Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CATALOGUE.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_CATALOGUE.exe_8e433f7f3d8b45f96b629c7491ad5b6dd5c35c5_4e303448_a9678df3-5618-46f4-b5b6-867678603126\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER299E.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Jul 12 04:21:59 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B16.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B46.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\regsvcs.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F85.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F86.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F97.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F98.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9F99.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9FA9.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9FAA.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp9FAB.tmp
|
ASCII text, with very long lines (1024), with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\CATALOGUE.exe
|
"C:\Users\user\Desktop\CATALOGUE.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 504 -s 1052
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://ipinfo.io/ip%appdata%
|
unknown
|
|
|
|
https://api.ipify.orgcookies//settinString.Removeg
|
unknown
|
|
|
|
172.81.131.198:16383
|
|
||
|
http://172.81.131.198:16383/
|
172.81.131.198
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnectResponse
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
|
unknown
|
||
|
http://172.81.131.198:
|
unknown
|
||
|
http://tempuri.org/Endpoint/EnvironmentSettings
|
unknown
|
||
|
https://api.ip.sb/geoip%USERPEnvironmentROFILE%
|
unknown
|
||
|
https://api.ip.sb
|
unknown
|
||
|
https://api.ip.sb/geoip
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://tempuri.org/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://tempuri.org/Endpoint/CheckConnect
|
unknown
|
||
|
http://172.81.131.198:16383t-
|
unknown
|
||
|
http://tempuri.org/Endpoint/VerifyUpdateResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/SetEnviron
|
unknown
|
||
|
http://tempuri.org/Endpoint/SetEnvironment
|
unknown
|
||
|
http://tempuri.org/Endpoint/SetEnvironmentResponse
|
unknown
|
||
|
http://172.81.131.198:16383
|
unknown
|
||
|
http://tempuri.org/Endpoint/GetUpdates
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing
|
unknown
|
||
|
http://tempuri.org/Endpoint/GetUpdatesResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/EnvironmentSettingsResponse
|
unknown
|
||
|
http://tempuri.org/Endpoint/VerifyUpdate
|
unknown
|
||
|
http://tempuri.org/0
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/actor/next
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.ip.sb
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.81.131.198
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\regsvcs_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProgramId
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
FileId
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LongPathHash
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Name
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
OriginalFileName
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Publisher
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Version
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinFileVersion
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinaryType
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProductName
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
ProductVersion
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
LinkDate
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
BinProductVersion
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Size
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Language
|
||
|
\REGISTRY\A\{5800130b-fcb3-d34f-e239-be09723f641f}\Root\InventoryApplicationFile\catalogue.exe|320e0e88f8774634
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 28 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E35F039000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1E34F22D000
|
trusted library allocation
|
page read and write
|
|
|
|
1E34EDBB000
|
trusted library allocation
|
page read and write
|
|
|
|
1E34D1FC000
|
heap
|
page read and write
|
||
|
1655000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F670000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C40000
|
trusted library allocation
|
page read and write
|
||
|
1E34EEDB000
|
trusted library allocation
|
page read and write
|
||
|
6BF2000
|
trusted library allocation
|
page read and write
|
||
|
6BE8000
|
trusted library allocation
|
page read and write
|
||
|
1E3674B0000
|
heap
|
page read and write
|
||
|
7FFD34719000
|
trusted library allocation
|
page read and write
|
||
|
73F69FC000
|
stack
|
page read and write
|
||
|
6B70000
|
trusted library allocation
|
page read and write
|
||
|
60C2000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
trusted library allocation
|
page read and write
|
||
|
7300000
|
heap
|
page read and write
|
||
|
60C5000
|
trusted library allocation
|
page read and write
|
||
|
73F6CFE000
|
stack
|
page read and write
|
||
|
7B00000
|
heap
|
page read and write
|
||
|
1E34D170000
|
heap
|
page read and write
|
||
|
71ED000
|
trusted library allocation
|
page read and write
|
||
|
5ABB000
|
trusted library allocation
|
page read and write
|
||
|
1E34D190000
|
heap
|
page read and write
|
||
|
6B90000
|
trusted library allocation
|
page read and write
|
||
|
6EFC000
|
stack
|
page read and write
|
||
|
7FFD34714000
|
trusted library allocation
|
page read and write
|
||
|
6910000
|
trusted library allocation
|
page execute and read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
7B8E000
|
heap
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
6A69000
|
trusted library allocation
|
page read and write
|
||
|
73F6DFE000
|
stack
|
page read and write
|
||
|
4272000
|
trusted library allocation
|
page read and write
|
||
|
7990000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E35ED81000
|
trusted library allocation
|
page read and write
|
||
|
7AE8000
|
heap
|
page read and write
|
||
|
1E3675D0000
|
heap
|
page execute and read and write
|
||
|
5ADE000
|
trusted library allocation
|
page read and write
|
||
|
68C3000
|
heap
|
page read and write
|
||
|
1E34D251000
|
heap
|
page read and write
|
||
|
16BA000
|
heap
|
page read and write
|
||
|
73F64F3000
|
stack
|
page read and write
|
||
|
1E34D1BA000
|
heap
|
page read and write
|
||
|
1642000
|
trusted library allocation
|
page read and write
|
||
|
1613000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AC6000
|
trusted library allocation
|
page read and write
|
||
|
7310000
|
trusted library allocation
|
page read and write
|
||
|
1784000
|
heap
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
60A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6899000
|
heap
|
page read and write
|
||
|
1E34D1D0000
|
heap
|
page read and write
|
||
|
161D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4391000
|
trusted library allocation
|
page read and write
|
||
|
5AC1000
|
trusted library allocation
|
page read and write
|
||
|
16C4000
|
heap
|
page read and write
|
||
|
6A85000
|
trusted library allocation
|
page read and write
|
||
|
426E000
|
trusted library allocation
|
page read and write
|
||
|
73F67FF000
|
stack
|
page read and write
|
||
|
32D7000
|
trusted library allocation
|
page read and write
|
||
|
7980000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
6BED000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
7FFD34620000
|
trusted library allocation
|
page execute and read and write
|
||
|
6808000
|
heap
|
page read and write
|
||
|
6BC4000
|
trusted library allocation
|
page read and write
|
||
|
6BC2000
|
trusted library allocation
|
page read and write
|
||
|
1E34D460000
|
heap
|
page read and write
|
||
|
6AED000
|
stack
|
page read and write
|
||
|
1E34ED70000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page read and write
|
||
|
5DF0000
|
trusted library allocation
|
page read and write
|
||
|
585D000
|
stack
|
page read and write
|
||
|
723E000
|
stack
|
page read and write
|
||
|
79D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
695E000
|
stack
|
page read and write
|
||
|
165B000
|
trusted library allocation
|
page execute and read and write
|
||
|
68BF000
|
heap
|
page read and write
|
||
|
32F1000
|
trusted library allocation
|
page read and write
|
||
|
7B75000
|
heap
|
page read and write
|
||
|
73F6BFF000
|
stack
|
page read and write
|
||
|
1E34D290000
|
heap
|
page read and write
|
||
|
1E34EF04000
|
trusted library allocation
|
page read and write
|
||
|
6BD4000
|
trusted library allocation
|
page read and write
|
||
|
6832000
|
heap
|
page read and write
|
||
|
6BC6000
|
trusted library allocation
|
page read and write
|
||
|
6A8A000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
trusted library allocation
|
page read and write
|
||
|
42D1000
|
trusted library allocation
|
page read and write
|
||
|
5C9D000
|
stack
|
page read and write
|
||
|
1772000
|
heap
|
page read and write
|
||
|
7AE0000
|
heap
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
1698000
|
heap
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BCF000
|
trusted library allocation
|
page read and write
|
||
|
5DFE000
|
trusted library allocation
|
page read and write
|
||
|
6BDE000
|
trusted library allocation
|
page read and write
|
||
|
5B40000
|
trusted library allocation
|
page read and write
|
||
|
1E34D330000
|
trusted library allocation
|
page read and write
|
||
|
15DE000
|
stack
|
page read and write
|
||
|
6A7F000
|
trusted library allocation
|
page read and write
|
||
|
159E000
|
stack
|
page read and write
|
||
|
3078000
|
trusted library allocation
|
page read and write
|
||
|
7FF4F8300000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E34D00C000
|
unkown
|
page readonly
|
||
|
7FFD3458B000
|
trusted library allocation
|
page execute and read and write
|
||
|
44B1000
|
trusted library allocation
|
page read and write
|
||
|
5B00000
|
trusted library allocation
|
page read and write
|
||
|
1E34D1D2000
|
heap
|
page read and write
|
||
|
7FFD34705000
|
trusted library allocation
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
1E35ED87000
|
trusted library allocation
|
page read and write
|
||
|
7320000
|
trusted library allocation
|
page read and write
|
||
|
7B60000
|
heap
|
page read and write
|
||
|
6BE6000
|
trusted library allocation
|
page read and write
|
||
|
7B0A000
|
heap
|
page read and write
|
||
|
6B7A000
|
trusted library allocation
|
page read and write
|
||
|
1E34EDA0000
|
trusted library allocation
|
page read and write
|
||
|
6EBE000
|
stack
|
page read and write
|
||
|
7FFD34584000
|
trusted library allocation
|
page read and write
|
||
|
6900000
|
heap
|
page execute and read and write
|
||
|
7FFD3457D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E34D3C0000
|
trusted library section
|
page read and write
|
||
|
7B0E000
|
heap
|
page read and write
|
||
|
60B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3458D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E3675E0000
|
trusted library section
|
page read and write
|
||
|
5B11000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E34D2D5000
|
heap
|
page read and write
|
||
|
7FFD34610000
|
trusted library allocation
|
page read and write
|
||
|
59AE000
|
stack
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E34D2D0000
|
heap
|
page read and write
|
||
|
1E34EF2E000
|
trusted library allocation
|
page read and write
|
||
|
70BE000
|
stack
|
page read and write
|
||
|
7FFD34563000
|
trusted library allocation
|
page execute and read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
73F65FE000
|
stack
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
5C2A000
|
trusted library allocation
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34646000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B15000
|
heap
|
page read and write
|
||
|
FBB000
|
stack
|
page read and write
|
||
|
68E1000
|
heap
|
page read and write
|
||
|
68EB000
|
heap
|
page read and write
|
||
|
84FE000
|
stack
|
page read and write
|
||
|
6BF5000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34752000
|
trusted library allocation
|
page read and write
|
||
|
1E34ED81000
|
trusted library allocation
|
page read and write
|
||
|
4261000
|
trusted library allocation
|
page read and write
|
||
|
71E0000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
83FE000
|
stack
|
page read and write
|
||
|
5AD2000
|
trusted library allocation
|
page read and write
|
||
|
6BE1000
|
trusted library allocation
|
page read and write
|
||
|
7AED000
|
heap
|
page read and write
|
||
|
5CDE000
|
stack
|
page read and write
|
||
|
6BD8000
|
trusted library allocation
|
page read and write
|
||
|
7CE0000
|
heap
|
page read and write
|
||
|
6A62000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1E34D310000
|
trusted library allocation
|
page read and write
|
||
|
1E35F1BD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3456D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A78000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34570000
|
trusted library allocation
|
page read and write
|
||
|
5BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD345BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
6A65000
|
trusted library allocation
|
page read and write
|
||
|
6A60000
|
trusted library allocation
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
728F000
|
stack
|
page read and write
|
||
|
67F0000
|
heap
|
page read and write
|
||
|
5AAF000
|
stack
|
page read and write
|
||
|
1E366DB0000
|
trusted library allocation
|
page read and write
|
||
|
1E34D2B0000
|
heap
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E34D465000
|
heap
|
page read and write
|
||
|
79B0000
|
trusted library allocation
|
page read and write
|
||
|
1E34D090000
|
heap
|
page read and write
|
||
|
6BCC000
|
trusted library allocation
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
1610000
|
trusted library allocation
|
page read and write
|
||
|
5C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
325F000
|
stack
|
page read and write
|
||
|
7FFD34572000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34562000
|
trusted library allocation
|
page read and write
|
||
|
71BD000
|
stack
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
1E34D002000
|
unkown
|
page readonly
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
7FFD34564000
|
trusted library allocation
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
581E000
|
stack
|
page read and write
|
||
|
7B95000
|
heap
|
page read and write
|
||
|
68DA000
|
heap
|
page read and write
|
||
|
6F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD3461C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
67EE000
|
stack
|
page read and write
|
||
|
73F66FE000
|
stack
|
page read and write
|
||
|
5C2D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page read and write
|
||
|
162D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C10000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
5863000
|
heap
|
page execute and read and write
|
||
|
7CF6000
|
heap
|
page read and write
|
||
|
1646000
|
trusted library allocation
|
page execute and read and write
|
||
|
7B70000
|
heap
|
page read and write
|
||
|
32ED000
|
trusted library allocation
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34580000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
6092000
|
trusted library allocation
|
page read and write
|
||
|
6BA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AE1000
|
trusted library allocation
|
page read and write
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
||
|
1E34D000000
|
unkown
|
page readonly
|
||
|
7FFD34560000
|
trusted library allocation
|
page read and write
|
||
|
1657000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B2E000
|
stack
|
page read and write
|
||
|
68D0000
|
heap
|
page read and write
|
||
|
1E34D19C000
|
heap
|
page read and write
|
||
|
68C8000
|
heap
|
page read and write
|
||
|
3261000
|
trusted library allocation
|
page read and write
|
||
|
79C0000
|
trusted library allocation
|
page read and write
|
||
|
79E0000
|
heap
|
page read and write
|
||
|
68F0000
|
trusted library allocation
|
page read and write
|
||
|
6B40000
|
trusted library allocation
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
trusted library allocation
|
page read and write
|
||
|
71F0000
|
heap
|
page read and write
|
||
|
16C6000
|
heap
|
page read and write
|
||
|
7FFD34680000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
60B0000
|
trusted library allocation
|
page read and write
|
||
|
6B60000
|
trusted library allocation
|
page read and write
|
||
|
7B65000
|
heap
|
page read and write
|
||
|
5DEE000
|
stack
|
page read and write
|
||
|
1E34D3B0000
|
heap
|
page execute and read and write
|
||
|
1E34D343000
|
trusted library allocation
|
page read and write
|
||
|
7B4E000
|
heap
|
page read and write
|
||
|
6A7A000
|
trusted library allocation
|
page read and write
|
||
|
79F3000
|
heap
|
page read and write
|
||
|
6B50000
|
trusted library allocation
|
page read and write
|
||
|
314A000
|
trusted library allocation
|
page read and write
|
||
|
6F00000
|
trusted library allocation
|
page read and write
|
||
|
68B5000
|
heap
|
page read and write
|
||
|
1E34D340000
|
trusted library allocation
|
page read and write
|
||
|
73F6AFE000
|
stack
|
page read and write
|
||
|
79F0000
|
heap
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page read and write
|
||
|
188E000
|
stack
|
page read and write
|
||
|
1467000
|
heap
|
page read and write
|
||
|
4293000
|
trusted library allocation
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
571E000
|
stack
|
page read and write
|
||
|
73F68FF000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page execute and read and write
|
||
|
5C30000
|
trusted library allocation
|
page read and write
|
||
|
1786000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
heap
|
page execute and read and write
|
||
|
3404000
|
trusted library allocation
|
page read and write
|
||
|
7B2B000
|
heap
|
page read and write
|
||
|
1E34EE9C000
|
trusted library allocation
|
page read and write
|
||
|
7B20000
|
heap
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
6A8F000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1E34D202000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
7970000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E36788F000
|
trusted library section
|
page read and write
|
||
|
6C00000
|
trusted library allocation
|
page read and write
|
||
|
1E34D1FE000
|
heap
|
page read and write
|
||
|
7240000
|
heap
|
page read and write
|
||
|
7B41000
|
heap
|
page read and write
|
||
|
5DFB000
|
trusted library allocation
|
page read and write
|
||
|
6870000
|
heap
|
page read and write
|
||
|
1614000
|
trusted library allocation
|
page read and write
|
||
|
7B1A000
|
heap
|
page read and write
|
||
|
529C000
|
stack
|
page read and write
|
||
|
539D000
|
stack
|
page read and write
|
||
|
6BB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
60C0000
|
trusted library allocation
|
page read and write
|
||
|
6879000
|
heap
|
page read and write
|
There are 296 hidden memdumps, click here to show them.