Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LisectAVT_2403002A_376.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
|
ASCII text, with no line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LisectAVT_2403002A_376.exe
|
"C:\Users\user\Desktop\LisectAVT_2403002A_376.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
C:\ProgramData\MPGPH131\MPGPH131.exe
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
|
"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
|
unknown
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
https://t.me/RiseProSUPPORT
|
unknown
|
||
|
https://t.me/RiseProSUPPORTWj
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.233.132.74
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RageMP131
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E21000
|
unkown
|
page execute and read and write
|
|
|
|
471000
|
unkown
|
page execute and read and write
|
|
|
|
4980000
|
direct allocation
|
page read and write
|
|
|
|
471000
|
unkown
|
page execute and read and write
|
|
|
|
4A40000
|
direct allocation
|
page read and write
|
|
|
|
E21000
|
unkown
|
page execute and read and write
|
|
|
|
4860000
|
direct allocation
|
page read and write
|
|
|
|
4A60000
|
direct allocation
|
page read and write
|
|
|
|
611000
|
unkown
|
page execute and read and write
|
|
|
|
5210000
|
direct allocation
|
page read and write
|
|
|
|
40BE000
|
stack
|
page read and write
|
||
|
7C1000
|
unkown
|
page execute and read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
4DAE000
|
stack
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
11A0000
|
unkown
|
page execute and read and write
|
||
|
2D5F000
|
stack
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
116D000
|
heap
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
11B6000
|
unkown
|
page execute and write copy
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
F04000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
470000
|
unkown
|
page read and write
|
||
|
43DF000
|
stack
|
page read and write
|
||
|
28A7000
|
heap
|
page read and write
|
||
|
3E3E000
|
stack
|
page read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
470000
|
unkown
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
44DF000
|
stack
|
page read and write
|
||
|
32BF000
|
stack
|
page read and write
|
||
|
4C7D000
|
stack
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
38DE000
|
stack
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
||
|
806000
|
unkown
|
page execute and read and write
|
||
|
11B7000
|
unkown
|
page execute and write copy
|
||
|
376F000
|
stack
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
9A7000
|
unkown
|
page execute and write copy
|
||
|
1311000
|
unkown
|
page execute and read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
172E000
|
heap
|
page read and write
|
||
|
47FF000
|
stack
|
page read and write
|
||
|
4A7B000
|
heap
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
7F0000
|
unkown
|
page execute and read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
806000
|
unkown
|
page execute and write copy
|
||
|
39DF000
|
stack
|
page read and write
|
||
|
479F000
|
stack
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and read and write
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
EFD000
|
stack
|
page read and write
|
||
|
4A2F000
|
stack
|
page read and write
|
||
|
411F000
|
stack
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
366E000
|
stack
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
4981000
|
heap
|
page read and write
|
||
|
10DF000
|
unkown
|
page execute and read and write
|
||
|
8CF000
|
unkown
|
page execute and read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
962000
|
unkown
|
page execute and write copy
|
||
|
F5C000
|
unkown
|
page execute and read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
5AC000
|
unkown
|
page execute and read and write
|
||
|
2E9F000
|
stack
|
page read and write
|
||
|
E20000
|
unkown
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
4870000
|
direct allocation
|
page execute and read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
506F000
|
stack
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
51AF000
|
stack
|
page read and write
|
||
|
3DAF000
|
stack
|
page read and write
|
||
|
E21000
|
unkown
|
page execute and write copy
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
961000
|
unkown
|
page execute and read and write
|
||
|
4B92000
|
direct allocation
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
F58000
|
unkown
|
page write copy
|
||
|
483E000
|
stack
|
page read and write
|
||
|
3A7E000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
41FE000
|
stack
|
page read and write
|
||
|
F58000
|
unkown
|
page write copy
|
||
|
392E000
|
stack
|
page read and write
|
||
|
3F3F000
|
stack
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
1177000
|
heap
|
page read and write
|
||
|
2DEE000
|
stack
|
page read and write
|
||
|
F5C000
|
unkown
|
page execute and read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
1880000
|
heap
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
F3C000
|
stack
|
page read and write
|
||
|
402F000
|
stack
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
491E000
|
stack
|
page read and write
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
748000
|
unkown
|
page write copy
|
||
|
997000
|
unkown
|
page execute and read and write
|
||
|
7F7000
|
unkown
|
page execute and read and write
|
||
|
465F000
|
stack
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
172A000
|
heap
|
page read and write
|
||
|
3DEE000
|
stack
|
page read and write
|
||
|
407F000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
335F000
|
stack
|
page read and write
|
||
|
113A000
|
heap
|
page read and write
|
||
|
48DF000
|
stack
|
page read and write
|
||
|
117F000
|
heap
|
page read and write
|
||
|
42FF000
|
stack
|
page read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
3EDE000
|
stack
|
page read and write
|
||
|
47DE000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
469E000
|
stack
|
page read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
1171000
|
unkown
|
page execute and read and write
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
34DF000
|
stack
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
36BE000
|
stack
|
page read and write
|
||
|
74C000
|
unkown
|
page execute and read and write
|
||
|
4A70000
|
direct allocation
|
page execute and read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
461F000
|
stack
|
page read and write
|
||
|
47ED000
|
stack
|
page read and write
|
||
|
1766000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
315E000
|
stack
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
32AF000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
5220000
|
direct allocation
|
page execute and read and write
|
||
|
5A8000
|
unkown
|
page write copy
|
||
|
475F000
|
stack
|
page read and write
|
||
|
16FD000
|
stack
|
page read and write
|
||
|
7FD000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
37FE000
|
stack
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
419E000
|
stack
|
page read and write
|
||
|
3CFE000
|
stack
|
page read and write
|
||
|
3F7E000
|
stack
|
page read and write
|
||
|
961000
|
unkown
|
page execute and read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
4992000
|
direct allocation
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
43EF000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
9A6000
|
unkown
|
page execute and write copy
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
351E000
|
stack
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
443F000
|
stack
|
page read and write
|
||
|
743000
|
unkown
|
page execute and read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
127A000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
B02000
|
unkown
|
page execute and write copy
|
||
|
3A2E000
|
stack
|
page read and write
|
||
|
362F000
|
stack
|
page read and write
|
||
|
4A55000
|
heap
|
page read and write
|
||
|
7C1000
|
unkown
|
page execute and read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
9A6000
|
unkown
|
page execute and read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
11A0000
|
unkown
|
page execute and read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
442E000
|
stack
|
page read and write
|
||
|
990000
|
unkown
|
page execute and read and write
|
||
|
33FE000
|
stack
|
page read and write
|
||
|
B2C000
|
stack
|
page read and write
|
||
|
72F000
|
unkown
|
page execute and read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
4CAF000
|
stack
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
34DE000
|
stack
|
page read and write
|
||
|
429E000
|
stack
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
3C9E000
|
stack
|
page read and write
|
||
|
441E000
|
stack
|
page read and write
|
||
|
429F000
|
stack
|
page read and write
|
||
|
3D9E000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
961000
|
unkown
|
page execute and read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
4AB2000
|
direct allocation
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
6FC000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
2B2F000
|
stack
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
43DE000
|
stack
|
page read and write
|
||
|
1312000
|
unkown
|
page execute and write copy
|
||
|
375E000
|
stack
|
page read and write
|
||
|
2FDF000
|
stack
|
page read and write
|
||
|
748000
|
unkown
|
page write copy
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
3B2F000
|
stack
|
page read and write
|
||
|
4872000
|
heap
|
page read and write
|
||
|
46BF000
|
stack
|
page read and write
|
||
|
451F000
|
stack
|
page read and write
|
||
|
962000
|
unkown
|
page execute and write copy
|
||
|
415E000
|
stack
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
4F6E000
|
stack
|
page read and write
|
||
|
3C5F000
|
stack
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
471000
|
unkown
|
page execute and write copy
|
||
|
176E000
|
heap
|
page read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
38FF000
|
stack
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
F53000
|
unkown
|
page execute and read and write
|
||
|
ECD000
|
heap
|
page read and write
|
||
|
493F000
|
stack
|
page read and write
|
||
|
72F000
|
unkown
|
page execute and read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
11A7000
|
unkown
|
page execute and read and write
|
||
|
33DE000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
F0C000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
451E000
|
stack
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
5AC000
|
unkown
|
page execute and read and write
|
||
|
11B6000
|
unkown
|
page execute and write copy
|
||
|
3FDF000
|
stack
|
page read and write
|
||
|
113E000
|
heap
|
page read and write
|
||
|
405E000
|
stack
|
page read and write
|
||
|
3F2E000
|
stack
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
3E9F000
|
stack
|
page read and write
|
||
|
3A2F000
|
stack
|
page read and write
|
||
|
416F000
|
stack
|
page read and write
|
||
|
48DE000
|
stack
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page read and write
|
||
|
4BAD000
|
stack
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
126A000
|
heap
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
47F0000
|
heap
|
page read and write
|
||
|
B01000
|
unkown
|
page execute and read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
433E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
11A7000
|
unkown
|
page execute and read and write
|
||
|
302F000
|
stack
|
page read and write
|
||
|
2C3F000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
4A50000
|
direct allocation
|
page execute and read and write
|
||
|
2C6F000
|
stack
|
page read and write
|
||
|
13AC000
|
stack
|
page read and write
|
||
|
49DF000
|
stack
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
343E000
|
stack
|
page read and write
|
||
|
3D5F000
|
stack
|
page read and write
|
||
|
3B7F000
|
stack
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
452F000
|
stack
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
357E000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
611000
|
unkown
|
page execute and write copy
|
||
|
3EDF000
|
stack
|
page read and write
|
||
|
555E000
|
stack
|
page read and write
|
||
|
5A8000
|
unkown
|
page write copy
|
||
|
3DFF000
|
stack
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
2E5F000
|
stack
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
389F000
|
stack
|
page read and write
|
||
|
3BBE000
|
stack
|
page read and write
|
||
|
3C6F000
|
stack
|
page read and write
|
||
|
3A3F000
|
stack
|
page read and write
|
||
|
349F000
|
stack
|
page read and write
|
||
|
4F2F000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
457F000
|
stack
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
401F000
|
stack
|
page read and write
|
||
|
7F0000
|
unkown
|
page execute and read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
2DBF000
|
stack
|
page read and write
|
||
|
5A3000
|
unkown
|
page execute and read and write
|
||
|
466F000
|
stack
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
339F000
|
stack
|
page read and write
|
||
|
3EEF000
|
stack
|
page read and write
|
||
|
45BE000
|
stack
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
3C5E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
4A6E000
|
stack
|
page read and write
|
||
|
3B1F000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
E21000
|
unkown
|
page execute and write copy
|
||
|
1885000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
4B72000
|
direct allocation
|
page read and write
|
||
|
2C57000
|
heap
|
page read and write
|
||
|
3F1E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
9FC000
|
stack
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
1171000
|
unkown
|
page execute and read and write
|
||
|
48EF000
|
stack
|
page read and write
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
11B6000
|
unkown
|
page execute and read and write
|
||
|
176E000
|
heap
|
page read and write
|
||
|
CFD000
|
stack
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
1311000
|
unkown
|
page execute and read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
610000
|
unkown
|
page readonly
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
41BF000
|
stack
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
10DF000
|
unkown
|
page execute and read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
807000
|
unkown
|
page execute and write copy
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
4B6F000
|
stack
|
page read and write
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
2CB7000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
AD8000
|
heap
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
117E000
|
heap
|
page read and write
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
3B6E000
|
stack
|
page read and write
|
||
|
365E000
|
stack
|
page read and write
|
||
|
4E2E000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
2EEF000
|
stack
|
page read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
42DE000
|
stack
|
page read and write
|
||
|
4980000
|
direct allocation
|
page execute and read and write
|
||
|
38AF000
|
stack
|
page read and write
|
||
|
375F000
|
stack
|
page read and write
|
||
|
39EF000
|
stack
|
page read and write
|
||
|
F53000
|
unkown
|
page execute and read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
4DEF000
|
stack
|
page read and write
|
||
|
406E000
|
stack
|
page read and write
|
||
|
465E000
|
stack
|
page read and write
|
||
|
325E000
|
stack
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
522B000
|
heap
|
page read and write
|
||
|
5A8000
|
unkown
|
page write copy
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
393E000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
3D9F000
|
stack
|
page read and write
|
||
|
361F000
|
stack
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
37BF000
|
stack
|
page read and write
|
||
|
439F000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
311F000
|
stack
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
2C17000
|
heap
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
806000
|
unkown
|
page execute and read and write
|
||
|
5342000
|
direct allocation
|
page read and write
|
||
|
F58000
|
unkown
|
page write copy
|
||
|
F58000
|
unkown
|
page write copy
|
||
|
3DDE000
|
stack
|
page read and write
|
||
|
610000
|
unkown
|
page read and write
|
||
|
471000
|
unkown
|
page execute and write copy
|
||
|
492E000
|
stack
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
4A80000
|
direct allocation
|
page execute and read and write
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
806000
|
unkown
|
page execute and write copy
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
1312000
|
unkown
|
page execute and write copy
|
||
|
425F000
|
stack
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
5A8000
|
unkown
|
page write copy
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
3427000
|
heap
|
page read and write
|
||
|
4B9E000
|
stack
|
page read and write
|
||
|
48A0000
|
direct allocation
|
page execute and read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
42AF000
|
stack
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
4AA0000
|
direct allocation
|
page execute and read and write
|
||
|
11B6000
|
unkown
|
page execute and read and write
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
3CAE000
|
stack
|
page read and write
|
||
|
807000
|
unkown
|
page execute and write copy
|
||
|
F0C000
|
heap
|
page read and write
|
||
|
41AF000
|
stack
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
11B7000
|
unkown
|
page execute and write copy
|
||
|
49B0000
|
direct allocation
|
page execute and read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
371F000
|
stack
|
page read and write
|
||
|
447E000
|
stack
|
page read and write
|
||
|
7F7000
|
unkown
|
page execute and read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
There are 485 hidden memdumps, click here to show them.