Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
XY2I8rWLkM.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\ffrrdds\logs.dat
|
data
|
modified
|
|
|
|
C:\Users\Public\Libraries\Ocihlomc
|
data
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Ocihlomc.PIF
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\easinvoker.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Libraries\netutils.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Ocihlomc.url
|
MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Ocihlomc.PIF">), ASCII text, with CRLF line
terminators
|
dropped
|
|
|
|
\Device\ConDrv
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\Libraries\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\OcihlomcO.bat
|
Unicode text, UTF-16, little-endian text, with very long lines (15012), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Libraries\aaa.bat
|
DOS batch file, ASCII text, with very long lines (468), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\json[1].json
|
JSON data
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\XY2I8rWLkM.exe
|
"C:\Users\user\Desktop\XY2I8rWLkM.exe"
|
|
|
|
C:\Windows\SysWOW64\extrac32.exe
|
C:\\Windows\\System32\\extrac32.exe /C /Y C:\Users\user\Desktop\XY2I8rWLkM.exe C:\\Users\\Public\\Libraries\\Ocihlomc.PIF
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Users\Public\Libraries\Ocihlomc.PIF
|
"C:\Users\Public\Libraries\Ocihlomc.PIF"
|
|
|
|
C:\Windows\SysWOW64\SndVol.exe
|
C:\Windows\System32\SndVol.exe
|
|
|
|
C:\Users\Public\Libraries\Ocihlomc.PIF
|
"C:\Users\Public\Libraries\Ocihlomc.PIF"
|
|
|
|
C:\Windows\SysWOW64\colorcpl.exe
|
C:\Windows\System32\colorcpl.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\OcihlomcO.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jantis.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
|
|
|
http://geoplugin.net/json.gp/C
|
unknown
|
|
|
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://gjc1pa.dm.files.1drv.com/
|
unknown
|
||
|
https://gjc1pa.dm.files.1drv.com/y4m5jEZDAORJUhy5vxdvGivD8AK7KXuBMHd6mI9R-9NoISk9eoRi5CGeKvx95WShCc-
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
https://gjc1pa.dm.files.1drv.com/y4mpj9fRwfOnuyzM7YwI58jRvZ-dYfMjomP1KUnTARA567zRfUcLOtOoq9VQbjgVxqr
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://geoplugin.net/#Y
|
unknown
|
||
|
http://geoplugin.net/json.gp~6
|
unknown
|
||
|
http://geoplugin.net/
|
unknown
|
||
|
http://geoplugin.net/json.gpc6
|
unknown
|
||
|
https://onedrive.live.com/J
|
unknown
|
||
|
https://onedrive.live.com/download?resid=38773C188FECDED2%21107&authkey=!APdTZ0yd8fEkIVs
|
13.107.139.11
|
||
|
https://gjc1pa.dm.files.1drv.com:443/y4m5jEZDAORJUhy5vxdvGivD8AK7KXuBMHd6mI9R-9NoISk9eoRi5CGeKvx95WS
|
unknown
|
||
|
https://live.com/
|
unknown
|
||
|
http://geoplugin.net/json.gpJ6
|
unknown
|
||
|
http://geoplugin.net/json.gpX
|
unknown
|
||
|
https://onedrive.live.com/download?resid=38773C188FECDED2%21107&authkey=
|
unknown
|
||
|
http://geoplugin.net/json.gpm6
|
unknown
|
||
|
http://www.pmail.com
|
unknown
|
||
|
http://ocsp.sectigo.com0C
|
unknown
|
There are 16 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jantis.duckdns.org
|
103.186.117.171
|
|
|
|
dual-spov-0006.spov-msedge.net
|
13.107.139.11
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
onedrive.live.com
|
unknown
|
||
|
gjc1pa.dm.files.1drv.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.186.117.171
|
jantis.duckdns.org
|
unknown
|
|
|
|
13.107.139.11
|
dual-spov-0006.spov-msedge.net
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Ocihlomc
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TALGAI
|
exepath
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TALGAI
|
licence
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Rmc-TALGAI
|
time
|
|
|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
|
@%systemroot%\system32\colorui.dll,-1400
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\ProfileAssociations\Print\Fax
|
UsePerUserProfiles
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28A1000
|
direct allocation
|
page execute read
|
|
|
|
407000
|
heap
|
page read and write
|
|
|
|
4660000
|
direct allocation
|
page execute and read and write
|
|
|
|
2AE1000
|
direct allocation
|
page execute read
|
|
|
|
7AB000
|
heap
|
page read and write
|
|
|
|
1C630000
|
direct allocation
|
page execute and read and write
|
|
|
|
29B1000
|
direct allocation
|
page execute read
|
|
|
|
4830000
|
remote allocation
|
page execute and read and write
|
|
|
|
66E0000
|
remote allocation
|
page execute and read and write
|
|
|
|
228A000
|
direct allocation
|
page read and write
|
|
|
|
7FC10000
|
direct allocation
|
page read and write
|
|
|
|
185BF000
|
stack
|
page read and write
|
||
|
7F9F0000
|
direct allocation
|
page read and write
|
||
|
7AB000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
64E000
|
unkown
|
page read and write
|
||
|
7EC40000
|
direct allocation
|
page read and write
|
||
|
145C2000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
4820000
|
trusted library allocation
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5AC0000
|
heap
|
page read and write
|
||
|
1436E000
|
stack
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
7E560000
|
direct allocation
|
page read and write
|
||
|
1857E000
|
stack
|
page read and write
|
||
|
7BC000
|
heap
|
page read and write
|
||
|
145CD000
|
heap
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
1446E000
|
stack
|
page read and write
|
||
|
29DB000
|
direct allocation
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
2EB000
|
stack
|
page read and write
|
||
|
29EC000
|
direct allocation
|
page read and write
|
||
|
2394000
|
direct allocation
|
page read and write
|
||
|
144AE000
|
stack
|
page read and write
|
||
|
7FE2D000
|
direct allocation
|
page read and write
|
||
|
492D000
|
stack
|
page read and write
|
||
|
52D000
|
unkown
|
page write copy
|
||
|
13D5F000
|
direct allocation
|
page read and write
|
||
|
7FD5D000
|
direct allocation
|
page read and write
|
||
|
28A0000
|
direct allocation
|
page readonly
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
CA8000
|
direct allocation
|
page read and write
|
||
|
1473F000
|
stack
|
page read and write
|
||
|
496F000
|
stack
|
page read and write
|
||
|
3F7000
|
heap
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
13D91000
|
direct allocation
|
page read and write
|
||
|
67E000
|
stack
|
page read and write
|
||
|
13D58000
|
direct allocation
|
page read and write
|
||
|
1C6A8000
|
direct allocation
|
page execute and read and write
|
||
|
7ED30000
|
direct allocation
|
page read and write
|
||
|
258C000
|
stack
|
page read and write
|
||
|
7F9F0000
|
direct allocation
|
page read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
7E440000
|
direct allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page read and write
|
||
|
7E690000
|
direct allocation
|
page read and write
|
||
|
7EC30000
|
direct allocation
|
page read and write
|
||
|
2660000
|
heap
|
page read and write
|
||
|
529000
|
unkown
|
page read and write
|
||
|
270F000
|
direct allocation
|
page read and write
|
||
|
141CF000
|
stack
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
9A3000
|
heap
|
page read and write
|
||
|
262E000
|
stack
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
48EF000
|
stack
|
page read and write
|
||
|
65E0000
|
heap
|
page read and write
|
||
|
7FCF0000
|
direct allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
7F5000
|
heap
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
2748000
|
direct allocation
|
page read and write
|
||
|
7ED80000
|
direct allocation
|
page read and write
|
||
|
7E760000
|
direct allocation
|
page read and write
|
||
|
1409F000
|
stack
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
E4C000
|
stack
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
23A3000
|
direct allocation
|
page read and write
|
||
|
C81000
|
direct allocation
|
page read and write
|
||
|
49D000
|
stack
|
page read and write
|
||
|
2FB9000
|
stack
|
page read and write
|
||
|
7EFDB000
|
direct allocation
|
page read and write
|
||
|
186A0000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
529000
|
unkown
|
page read and write
|
||
|
1487D000
|
stack
|
page read and write
|
||
|
777000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
675000
|
stack
|
page read and write
|
||
|
23AA000
|
direct allocation
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
43F0000
|
heap
|
page read and write
|
||
|
13C48000
|
direct allocation
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
8EF000
|
stack
|
page read and write
|
||
|
8CF000
|
heap
|
page read and write
|
||
|
C7A000
|
direct allocation
|
page read and write
|
||
|
7E71F000
|
direct allocation
|
page read and write
|
||
|
22EC000
|
direct allocation
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
273A000
|
direct allocation
|
page read and write
|
||
|
7E71F000
|
direct allocation
|
page read and write
|
||
|
7FD10000
|
direct allocation
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
7E340000
|
direct allocation
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
2378000
|
direct allocation
|
page read and write
|
||
|
144AE000
|
stack
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
7ED10000
|
direct allocation
|
page read and write
|
||
|
14EAF000
|
heap
|
page read and write
|
||
|
50C000
|
unkown
|
page write copy
|
||
|
371B000
|
heap
|
page read and write
|
||
|
7ED00000
|
direct allocation
|
page read and write
|
||
|
7FD80000
|
direct allocation
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
7EC90000
|
direct allocation
|
page read and write
|
||
|
46D8000
|
direct allocation
|
page execute and read and write
|
||
|
7F9F0000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
991000
|
heap
|
page read and write
|
||
|
13BC7000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7AB000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
87E000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
76A000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
47AE000
|
stack
|
page read and write
|
||
|
4400000
|
heap
|
page read and write
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
C32000
|
direct allocation
|
page read and write
|
||
|
1C6A4000
|
direct allocation
|
page execute and read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
13F3F000
|
stack
|
page read and write
|
||
|
13D83000
|
direct allocation
|
page read and write
|
||
|
7FAF1000
|
direct allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
958000
|
heap
|
page read and write
|
||
|
56E000
|
unkown
|
page readonly
|
||
|
C40000
|
direct allocation
|
page read and write
|
||
|
2F30000
|
heap
|
page read and write
|
||
|
2CEE000
|
unkown
|
page read and write
|
||
|
2733000
|
direct allocation
|
page read and write
|
||
|
13C40000
|
direct allocation
|
page read and write
|
||
|
7E790000
|
direct allocation
|
page read and write
|
||
|
13D8A000
|
direct allocation
|
page read and write
|
||
|
7F070000
|
direct allocation
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7E6C0000
|
direct allocation
|
page read and write
|
||
|
1431F000
|
stack
|
page read and write
|
||
|
140DE000
|
stack
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2673000
|
direct allocation
|
page read and write
|
||
|
7EC80000
|
direct allocation
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
77E000
|
stack
|
page read and write
|
||
|
50F000
|
stack
|
page read and write
|
||
|
186B0000
|
heap
|
page read and write
|
||
|
2362000
|
direct allocation
|
page read and write
|
||
|
C59000
|
direct allocation
|
page read and write
|
||
|
14FA0000
|
trusted library allocation
|
page read and write
|
||
|
7EAFF000
|
direct allocation
|
page read and write
|
||
|
C84000
|
direct allocation
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
7E669000
|
direct allocation
|
page read and write
|
||
|
7E4AF000
|
direct allocation
|
page read and write
|
||
|
23B1000
|
direct allocation
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
7EA70000
|
direct allocation
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
C88000
|
direct allocation
|
page read and write
|
||
|
239C000
|
direct allocation
|
page read and write
|
||
|
39E000
|
stack
|
page read and write
|
||
|
13D4A000
|
direct allocation
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
7E71F000
|
direct allocation
|
page read and write
|
||
|
7E2B0000
|
direct allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
52B000
|
unkown
|
page read and write
|
||
|
2A5000
|
stack
|
page read and write
|
||
|
7E4F0000
|
direct allocation
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
7E5F0000
|
direct allocation
|
page read and write
|
||
|
2716000
|
direct allocation
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
28CB000
|
direct allocation
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
465B000
|
stack
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
14E95000
|
heap
|
page read and write
|
||
|
13CCC000
|
stack
|
page read and write
|
||
|
2FFC000
|
stack
|
page read and write
|
||
|
13C73000
|
direct allocation
|
page read and write
|
||
|
2741000
|
direct allocation
|
page read and write
|
||
|
2724000
|
direct allocation
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
C73000
|
direct allocation
|
page read and write
|
||
|
2AC6000
|
heap
|
page read and write
|
||
|
14A1E000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
42E000
|
heap
|
page read and write
|
||
|
13C88000
|
direct allocation
|
page read and write
|
||
|
3717000
|
heap
|
page read and write
|
||
|
1408F000
|
stack
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
7E570000
|
direct allocation
|
page read and write
|
||
|
7E6D0000
|
direct allocation
|
page read and write
|
||
|
7E790000
|
direct allocation
|
page read and write
|
||
|
2B0B000
|
direct allocation
|
page read and write
|
||
|
87A000
|
heap
|
page read and write
|
||
|
6D5000
|
heap
|
page read and write
|
||
|
7ED4F000
|
direct allocation
|
page read and write
|
||
|
7E3C0000
|
direct allocation
|
page read and write
|
||
|
C8C000
|
direct allocation
|
page read and write
|
||
|
7E600000
|
direct allocation
|
page read and write
|
||
|
4294000
|
heap
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
13C7A000
|
direct allocation
|
page read and write
|
||
|
13CC3000
|
direct allocation
|
page read and write
|
||
|
C64000
|
direct allocation
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
7E670000
|
direct allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
7FAFA000
|
direct allocation
|
page read and write
|
||
|
7ECC0000
|
direct allocation
|
page read and write
|
||
|
52B000
|
unkown
|
page read and write
|
||
|
448000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
146C0000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
13D98000
|
direct allocation
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
920000
|
direct allocation
|
page execute and read and write
|
||
|
14C5A000
|
heap
|
page read and write
|
||
|
45F000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
13B67000
|
direct allocation
|
page read and write
|
||
|
14EA1000
|
heap
|
page read and write
|
||
|
13C6C000
|
direct allocation
|
page read and write
|
||
|
14C50000
|
heap
|
page read and write
|
||
|
4290000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
7E5000
|
heap
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
7EB30000
|
direct allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
46D4000
|
direct allocation
|
page execute and read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
7EEB3000
|
direct allocation
|
page read and write
|
||
|
76E000
|
stack
|
page read and write
|
||
|
2793000
|
heap
|
page read and write
|
||
|
145C0000
|
heap
|
page read and write
|
||
|
7EB00000
|
direct allocation
|
page read and write
|
||
|
238D000
|
direct allocation
|
page read and write
|
||
|
48AC000
|
stack
|
page read and write
|
||
|
C39000
|
direct allocation
|
page read and write
|
||
|
C5D000
|
direct allocation
|
page read and write
|
||
|
13E8A000
|
stack
|
page read and write
|
||
|
271D000
|
direct allocation
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
529000
|
unkown
|
page read and write
|
||
|
14A19000
|
heap
|
page read and write
|
||
|
145F0000
|
remote allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page read and write
|
||
|
7ED7F000
|
direct allocation
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
7E470000
|
direct allocation
|
page read and write
|
||
|
14EA0000
|
heap
|
page read and write
|
||
|
145C1000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
145C1000
|
heap
|
page read and write
|
||
|
7E6C0000
|
direct allocation
|
page read and write
|
||
|
65C0000
|
heap
|
page read and write
|
||
|
7EFB5000
|
direct allocation
|
page read and write
|
||
|
13C56000
|
direct allocation
|
page read and write
|
||
|
7EED9000
|
direct allocation
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
2453000
|
heap
|
page read and write
|
||
|
2B1C000
|
direct allocation
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
13DCA000
|
stack
|
page read and write
|
||
|
810000
|
direct allocation
|
page execute and read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
1421E000
|
stack
|
page read and write
|
||
|
7E5CF000
|
direct allocation
|
page read and write
|
||
|
2B41000
|
direct allocation
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
1421E000
|
stack
|
page read and write
|
||
|
13F9F000
|
stack
|
page read and write
|
||
|
7ED80000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
13F7E000
|
stack
|
page read and write
|
||
|
1C5AE000
|
stack
|
page read and write
|
||
|
352D000
|
stack
|
page read and write
|
||
|
C52000
|
direct allocation
|
page read and write
|
||
|
3341000
|
heap
|
page read and write
|
||
|
594000
|
unkown
|
page readonly
|
||
|
1431F000
|
stack
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
2B10000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
2A18000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page write copy
|
||
|
C93000
|
direct allocation
|
page read and write
|
||
|
C48000
|
direct allocation
|
page read and write
|
||
|
145F0000
|
remote allocation
|
page read and write
|
||
|
13E9A000
|
stack
|
page read and write
|
||
|
234F000
|
direct allocation
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
151C0000
|
direct allocation
|
page execute and read and write
|
||
|
59C000
|
stack
|
page read and write
|
||
|
145AF000
|
stack
|
page read and write
|
||
|
7E4000
|
heap
|
page read and write
|
||
|
7EC40000
|
direct allocation
|
page read and write
|
||
|
13F8F000
|
stack
|
page read and write
|
||
|
23B8000
|
direct allocation
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2450000
|
heap
|
page read and write
|
||
|
475000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
7E1E0000
|
direct allocation
|
page read and write
|
||
|
9DE000
|
stack
|
page read and write
|
||
|
486F000
|
stack
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
45F000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
140CE000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
13D66000
|
direct allocation
|
page read and write
|
||
|
25CD000
|
stack
|
page read and write
|
||
|
2410000
|
direct allocation
|
page execute and read and write
|
||
|
25BC000
|
stack
|
page read and write
|
||
|
1477E000
|
stack
|
page read and write
|
||
|
13D23000
|
direct allocation
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
3328000
|
heap
|
page read and write
|
||
|
C6C000
|
direct allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
1407F000
|
stack
|
page read and write
|
||
|
C60000
|
direct allocation
|
page read and write
|
||
|
13C81000
|
direct allocation
|
page read and write
|
||
|
476B000
|
stack
|
page read and write
|
||
|
14FA0000
|
direct allocation
|
page execute and read and write
|
||
|
14C5C000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
1436E000
|
stack
|
page read and write
|
||
|
1446E000
|
stack
|
page read and write
|
||
|
1463E000
|
stack
|
page read and write
|
||
|
13D74000
|
direct allocation
|
page read and write
|
||
|
298E000
|
stack
|
page read and write
|
||
|
145AF000
|
stack
|
page read and write
|
||
|
2A4E000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
145C0000
|
heap
|
page read and write
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
4E04000
|
heap
|
page read and write
|
||
|
461C000
|
stack
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
146C0000
|
trusted library allocation
|
page read and write
|
||
|
1421E000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
14907000
|
heap
|
page read and write
|
||
|
7E4D0000
|
direct allocation
|
page read and write
|
||
|
13B50000
|
direct allocation
|
page read and write
|
||
|
13C5D000
|
direct allocation
|
page read and write
|
||
|
7E6D0000
|
direct allocation
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
13E3E000
|
stack
|
page read and write
|
||
|
4D70000
|
heap
|
page read and write
|
||
|
7E53F000
|
direct allocation
|
page read and write
|
||
|
451000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
CA1000
|
direct allocation
|
page read and write
|
||
|
13C64000
|
direct allocation
|
page read and write
|
||
|
7E790000
|
direct allocation
|
page read and write
|
||
|
7EBD0000
|
direct allocation
|
page read and write
|
||
|
7E6D0000
|
direct allocation
|
page read and write
|
||
|
141BF000
|
stack
|
page read and write
|
||
|
25AC000
|
stack
|
page read and write
|
||
|
C9A000
|
direct allocation
|
page read and write
|
||
|
C7D000
|
direct allocation
|
page read and write
|
||
|
7E370000
|
direct allocation
|
page read and write
|
||
|
7FC80000
|
direct allocation
|
page read and write
|
||
|
333E000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
13D6D000
|
direct allocation
|
page read and write
|
||
|
2ACA000
|
heap
|
page read and write
|
||
|
2369000
|
direct allocation
|
page read and write
|
||
|
7EE58000
|
direct allocation
|
page read and write
|
||
|
C38000
|
direct allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
4270000
|
heap
|
page read and write
|
||
|
1502D000
|
heap
|
page read and write
|
||
|
7ECC0000
|
direct allocation
|
page read and write
|
||
|
C28000
|
direct allocation
|
page read and write
|
||
|
E8D000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
7ECEF000
|
direct allocation
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
73E000
|
stack
|
page read and write
|
||
|
145F0000
|
remote allocation
|
page read and write
|
||
|
145AD000
|
stack
|
page read and write
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
7EC40000
|
direct allocation
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
1C56C000
|
stack
|
page read and write
|
||
|
7E6C0000
|
direct allocation
|
page read and write
|
||
|
7E720000
|
direct allocation
|
page read and write
|
||
|
1446E000
|
stack
|
page read and write
|
||
|
141DF000
|
stack
|
page read and write
|
||
|
472B000
|
stack
|
page read and write
|
||
|
C68000
|
direct allocation
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
3E4000
|
heap
|
page read and write
|
||
|
3337000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
2663000
|
heap
|
page read and write
|
||
|
C48000
|
direct allocation
|
page read and write
|
||
|
451000
|
heap
|
page read and write
|
||
|
144AE000
|
stack
|
page read and write
|
||
|
7E470000
|
direct allocation
|
page read and write
|
||
|
1436E000
|
stack
|
page read and write
|
||
|
1431F000
|
stack
|
page read and write
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
145D0000
|
heap
|
page read and write
|
||
|
7EA60000
|
direct allocation
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
C18000
|
direct allocation
|
page read and write
|
||
|
14EA5000
|
heap
|
page read and write
|
||
|
7EF000
|
heap
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
B4F000
|
stack
|
page read and write
|
||
|
13C4F000
|
direct allocation
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
2A11000
|
direct allocation
|
page read and write
|
||
|
140BE000
|
stack
|
page read and write
|
||
|
4420000
|
heap
|
page read and write
|
||
|
2A27000
|
heap
|
page read and write
|
||
|
7EC40000
|
direct allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
14E1D000
|
direct allocation
|
page read and write
|
||
|
7E710000
|
direct allocation
|
page read and write
|
||
|
7EC40000
|
direct allocation
|
page read and write
|
There are 467 hidden memdumps, click here to show them.