|
page execute and read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
4C92000
|
direct allocation
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
35AF000
|
stack
|
page read and write
|
||
|
718000
|
unkown
|
page write copy
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
1857000
|
heap
|
page read and write
|
||
|
17BE000
|
stack
|
page read and write
|
||
|
71B000
|
unkown
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and write copy
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
3F1F000
|
stack
|
page read and write
|
||
|
12FC000
|
stack
|
page read and write
|
||
|
1232000
|
unkown
|
page execute and write copy
|
||
|
1242000
|
unkown
|
page execute and write copy
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
1163000
|
unkown
|
page execute and write copy
|
||
|
961000
|
unkown
|
page execute and write copy
|
||
|
8AE000
|
unkown
|
page execute and write copy
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
3F5E000
|
stack
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and write copy
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
CB0000
|
direct allocation
|
page execute and read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
E90000
|
unkown
|
page readonly
|
||
|
323E000
|
stack
|
page read and write
|
||
|
382F000
|
stack
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
D62000
|
unkown
|
page execute and write copy
|
||
|
4AF2000
|
direct allocation
|
page read and write
|
||
|
471E000
|
stack
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
9C1000
|
unkown
|
page execute and write copy
|
||
|
472F000
|
stack
|
page read and write
|
||
|
AF8000
|
unkown
|
page write copy
|
||
|
718000
|
unkown
|
page write copy
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
11A3000
|
unkown
|
page execute and read and write
|
||
|
3FEE000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
1373000
|
heap
|
page read and write
|
||
|
D5B000
|
unkown
|
page execute and write copy
|
||
|
3E1E000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
889000
|
unkown
|
page execute and read and write
|
||
|
145C000
|
heap
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
8A0000
|
unkown
|
page execute and read and write
|
||
|
3FAF000
|
stack
|
page read and write
|
||
|
88B000
|
unkown
|
page execute and write copy
|
||
|
1201000
|
unkown
|
page execute and read and write
|
||
|
405F000
|
stack
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
427E000
|
stack
|
page read and write
|
||
|
90D000
|
unkown
|
page execute and write copy
|
||
|
8DD000
|
unkown
|
page execute and read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and read and write
|
||
|
4D00000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
341E000
|
stack
|
page read and write
|
||
|
718000
|
unkown
|
page write copy
|
||
|
409F000
|
stack
|
page read and write
|
||
|
D31000
|
unkown
|
page execute and read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
118D000
|
unkown
|
page execute and read and write
|
||
|
1214000
|
unkown
|
page execute and write copy
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
4BFE000
|
stack
|
page read and write
|
||
|
426E000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
8DC000
|
unkown
|
page execute and write copy
|
||
|
951000
|
unkown
|
page execute and read and write
|
||
|
E91000
|
unkown
|
page execute and write copy
|
||
|
8E7000
|
unkown
|
page execute and write copy
|
||
|
41DF000
|
stack
|
page read and write
|
||
|
F3C000
|
stack
|
page read and write
|
||
|
4AA1000
|
heap
|
page read and write
|
||
|
FCC000
|
unkown
|
page execute and read and write
|
||
|
D41000
|
unkown
|
page execute and write copy
|
||
|
445E000
|
stack
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
71C000
|
unkown
|
page execute and read and write
|
||
|
163F000
|
stack
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
11BD000
|
unkown
|
page execute and write copy
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
8F3000
|
unkown
|
page execute and read and write
|
||
|
FD8000
|
unkown
|
page execute and write copy
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
D67000
|
heap
|
page read and write
|
||
|
5E0000
|
unkown
|
page read and write
|
||
|
D98000
|
heap
|
page read and write
|
||
|
D72000
|
unkown
|
page execute and read and write
|
||
|
B48000
|
heap
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
7AC000
|
stack
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
365F000
|
stack
|
page read and write
|
||
|
46DE000
|
stack
|
page read and write
|
||
|
AF8000
|
unkown
|
page write copy
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
1165000
|
unkown
|
page execute and read and write
|
||
|
5E1000
|
unkown
|
page execute and write copy
|
||
|
38DF000
|
stack
|
page read and write
|
||
|
D5B000
|
unkown
|
page execute and read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
1197000
|
unkown
|
page execute and write copy
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
3E1F000
|
stack
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
5047000
|
heap
|
page read and write
|
||
|
1830000
|
heap
|
page read and write
|
||
|
4FD3000
|
heap
|
page read and write
|
||
|
FCC000
|
unkown
|
page execute and read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
1163000
|
unkown
|
page execute and write copy
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
4DD0000
|
direct allocation
|
page execute and read and write
|
||
|
992000
|
unkown
|
page execute and read and write
|
||
|
4452000
|
direct allocation
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
728000
|
unkown
|
page execute and write copy
|
||
|
465E000
|
stack
|
page read and write
|
||
|
4A00000
|
direct allocation
|
page execute and read and write
|
||
|
3CDE000
|
stack
|
page read and write
|
||
|
C80000
|
unkown
|
page execute and read and write
|
||
|
DD2000
|
heap
|
page read and write
|
||
|
3D1E000
|
stack
|
page read and write
|
||
|
90D000
|
unkown
|
page execute and write copy
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
3B5F000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
982000
|
unkown
|
page execute and write copy
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
495F000
|
stack
|
page read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
4FD8000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
133E000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
2EDF000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
1150000
|
unkown
|
page execute and read and write
|
||
|
1139000
|
unkown
|
page execute and read and write
|
||
|
3EAE000
|
stack
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
329F000
|
stack
|
page read and write
|
||
|
435E000
|
stack
|
page read and write
|
||
|
315F000
|
stack
|
page read and write
|
||
|
485E000
|
stack
|
page read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
B52000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
CF7000
|
heap
|
page read and write
|
||
|
49D0000
|
direct allocation
|
page execute and read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
910000
|
unkown
|
page execute and read and write
|
||
|
E91000
|
unkown
|
page execute and write copy
|
||
|
4D7F000
|
stack
|
page read and write
|
||
|
C4E000
|
stack
|
page read and write
|
||
|
1376000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
889000
|
unkown
|
page execute and read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
97C000
|
unkown
|
page execute and write copy
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
C93000
|
unkown
|
page execute and write copy
|
||
|
8AE000
|
unkown
|
page execute and read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
39AE000
|
stack
|
page read and write
|
||
|
3E6F000
|
stack
|
page read and write
|
||
|
142A000
|
heap
|
page read and write
|
||
|
4AD0000
|
direct allocation
|
page execute and read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
FCC000
|
unkown
|
page execute and write copy
|
||
|
3D2F000
|
stack
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
396F000
|
stack
|
page read and write
|
||
|
FD8000
|
unkown
|
page execute and write copy
|
||
|
9C0000
|
unkown
|
page readonly
|
||
|
4FD5000
|
heap
|
page read and write
|
||
|
4BA0000
|
direct allocation
|
page execute and read and write
|
||
|
122B000
|
unkown
|
page execute and write copy
|
||
|
E90000
|
unkown
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
3BEF000
|
stack
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
There are 604 hidden memdumps, click here to show them.