Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
CATALOGUE.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CATALOGUE.exe_8e433f7f3d8b45f96b629c7491ad5b6dd5c35c5_4e303448_a9678df3-5618-46f4-b5b6-867678603126\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER299E.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Jul 12 04:21:59 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B16.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B46.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\regsvcs.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9F85.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9F86.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9F97.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9F98.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9F99.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9FA9.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9FAA.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\tmp9FAB.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\CATALOGUE.exe
|
"C:\Users\user\Desktop\CATALOGUE.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 504 -s 1052
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://ipinfo.io/ip%appdata%
|
unknown
|
||
https://api.ipify.orgcookies//settinString.Removeg
|
unknown
|
||
172.81.131.198:16383
|
|||
http://172.81.131.198:16383/
|
172.81.131.198
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
http://tempuri.org/Endpoint/CheckConnectResponse
|
unknown
|
||
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
|
unknown
|
||
http://172.81.131.198:
|
unknown
|
||
http://tempuri.org/Endpoint/EnvironmentSettings
|
unknown
|
||
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
|
unknown
|
||
https://api.ip.sb
|
unknown
|
||
https://api.ip.sb/geoip
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
http://tempuri.org/
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://tempuri.org/Endpoint/CheckConnect
|
unknown
|
||
http://172.81.131.198:16383t-
|
unknown
|
||
http://tempuri.org/Endpoint/VerifyUpdateResponse
|
unknown
|
||
http://tempuri.org/Endpoint/SetEnviron
|
unknown
|
||
http://tempuri.org/Endpoint/SetEnvironment
|
unknown
|
||
http://tempuri.org/Endpoint/SetEnvironmentResponse
|
unknown
|
||
http://172.81.131.198:16383
|
unknown
|
||
http://tempuri.org/Endpoint/GetUpdates
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
http://tempuri.org/Endpoint/GetUpdatesResponse
|
unknown
|
||
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
|
unknown
|
||
http://tempuri.org/Endpoint/VerifyUpdate
|
unknown
|
||
http://tempuri.org/0
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://schemas.xmlsoap.org/soap/actor/next
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
api.ip.sb
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.81.131.198
|
unknown
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileDirectory
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProgramId
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
FileId
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LowerCaseLongPath
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LongPathHash
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Name
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
OriginalFileName
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Publisher
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Version
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinFileVersion
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinaryType
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProductName
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProductVersion
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LinkDate
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinProductVersion
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
AppxPackageFullName
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Size
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Language
|
||
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Usn
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 28 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1E35F039000
|
trusted library allocation
|
page read and write
|
||
402000
|
remote allocation
|
page execute and read and write
|
||
1E34F22D000
|
trusted library allocation
|
page read and write
|
||
1E34EDBB000
|
trusted library allocation
|
page read and write
|
||
1E34D1FC000
|
heap
|
page read and write
|
||
1655000
|
trusted library allocation
|
page execute and read and write
|
||
7F670000
|
trusted library allocation
|
page execute and read and write
|
||
5C40000
|
trusted library allocation
|
page read and write
|
||
1E34EEDB000
|
trusted library allocation
|
page read and write
|
||
6BF2000
|
trusted library allocation
|
page read and write
|
||
6BE8000
|
trusted library allocation
|
page read and write
|
||
1E3674B0000
|
heap
|
page read and write
|
||
7FFD34719000
|
trusted library allocation
|
page read and write
|
||
73F69FC000
|
stack
|
page read and write
|
||
6B70000
|
trusted library allocation
|
page read and write
|
||
60C2000
|
trusted library allocation
|
page read and write
|
||
72D0000
|
trusted library allocation
|
page read and write
|
||
7300000
|
heap
|
page read and write
|
||
60C5000
|
trusted library allocation
|
page read and write
|
||
73F6CFE000
|
stack
|
page read and write
|
||
7B00000
|
heap
|
page read and write
|
||
1E34D170000
|
heap
|
page read and write
|
||
71ED000
|
trusted library allocation
|
page read and write
|
||
5ABB000
|
trusted library allocation
|
page read and write
|
||
1E34D190000
|
heap
|
page read and write
|
||
6B90000
|
trusted library allocation
|
page read and write
|
||
6EFC000
|
stack
|
page read and write
|
||
7FFD34714000
|
trusted library allocation
|
page read and write
|
||
6910000
|
trusted library allocation
|
page execute and read and write
|
||
6090000
|
trusted library allocation
|
page read and write
|
||
7B8E000
|
heap
|
page read and write
|
||
1460000
|
heap
|
page read and write
|
||
6A69000
|
trusted library allocation
|
page read and write
|
||
73F6DFE000
|
stack
|
page read and write
|
||
4272000
|
trusted library allocation
|
page read and write
|
||
7990000
|
trusted library allocation
|
page execute and read and write
|
||
1E35ED81000
|
trusted library allocation
|
page read and write
|
||
7AE8000
|
heap
|
page read and write
|
||
1E3675D0000
|
heap
|
page execute and read and write
|
||
5ADE000
|
trusted library allocation
|
page read and write
|
||
68C3000
|
heap
|
page read and write
|
||
1E34D251000
|
heap
|
page read and write
|
||
16BA000
|
heap
|
page read and write
|
||
73F64F3000
|
stack
|
page read and write
|
||
1E34D1BA000
|
heap
|
page read and write
|
||
1642000
|
trusted library allocation
|
page read and write
|
||
1613000
|
trusted library allocation
|
page execute and read and write
|
||
5AC6000
|
trusted library allocation
|
page read and write
|
||
7310000
|
trusted library allocation
|
page read and write
|
||
1784000
|
heap
|
page read and write
|
||
6B80000
|
trusted library allocation
|
page read and write
|
||
60A0000
|
trusted library allocation
|
page execute and read and write
|
||
6899000
|
heap
|
page read and write
|
||
1E34D1D0000
|
heap
|
page read and write
|
||
161D000
|
trusted library allocation
|
page execute and read and write
|
||
4391000
|
trusted library allocation
|
page read and write
|
||
5AC1000
|
trusted library allocation
|
page read and write
|
||
16C4000
|
heap
|
page read and write
|
||
6A85000
|
trusted library allocation
|
page read and write
|
||
426E000
|
trusted library allocation
|
page read and write
|
||
73F67FF000
|
stack
|
page read and write
|
||
32D7000
|
trusted library allocation
|
page read and write
|
||
7980000
|
trusted library allocation
|
page read and write
|
||
1600000
|
trusted library allocation
|
page read and write
|
||
6BED000
|
trusted library allocation
|
page read and write
|
||
1440000
|
heap
|
page read and write
|
||
7FFD34620000
|
trusted library allocation
|
page execute and read and write
|
||
6808000
|
heap
|
page read and write
|
||
6BC4000
|
trusted library allocation
|
page read and write
|
||
6BC2000
|
trusted library allocation
|
page read and write
|
||
1E34D460000
|
heap
|
page read and write
|
||
6AED000
|
stack
|
page read and write
|
||
1E34ED70000
|
heap
|
page read and write
|
||
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
5DF0000
|
trusted library allocation
|
page read and write
|
||
585D000
|
stack
|
page read and write
|
||
723E000
|
stack
|
page read and write
|
||
79D0000
|
trusted library allocation
|
page execute and read and write
|
||
695E000
|
stack
|
page read and write
|
||
165B000
|
trusted library allocation
|
page execute and read and write
|
||
68BF000
|
heap
|
page read and write
|
||
32F1000
|
trusted library allocation
|
page read and write
|
||
7B75000
|
heap
|
page read and write
|
||
73F6BFF000
|
stack
|
page read and write
|
||
1E34D290000
|
heap
|
page read and write
|
||
1E34EF04000
|
trusted library allocation
|
page read and write
|
||
6BD4000
|
trusted library allocation
|
page read and write
|
||
6832000
|
heap
|
page read and write
|
||
6BC6000
|
trusted library allocation
|
page read and write
|
||
6A8A000
|
trusted library allocation
|
page read and write
|
||
5B30000
|
trusted library allocation
|
page read and write
|
||
42D1000
|
trusted library allocation
|
page read and write
|
||
5C9D000
|
stack
|
page read and write
|
||
1772000
|
heap
|
page read and write
|
||
7AE0000
|
heap
|
page read and write
|
||
32E0000
|
trusted library allocation
|
page read and write
|
||
1698000
|
heap
|
page read and write
|
||
5CE0000
|
trusted library allocation
|
page execute and read and write
|
||
6BCF000
|
trusted library allocation
|
page read and write
|
||
5DFE000
|
trusted library allocation
|
page read and write
|
||
6BDE000
|
trusted library allocation
|
page read and write
|
||
5B40000
|
trusted library allocation
|
page read and write
|
||
1E34D330000
|
trusted library allocation
|
page read and write
|
||
15DE000
|
stack
|
page read and write
|
||
6A7F000
|
trusted library allocation
|
page read and write
|
||
159E000
|
stack
|
page read and write
|
||
3078000
|
trusted library allocation
|
page read and write
|
||
7FF4F8300000
|
trusted library allocation
|
page execute and read and write
|
||
1E34D00C000
|
unkown
|
page readonly
|
||
7FFD3458B000
|
trusted library allocation
|
page execute and read and write
|
||
44B1000
|
trusted library allocation
|
page read and write
|
||
5B00000
|
trusted library allocation
|
page read and write
|
||
1E34D1D2000
|
heap
|
page read and write
|
||
7FFD34705000
|
trusted library allocation
|
page read and write
|
||
306E000
|
stack
|
page read and write
|
||
1650000
|
trusted library allocation
|
page read and write
|
||
1620000
|
trusted library allocation
|
page read and write
|
||
1E35ED87000
|
trusted library allocation
|
page read and write
|
||
7320000
|
trusted library allocation
|
page read and write
|
||
7B60000
|
heap
|
page read and write
|
||
6BE6000
|
trusted library allocation
|
page read and write
|
||
7B0A000
|
heap
|
page read and write
|
||
6B7A000
|
trusted library allocation
|
page read and write
|
||
1E34EDA0000
|
trusted library allocation
|
page read and write
|
||
6EBE000
|
stack
|
page read and write
|
||
7FFD34584000
|
trusted library allocation
|
page read and write
|
||
6900000
|
heap
|
page execute and read and write
|
||
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
1E34D3C0000
|
trusted library section
|
page read and write
|
||
7B0E000
|
heap
|
page read and write
|
||
60B4000
|
trusted library allocation
|
page read and write
|
||
7FFD3458D000
|
trusted library allocation
|
page execute and read and write
|
||
1E3675E0000
|
trusted library section
|
page read and write
|
||
5B11000
|
trusted library allocation
|
page read and write
|
||
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
1E34D2D5000
|
heap
|
page read and write
|
||
7FFD34610000
|
trusted library allocation
|
page read and write
|
||
59AE000
|
stack
|
page read and write
|
||
1680000
|
trusted library allocation
|
page execute and read and write
|
||
1E34D2D0000
|
heap
|
page read and write
|
||
1E34EF2E000
|
trusted library allocation
|
page read and write
|
||
70BE000
|
stack
|
page read and write
|
||
7FFD34563000
|
trusted library allocation
|
page execute and read and write
|
||
1652000
|
trusted library allocation
|
page read and write
|
||
73F65FE000
|
stack
|
page read and write
|
||
3144000
|
trusted library allocation
|
page read and write
|
||
5C2A000
|
trusted library allocation
|
page read and write
|
||
340C000
|
trusted library allocation
|
page read and write
|
||
7FFD34646000
|
trusted library allocation
|
page execute and read and write
|
||
7B15000
|
heap
|
page read and write
|
||
FBB000
|
stack
|
page read and write
|
||
68E1000
|
heap
|
page read and write
|
||
68EB000
|
heap
|
page read and write
|
||
84FE000
|
stack
|
page read and write
|
||
6BF5000
|
trusted library allocation
|
page read and write
|
||
5B90000
|
trusted library allocation
|
page read and write
|
||
7FFD34752000
|
trusted library allocation
|
page read and write
|
||
1E34ED81000
|
trusted library allocation
|
page read and write
|
||
4261000
|
trusted library allocation
|
page read and write
|
||
71E0000
|
trusted library allocation
|
page read and write
|
||
5BA0000
|
trusted library allocation
|
page read and write
|
||
83FE000
|
stack
|
page read and write
|
||
5AD2000
|
trusted library allocation
|
page read and write
|
||
6BE1000
|
trusted library allocation
|
page read and write
|
||
7AED000
|
heap
|
page read and write
|
||
5CDE000
|
stack
|
page read and write
|
||
6BD8000
|
trusted library allocation
|
page read and write
|
||
7CE0000
|
heap
|
page read and write
|
||
6A62000
|
trusted library allocation
|
page read and write
|
||
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
1E34D310000
|
trusted library allocation
|
page read and write
|
||
1E35F1BD000
|
trusted library allocation
|
page read and write
|
||
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
6A78000
|
trusted library allocation
|
page read and write
|
||
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
5BB0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD345BC000
|
trusted library allocation
|
page execute and read and write
|
||
6A65000
|
trusted library allocation
|
page read and write
|
||
6A60000
|
trusted library allocation
|
page read and write
|
||
6070000
|
trusted library allocation
|
page read and write
|
||
1495000
|
heap
|
page read and write
|
||
728F000
|
stack
|
page read and write
|
||
67F0000
|
heap
|
page read and write
|
||
5AAF000
|
stack
|
page read and write
|
||
1E366DB0000
|
trusted library allocation
|
page read and write
|
||
1E34D2B0000
|
heap
|
page read and write
|
||
5B80000
|
trusted library allocation
|
page execute and read and write
|
||
1E34D465000
|
heap
|
page read and write
|
||
79B0000
|
trusted library allocation
|
page read and write
|
||
1E34D090000
|
heap
|
page read and write
|
||
6BCC000
|
trusted library allocation
|
page read and write
|
||
32B1000
|
trusted library allocation
|
page read and write
|
||
1610000
|
trusted library allocation
|
page read and write
|
||
5C50000
|
trusted library allocation
|
page execute and read and write
|
||
325F000
|
stack
|
page read and write
|
||
7FFD34572000
|
trusted library allocation
|
page read and write
|
||
7FFD34562000
|
trusted library allocation
|
page read and write
|
||
71BD000
|
stack
|
page read and write
|
||
143E000
|
stack
|
page read and write
|
||
146B000
|
heap
|
page read and write
|
||
1E34D002000
|
unkown
|
page readonly
|
||
6A5E000
|
stack
|
page read and write
|
||
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
1640000
|
trusted library allocation
|
page read and write
|
||
581E000
|
stack
|
page read and write
|
||
7B95000
|
heap
|
page read and write
|
||
68DA000
|
heap
|
page read and write
|
||
6F10000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD3461C000
|
trusted library allocation
|
page execute and read and write
|
||
1690000
|
heap
|
page read and write
|
||
67EE000
|
stack
|
page read and write
|
||
73F66FE000
|
stack
|
page read and write
|
||
5C2D000
|
trusted library allocation
|
page read and write
|
||
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
162D000
|
trusted library allocation
|
page execute and read and write
|
||
5C10000
|
trusted library allocation
|
page read and write
|
||
3120000
|
trusted library allocation
|
page read and write
|
||
5863000
|
heap
|
page execute and read and write
|
||
7CF6000
|
heap
|
page read and write
|
||
1646000
|
trusted library allocation
|
page execute and read and write
|
||
7B70000
|
heap
|
page read and write
|
||
32ED000
|
trusted library allocation
|
page read and write
|
||
5AB0000
|
trusted library allocation
|
page read and write
|
||
3130000
|
trusted library allocation
|
page read and write
|
||
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
1470000
|
heap
|
page read and write
|
||
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
6092000
|
trusted library allocation
|
page read and write
|
||
6BA0000
|
trusted library allocation
|
page execute and read and write
|
||
5AE1000
|
trusted library allocation
|
page read and write
|
||
5AF0000
|
trusted library allocation
|
page read and write
|
||
1E34D000000
|
unkown
|
page readonly
|
||
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
1657000
|
trusted library allocation
|
page execute and read and write
|
||
6B2E000
|
stack
|
page read and write
|
||
68D0000
|
heap
|
page read and write
|
||
1E34D19C000
|
heap
|
page read and write
|
||
68C8000
|
heap
|
page read and write
|
||
3261000
|
trusted library allocation
|
page read and write
|
||
79C0000
|
trusted library allocation
|
page read and write
|
||
79E0000
|
heap
|
page read and write
|
||
68F0000
|
trusted library allocation
|
page read and write
|
||
6B40000
|
trusted library allocation
|
page read and write
|
||
3140000
|
trusted library allocation
|
page read and write
|
||
5B50000
|
trusted library allocation
|
page read and write
|
||
71F0000
|
heap
|
page read and write
|
||
16C6000
|
heap
|
page read and write
|
||
7FFD34680000
|
trusted library allocation
|
page execute and read and write
|
||
7DE0000
|
trusted library allocation
|
page execute and read and write
|
||
5C00000
|
trusted library allocation
|
page read and write
|
||
60B0000
|
trusted library allocation
|
page read and write
|
||
6B60000
|
trusted library allocation
|
page read and write
|
||
7B65000
|
heap
|
page read and write
|
||
5DEE000
|
stack
|
page read and write
|
||
1E34D3B0000
|
heap
|
page execute and read and write
|
||
1E34D343000
|
trusted library allocation
|
page read and write
|
||
7B4E000
|
heap
|
page read and write
|
||
6A7A000
|
trusted library allocation
|
page read and write
|
||
79F3000
|
heap
|
page read and write
|
||
6B50000
|
trusted library allocation
|
page read and write
|
||
314A000
|
trusted library allocation
|
page read and write
|
||
6F00000
|
trusted library allocation
|
page read and write
|
||
68B5000
|
heap
|
page read and write
|
||
1E34D340000
|
trusted library allocation
|
page read and write
|
||
73F6AFE000
|
stack
|
page read and write
|
||
79F0000
|
heap
|
page read and write
|
||
7FFD34616000
|
trusted library allocation
|
page read and write
|
||
188E000
|
stack
|
page read and write
|
||
1467000
|
heap
|
page read and write
|
||
4293000
|
trusted library allocation
|
page read and write
|
||
1320000
|
heap
|
page read and write
|
||
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
3150000
|
heap
|
page read and write
|
||
571E000
|
stack
|
page read and write
|
||
73F68FF000
|
stack
|
page read and write
|
||
3110000
|
heap
|
page execute and read and write
|
||
5C30000
|
trusted library allocation
|
page read and write
|
||
1786000
|
heap
|
page read and write
|
||
1670000
|
trusted library allocation
|
page read and write
|
||
5860000
|
heap
|
page execute and read and write
|
||
3404000
|
trusted library allocation
|
page read and write
|
||
7B2B000
|
heap
|
page read and write
|
||
1E34EE9C000
|
trusted library allocation
|
page read and write
|
||
7B20000
|
heap
|
page read and write
|
||
12F7000
|
stack
|
page read and write
|
||
6A8F000
|
trusted library allocation
|
page read and write
|
||
1490000
|
heap
|
page read and write
|
||
1E34D202000
|
heap
|
page read and write
|
||
1630000
|
heap
|
page read and write
|
||
596E000
|
stack
|
page read and write
|
||
7970000
|
trusted library allocation
|
page execute and read and write
|
||
1E36788F000
|
trusted library section
|
page read and write
|
||
6C00000
|
trusted library allocation
|
page read and write
|
||
1E34D1FE000
|
heap
|
page read and write
|
||
7240000
|
heap
|
page read and write
|
||
7B41000
|
heap
|
page read and write
|
||
5DFB000
|
trusted library allocation
|
page read and write
|
||
6870000
|
heap
|
page read and write
|
||
1614000
|
trusted library allocation
|
page read and write
|
||
7B1A000
|
heap
|
page read and write
|
||
529C000
|
stack
|
page read and write
|
||
539D000
|
stack
|
page read and write
|
||
6BB0000
|
trusted library allocation
|
page execute and read and write
|
||
60C0000
|
trusted library allocation
|
page read and write
|
||
6879000
|
heap
|
page read and write
|
There are 296 hidden memdumps, click here to show them.