Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DellTpm1.2_Fw5.81.2.1_V2_64.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x09680376, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DellTpm1.2_Fw5.8_edb15fb60ccb2c127253bc03d768e559934021_8f146201_93d6120a-5a7d-475c-85ba-23d77058f9f9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD04C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sun Oct 20 21:56:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0AB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0E8.tmp.csv
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0EA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD118.tmp.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\DBUtil_2_3.Sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DellTpm1.2_Fw5.81.2.1_V2_64.exe
|
"C:\Users\user\Desktop\DellTpm1.2_Fw5.81.2.1_V2_64.exe"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k WerSvcGroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -pss -s 436 -p 2852 -ip 2852
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2852 -s 288
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
http://aia.entrust.net/ovcs1-chain256.cer01
|
unknown
|
||
|
http://ocsp.entrust.net05
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
http://ocsp.entrust.net00
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
http://crl.entrust.net/level1d.crl03
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://t0.ssl.ak.dyn
|
unknown
|
||
|
http://crl.entrust.net/ovcs1.crl0J
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
http://crl.entrust.net/g2ca.crl0;
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod-C:
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2-C:
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0;
|
unknown
|
||
|
http://www.entrust.net/rpa0
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
http://ocsp.entrust.net0A
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 36 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
ProgramId
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
FileId
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
LongPathHash
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Name
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
OriginalFileName
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Publisher
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Version
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
BinFileVersion
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
BinaryType
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
ProductName
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
ProductVersion
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
LinkDate
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
BinProductVersion
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Size
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Language
|
||
|
\REGISTRY\A\{3bcc0776-5887-7615-7618-13ca5cef227a}\Root\InventoryApplicationFile\delltpm1.2_fw5.8|8f10ba2a612fac9f
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
|
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D28BA13000
|
heap
|
page read and write
|
||
|
C3537FC000
|
stack
|
page read and write
|
||
|
886B2FE000
|
stack
|
page read and write
|
||
|
29FFD4A0000
|
trusted library allocation
|
page read and write
|
||
|
BDBBC7F000
|
stack
|
page read and write
|
||
|
C35537E000
|
stack
|
page read and write
|
||
|
29FFC902000
|
heap
|
page read and write
|
||
|
29FFD718000
|
heap
|
page read and write
|
||
|
1D2F9570000
|
heap
|
page read and write
|
||
|
29FFC00B000
|
heap
|
page read and write
|
||
|
29FFC802000
|
heap
|
page read and write
|
||
|
29FFD700000
|
heap
|
page read and write
|
||
|
1D2B0A50000
|
heap
|
page read and write
|
||
|
94FA37E000
|
stack
|
page read and write
|
||
|
94EB29B000
|
stack
|
page read and write
|
||
|
886B8FE000
|
stack
|
page read and write
|
||
|
1D2B0A65000
|
heap
|
page read and write
|
||
|
1F432202000
|
trusted library allocation
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
29FFC095000
|
heap
|
page read and write
|
||
|
BDBB87E000
|
stack
|
page read and write
|
||
|
C35447E000
|
stack
|
page read and write
|
||
|
1D2F9717000
|
heap
|
page read and write
|
||
|
29F80000000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A3C000
|
heap
|
page read and write
|
||
|
BDBBB7E000
|
stack
|
page read and write
|
||
|
1D2F9713000
|
heap
|
page read and write
|
||
|
2B6D000
|
heap
|
page read and write
|
||
|
29FFD570000
|
trusted library allocation
|
page read and write
|
||
|
1D2F9702000
|
heap
|
page read and write
|
||
|
29FFD627000
|
heap
|
page read and write
|
||
|
886B3FE000
|
stack
|
page read and write
|
||
|
1D2B0A22000
|
heap
|
page read and write
|
||
|
1D2B0A3F000
|
heap
|
page read and write
|
||
|
29FFD600000
|
heap
|
page read and write
|
||
|
1D2F9470000
|
heap
|
page read and write
|
||
|
C3532F7000
|
stack
|
page read and write
|
||
|
1D2B0A24000
|
heap
|
page read and write
|
||
|
1D28BA8F000
|
heap
|
page read and write
|
||
|
10AF000
|
stack
|
page read and write
|
||
|
10007D000
|
stack
|
page read and write
|
||
|
94F97FE000
|
stack
|
page read and write
|
||
|
C3553FE000
|
unkown
|
page readonly
|
||
|
C354AFE000
|
stack
|
page read and write
|
||
|
886B57E000
|
stack
|
page read and write
|
||
|
C3542FE000
|
unkown
|
page readonly
|
||
|
1F431980000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A30000
|
heap
|
page read and write
|
||
|
29FFD600000
|
trusted library allocation
|
page read and write
|
||
|
7FF6A0D7A000
|
unkown
|
page execute read
|
||
|
1D2B0AA8000
|
heap
|
page read and write
|
||
|
C3543FC000
|
stack
|
page read and write
|
||
|
29FFC91A000
|
heap
|
page read and write
|
||
|
29FFC0A0000
|
heap
|
page read and write
|
||
|
1D28B9A0000
|
heap
|
page read and write
|
||
|
C353DFE000
|
unkown
|
page readonly
|
||
|
1D2F9663000
|
heap
|
page read and write
|
||
|
1D28BB02000
|
heap
|
page read and write
|
||
|
1D2B0A4C000
|
heap
|
page read and write
|
||
|
1004FE000
|
stack
|
page read and write
|
||
|
94F9AFE000
|
stack
|
page read and write
|
||
|
1D2B0A70000
|
heap
|
page read and write
|
||
|
1F431A59000
|
heap
|
page read and write
|
||
|
1D2B0A81000
|
heap
|
page read and write
|
||
|
C3540FB000
|
stack
|
page read and write
|
||
|
C3541FE000
|
unkown
|
page readonly
|
||
|
13DFF1E0000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A44000
|
heap
|
page read and write
|
||
|
29FFD5D0000
|
trusted library allocation
|
page read and write
|
||
|
94EC17E000
|
stack
|
page read and write
|
||
|
29FFD69C000
|
heap
|
page read and write
|
||
|
1F431B02000
|
heap
|
page read and write
|
||
|
29FFC08C000
|
heap
|
page read and write
|
||
|
13DFF100000
|
heap
|
page read and write
|
||
|
29FFC815000
|
heap
|
page read and write
|
||
|
29FFC070000
|
heap
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
1D2F9700000
|
heap
|
page read and write
|
||
|
13DFF502000
|
heap
|
page read and write
|
||
|
13DFF23D000
|
heap
|
page read and write
|
||
|
1F431850000
|
heap
|
page read and write
|
||
|
886BB7E000
|
unkown
|
page readonly
|
||
|
1D28BA3A000
|
heap
|
page read and write
|
||
|
1D2B0AA4000
|
heap
|
page read and write
|
||
|
13DFF24B000
|
heap
|
page read and write
|
||
|
29FFD70C000
|
heap
|
page read and write
|
||
|
29FFD673000
|
heap
|
page read and write
|
||
|
94EBE7E000
|
unkown
|
page readonly
|
||
|
886ACFD000
|
stack
|
page read and write
|
||
|
29FFC0B0000
|
heap
|
page read and write
|
||
|
1D2F9640000
|
heap
|
page read and write
|
||
|
1D28C202000
|
heap
|
page read and write
|
||
|
29FFD702000
|
heap
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
C3536FE000
|
unkown
|
page readonly
|
||
|
C353E7E000
|
stack
|
page read and write
|
||
|
1D28C200000
|
heap
|
page read and write
|
||
|
1D2B0A5A000
|
heap
|
page read and write
|
||
|
7FF6A0DB1000
|
unkown
|
page read and write
|
||
|
13DFF213000
|
unkown
|
page read and write
|
||
|
1D28B9B0000
|
heap
|
page read and write
|
||
|
886B17E000
|
stack
|
page read and write
|
||
|
29FFD4E0000
|
trusted library allocation
|
page read and write
|
||
|
886B07E000
|
unkown
|
page readonly
|
||
|
94FA17E000
|
stack
|
page read and write
|
||
|
C353D7E000
|
stack
|
page read and write
|
||
|
29FFC030000
|
heap
|
page read and write
|
||
|
13DFF502000
|
heap
|
page read and write
|
||
|
94FA07E000
|
unkown
|
page readonly
|
||
|
29FFD840000
|
remote allocation
|
page read and write
|
||
|
886A6EB000
|
stack
|
page read and write
|
||
|
29FFD4E0000
|
trusted library allocation
|
page read and write
|
||
|
C35467E000
|
stack
|
page read and write
|
||
|
94EBF7E000
|
stack
|
page read and write
|
||
|
29FFCD40000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0960000
|
heap
|
page read and write
|
||
|
886BA7D000
|
stack
|
page read and write
|
||
|
29FFD840000
|
remote allocation
|
page read and write
|
||
|
1D2F95C0000
|
trusted library allocation
|
page read and write
|
||
|
1D2F9672000
|
heap
|
page read and write
|
||
|
1D28BA8B000
|
heap
|
page read and write
|
||
|
1F431A7E000
|
heap
|
page read and write
|
||
|
7FF6A0DA7000
|
unkown
|
page write copy
|
||
|
94FA47E000
|
unkown
|
page readonly
|
||
|
1D2F9600000
|
heap
|
page read and write
|
||
|
29FFC900000
|
heap
|
page read and write
|
||
|
29FFD480000
|
trusted library allocation
|
page read and write
|
||
|
13DFF500000
|
heap
|
page read and write
|
||
|
1D2B0A6C000
|
heap
|
page read and write
|
||
|
29FFC0A6000
|
heap
|
page read and write
|
||
|
29FFCA01000
|
trusted library allocation
|
page read and write
|
||
|
29FFCEA0000
|
trusted library section
|
page readonly
|
||
|
94FA27E000
|
unkown
|
page readonly
|
||
|
1D2B1202000
|
trusted library allocation
|
page read and write
|
||
|
1F431A69000
|
heap
|
page read and write
|
||
|
C3533FE000
|
unkown
|
page readonly
|
||
|
1D28BA71000
|
heap
|
page read and write
|
||
|
886B37E000
|
unkown
|
page readonly
|
||
|
29FFD410000
|
trusted library allocation
|
page read and write
|
||
|
C353AFE000
|
unkown
|
page readonly
|
||
|
7FF6A0D9B000
|
unkown
|
page readonly
|
||
|
C353F7E000
|
stack
|
page read and write
|
||
|
13DFF402000
|
heap
|
page read and write
|
||
|
94EC27E000
|
unkown
|
page readonly
|
||
|
C354CFB000
|
stack
|
page read and write
|
||
|
29FFD657000
|
heap
|
page read and write
|
||
|
29FFC129000
|
heap
|
page read and write
|
||
|
886B47E000
|
unkown
|
page readonly
|
||
|
29FFC91A000
|
heap
|
page read and write
|
||
|
29FFD69F000
|
heap
|
page read and write
|
||
|
29FFD570000
|
trusted library allocation
|
page read and write
|
||
|
1D28BA2B000
|
heap
|
page read and write
|
||
|
1D28BB13000
|
heap
|
page read and write
|
||
|
13DFF302000
|
trusted library allocation
|
page read and write
|
||
|
C354DFE000
|
unkown
|
page readonly
|
||
|
29FFD723000
|
heap
|
page read and write
|
||
|
7FF6A0DAE000
|
unkown
|
page read and write
|
||
|
BDBB77C000
|
stack
|
page read and write
|
||
|
29FFE000000
|
heap
|
page read and write
|
||
|
886B67E000
|
unkown
|
page readonly
|
||
|
1D2B0990000
|
trusted library allocation
|
page read and write
|
||
|
886B77D000
|
stack
|
page read and write
|
||
|
C3549FE000
|
unkown
|
page readonly
|
||
|
1D2B0880000
|
heap
|
page read and write
|
||
|
29FFD666000
|
heap
|
page read and write
|
||
|
13DFF200000
|
unkown
|
page read and write
|
||
|
29FFD671000
|
heap
|
page read and write
|
||
|
1D2F95A0000
|
trusted library allocation
|
page read and write
|
||
|
886BD7E000
|
unkown
|
page readonly
|
||
|
29FFC0BB000
|
heap
|
page read and write
|
||
|
886BC7C000
|
stack
|
page read and write
|
||
|
29FFD510000
|
trusted library allocation
|
page read and write
|
||
|
C3547FE000
|
stack
|
page read and write
|
||
|
29FFC7E1000
|
trusted library allocation
|
page read and write
|
||
|
29FFD4A0000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A41000
|
heap
|
page read and write
|
||
|
29FFC08A000
|
heap
|
page read and write
|
||
|
94EB976000
|
stack
|
page read and write
|
||
|
1D28B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A4B000
|
heap
|
page read and write
|
||
|
1D2F9679000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
C3539F9000
|
stack
|
page read and write
|
||
|
1D2B0A35000
|
heap
|
page read and write
|
||
|
1D28B980000
|
heap
|
page read and write
|
||
|
1D2B0A58000
|
heap
|
page read and write
|
||
|
1D28BA81000
|
heap
|
page read and write
|
||
|
29FFD63F000
|
heap
|
page read and write
|
||
|
1D2B0A38000
|
heap
|
page read and write
|
||
|
C353FFE000
|
unkown
|
page readonly
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
C353BFB000
|
stack
|
page read and write
|
||
|
29FFBEE0000
|
heap
|
page read and write
|
||
|
13DFF24C000
|
heap
|
page read and write
|
||
|
886B97E000
|
unkown
|
page readonly
|
||
|
29FFC08E000
|
heap
|
page read and write
|
||
|
886AF7D000
|
stack
|
page read and write
|
||
|
1D28BA7C000
|
heap
|
page read and write
|
||
|
29FFC013000
|
heap
|
page read and write
|
||
|
94EBA7E000
|
unkown
|
page readonly
|
||
|
29FFD6A9000
|
heap
|
page read and write
|
||
|
1D2B0A49000
|
heap
|
page read and write
|
||
|
94EC07E000
|
unkown
|
page readonly
|
||
|
C352D3B000
|
stack
|
page read and write
|
||
|
94EBD7E000
|
stack
|
page read and write
|
||
|
7FF6A0DB7000
|
unkown
|
page readonly
|
||
|
29FFD71D000
|
heap
|
page read and write
|
||
|
29FFC913000
|
heap
|
page read and write
|
||
|
29FFD840000
|
remote allocation
|
page read and write
|
||
|
7FF6A0D9B000
|
unkown
|
page readonly
|
||
|
1D2FB002000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
1D2F9660000
|
heap
|
page read and write
|
||
|
1D2B0A59000
|
heap
|
page read and write
|
||
|
1007F9000
|
stack
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
94F9C7E000
|
unkown
|
page readonly
|
||
|
29FFBFF0000
|
trusted library allocation
|
page read and write
|
||
|
29FFD67B000
|
heap
|
page read and write
|
||
|
1D28BA00000
|
heap
|
page read and write
|
||
|
29FFD64C000
|
heap
|
page read and write
|
||
|
29FFD715000
|
heap
|
page read and write
|
||
|
1D2B0A61000
|
heap
|
page read and write
|
||
|
1D2B0A57000
|
heap
|
page read and write
|
||
|
1D28C215000
|
heap
|
page read and write
|
||
|
BDBB97C000
|
stack
|
page read and write
|
||
|
1D2B0A95000
|
heap
|
page read and write
|
||
|
29FFC760000
|
trusted library section
|
page read and write
|
||
|
1D28BB00000
|
heap
|
page read and write
|
||
|
29FFD513000
|
trusted library allocation
|
page read and write
|
||
|
BDBBA7D000
|
stack
|
page read and write
|
||
|
13DFF22B000
|
heap
|
page read and write
|
||
|
C3538FE000
|
unkown
|
page readonly
|
||
|
1D2B0A9D000
|
heap
|
page read and write
|
||
|
1D2B0AA0000
|
heap
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
29FFD730000
|
heap
|
page read and write
|
||
|
94F96FB000
|
stack
|
page read and write
|
||
|
1D28BA4B000
|
heap
|
page read and write
|
||
|
1D2B0A54000
|
heap
|
page read and write
|
||
|
94EBC7E000
|
unkown
|
page readonly
|
||
|
29FFC102000
|
heap
|
page read and write
|
||
|
94EBB7B000
|
stack
|
page read and write
|
||
|
C3546FE000
|
unkown
|
page readonly
|
||
|
1F431A02000
|
heap
|
page read and write
|
||
|
29FFD5E0000
|
trusted library allocation
|
page read and write
|
||
|
29FFC072000
|
heap
|
page read and write
|
||
|
1D2B0A60000
|
heap
|
page read and write
|
||
|
13DFF0E0000
|
heap
|
page read and write
|
||
|
1D2B0A00000
|
heap
|
page read and write
|
||
|
C353EFE000
|
unkown
|
page readonly
|
||
|
1D28BA75000
|
heap
|
page read and write
|
||
|
C35427E000
|
stack
|
page read and write
|
||
|
1D2F962B000
|
heap
|
page read and write
|
||
|
C354BFE000
|
unkown
|
page readonly
|
||
|
1D2F9630000
|
heap
|
page read and write
|
||
|
C353CFE000
|
unkown
|
page readonly
|
||
|
29FFD6E7000
|
heap
|
page read and write
|
||
|
29FFBEC0000
|
heap
|
page read and write
|
||
|
94F9A7E000
|
unkown
|
page readonly
|
||
|
1D2B0A5B000
|
heap
|
page read and write
|
||
|
886B27E000
|
unkown
|
page readonly
|
||
|
1F431A33000
|
heap
|
page read and write
|
||
|
29FFD664000
|
heap
|
page read and write
|
||
|
1F431A37000
|
heap
|
page read and write
|
||
|
29FFCFE0000
|
trusted library allocation
|
page read and write
|
||
|
29FFD420000
|
trusted library allocation
|
page read and write
|
||
|
29FFC0FE000
|
heap
|
page read and write
|
||
|
1D2B0A4D000
|
heap
|
page read and write
|
||
|
29FFC800000
|
heap
|
page read and write
|
||
|
C35457E000
|
unkown
|
page readonly
|
||
|
886AD7E000
|
stack
|
page readonly
|
||
|
1D2B0B02000
|
heap
|
page read and write
|
||
|
1D2F968B000
|
heap
|
page read and write
|
||
|
29FFD502000
|
trusted library allocation
|
page read and write
|
||
|
1D2B0A5E000
|
heap
|
page read and write
|
||
|
29FFD4C0000
|
trusted library allocation
|
page read and write
|
||
|
13DFF324000
|
heap
|
page read and write
|
||
|
94F9F7E000
|
stack
|
page read and write
|
||
|
29FFD5F0000
|
trusted library allocation
|
page read and write
|
||
|
29FFD61A000
|
heap
|
page read and write
|
||
|
29FFD727000
|
heap
|
page read and write
|
||
|
1D2B0860000
|
heap
|
page read and write
|
||
|
1D2B0A13000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
1F431A50000
|
heap
|
page read and write
|
||
|
29C0000
|
heap
|
page read and write
|
||
|
29FFC03F000
|
heap
|
page read and write
|
||
|
29FFBFC0000
|
heap
|
page read and write
|
||
|
13DFF300000
|
trusted library allocation
|
page read and write
|
||
|
29FFC91A000
|
heap
|
page read and write
|
||
|
29FFC000000
|
heap
|
page read and write
|
||
|
1D2F9490000
|
heap
|
page read and write
|
||
|
13DFF505000
|
heap
|
page read and write
|
||
|
7FF6A0D50000
|
unkown
|
page readonly
|
||
|
13DFF513000
|
heap
|
page read and write
|
||
|
BDBB2CB000
|
stack
|
page read and write
|
||
|
29FFD580000
|
trusted library allocation
|
page read and write
|
||
|
29FFC06B000
|
heap
|
page read and write
|
||
|
1D28BA40000
|
heap
|
page read and write
|
||
|
29FFC0B6000
|
heap
|
page read and write
|
||
|
C35487E000
|
stack
|
page read and write
|
||
|
29FFC050000
|
heap
|
page read and write
|
||
|
1F431A13000
|
heap
|
page read and write
|
||
|
13DFF315000
|
trusted library allocation
|
page read and write
|
||
|
29FFC95A000
|
heap
|
page read and write
|
||
|
29FFC02B000
|
heap
|
page read and write
|
||
|
1D2B0A68000
|
heap
|
page read and write
|
||
|
1D28BA64000
|
heap
|
page read and write
|
||
|
1F431870000
|
heap
|
page read and write
|
||
|
7FF6A0DB5000
|
unkown
|
page read and write
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
1D28BA02000
|
heap
|
page read and write
|
||
|
29FFD710000
|
heap
|
page read and write
|
||
|
13DFF513000
|
heap
|
page read and write
|
||
|
94F9BFE000
|
stack
|
page read and write
|
||
|
29FFC113000
|
heap
|
page read and write
|
||
|
1D2B0A3A000
|
heap
|
page read and write
|
||
|
1F431950000
|
heap
|
page read and write
|
||
|
1F431A00000
|
heap
|
page read and write
|
||
|
13DFF202000
|
unkown
|
page read and write
|
||
|
1F431A48000
|
heap
|
page read and write
|
||
|
1D2F9613000
|
heap
|
page read and write
|
||
|
13DFF413000
|
heap
|
page read and write
|
||
|
886B87E000
|
unkown
|
page readonly
|
||
|
1F431A16000
|
heap
|
page read and write
|
||
|
1D2F968D000
|
heap
|
page read and write
|
||
|
C3535FE000
|
stack
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
1D2B0A48000
|
heap
|
page read and write
|
||
|
29FFD4A1000
|
trusted library allocation
|
page read and write
|
||
|
94F9B7E000
|
unkown
|
page readonly
|
||
|
C35497E000
|
unkown
|
page readonly
|
There are 323 hidden memdumps, click here to show them.