Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
oBfsC4t10n2.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: 0xdf, Last Saved By:
0xdf, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Mar 23 14:19:10 2020, Last Saved Time/Date: Sat
Apr 25 19:43:56 2020, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4783B964-6B07-40F0-8FA8-C56645744E15
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
|
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
|
|
|
https://directory.services.
|
unknown
|
|
|
|
https://login.windows-ppe.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://staging.cortana.ai
|
unknown
|
|
|
|
http://0b.htb/s.dll
|
unknown
|
|
There are 91 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
}e
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
~e
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RemoteClearDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Last
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
FilePath
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
StartDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EndDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Properties
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Url
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastClean
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableWinHttpCertAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableIsOwnerRegex
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableSessionAwareHttpClose
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALForExtendedApps
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALSetSilentAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableGuestCredProvider
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableOstringReplace
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4A863
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSForms
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSComctlLib
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
$n
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
tf9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC542
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
jj9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
There are 38 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E1D024D000
|
unkown
|
page read and write
|
|
|
|
1E1D0180000
|
heap private
|
page read and write
|
|
|
|
17874741000
|
unkown
|
page read and write
|
|
|
|
17874700000
|
unkown
|
page read and write
|
|
|
|
1E1D0292000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD5F000
|
unkown
|
page readonly
|
|
|
|
11A07F20000
|
unkown
|
page readonly
|
|
|
|
2DE27B000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD8F000
|
unkown
|
page readonly
|
|
|
|
7FF4FDDAD000
|
unkown
|
page readonly
|
|
|
|
17874760000
|
unkown
|
page read and write
|
|
|
|
17873E4B000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD30000
|
unkown
|
page readonly
|
|
|
|
7FF4FD53D000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD5C000
|
unkown
|
page readonly
|
|
|
|
7FF52213D000
|
unkown
|
page readonly
|
|
|
|
7FF5E459A000
|
unkown
|
page readonly
|
|
|
|
17873CE0000
|
heap private
|
page read and write
|
|
|
|
7FF5E4443000
|
unkown
|
page readonly
|
|
|
|
7FF4FDE21000
|
unkown
|
page readonly
|
|
|
|
17874771000
|
unkown
|
page read and write
|
|
|
|
1E1D0257000
|
unkown
|
page read and write
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
7FF5E44F3000
|
unkown
|
page readonly
|
|
|
|
17873E70000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
7FF5E4684000
|
unkown
|
page readonly
|
|
|
|
1787472A000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17873EA6000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
17873E4E000
|
unkown
|
page read and write
|
|
|
|
7FF4FDC7D000
|
unkown
|
page readonly
|
|
|
|
7FF5E45E4000
|
unkown
|
page readonly
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
11A07E50000
|
unkown
|
page readonly
|
|
|
|
11A07D66000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD2A000
|
unkown
|
page readonly
|
|
|
|
1E1D023C000
|
unkown
|
page read and write
|
|
|
|
17873E52000
|
unkown
|
page read and write
|
|
|
|
7FF5E43E1000
|
unkown
|
page readonly
|
|
|
|
11A07D8C000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
7FF5E435B000
|
unkown
|
page readonly
|
|
|
|
7FF522139000
|
unkown
|
page readonly
|
|
|
|
7FF5220C0000
|
unkown
|
page readonly
|
|
|
|
17873E59000
|
unkown
|
page read and write
|
|
|
|
17874763000
|
unkown
|
page read and write
|
|
|
|
2DEBF8000
|
unkown
|
page read and write
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
1787473A000
|
unkown
|
page read and write
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
17874756000
|
unkown
|
page read and write
|
|
|
|
7FF5E449B000
|
unkown
|
page readonly
|
|
|
|
1E1D024F000
|
unkown
|
page read and write
|
|
|
|
17874741000
|
unkown
|
page read and write
|
|
|
|
178747D9000
|
unkown
|
page read and write
|
|
|
|
7FF5E407E000
|
unkown
|
page readonly
|
|
|
|
1E1D024B000
|
unkown
|
page read and write
|
|
|
|
17873D60000
|
unkown
|
page readonly
|
|
|
|
7FF5E459E000
|
unkown
|
page readonly
|
|
|
|
17874775000
|
unkown
|
page read and write
|
|
|
|
17874723000
|
unkown
|
page read and write
|
|
|
|
7FF5E4542000
|
unkown
|
page readonly
|
|
|
|
17874602000
|
unkown
|
page read and write
|
|
|
|
7FF5E410E000
|
unkown
|
page readonly
|
|
|
|
7FF5E4112000
|
unkown
|
page readonly
|
|
|
|
1787473B000
|
unkown
|
page read and write
|
|
|
|
7FF5E4574000
|
unkown
|
page readonly
|
|
|
|
2DE37E000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
17873EA1000
|
unkown
|
page read and write
|
|
|
|
7FF5E43A0000
|
unkown
|
page readonly
|
|
|
|
1787479F000
|
unkown
|
page read and write
|
|
|
|
11A08000000
|
unkown
|
page readonly
|
|
|
|
7FF5E444A000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD2E000
|
unkown
|
page readonly
|
|
|
|
11A07D10000
|
unkown
|
page read and write
|
|
|
|
7FF4FDC94000
|
unkown
|
page readonly
|
|
|
|
17873EB0000
|
unkown
|
page read and write
|
|
|
|
7FF52210A000
|
unkown
|
page readonly
|
|
|
|
7FF5220CB000
|
unkown
|
page readonly
|
|
|
|
17874743000
|
unkown
|
page read and write
|
|
|
|
11A07D7E000
|
unkown
|
page read and write
|
|
|
|
17873F08000
|
unkown
|
page read and write
|
|
|
|
7FF5E45B7000
|
unkown
|
page readonly
|
|
|
|
17873E56000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17873EA6000
|
unkown
|
page read and write
|
|
|
|
17874000000
|
unkown
|
page readonly
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
7FF4FD905000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD9E000
|
unkown
|
page readonly
|
|
|
|
7FF52212E000
|
unkown
|
page readonly
|
|
|
|
11A07D85000
|
unkown
|
page read and write
|
|
|
|
7FF5E4102000
|
unkown
|
page readonly
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
2DE77E000
|
unkown
|
page read and write
|
|
|
|
7FF5E4317000
|
unkown
|
page readonly
|
|
|
|
17873E55000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
17873EDF000
|
unkown
|
page read and write
|
|
|
|
7FF522128000
|
unkown
|
page readonly
|
|
|
|
7FF5E45D7000
|
unkown
|
page readonly
|
|
|
|
7FF5E41B7000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD98000
|
unkown
|
page readonly
|
|
|
|
1E1D0252000
|
unkown
|
page read and write
|
|
|
|
17874742000
|
unkown
|
page read and write
|
|
|
|
7FF5E44ED000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD84000
|
unkown
|
page readonly
|
|
|
|
1E1D0291000
|
unkown
|
page read and write
|
|
|
|
17874741000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
2DE9FE000
|
unkown
|
page read and write
|
|
|
|
1E1D0F40000
|
unkown
|
page readonly
|
|
|
|
7FF4FDB81000
|
unkown
|
page readonly
|
|
|
|
7FF5E43D6000
|
unkown
|
page readonly
|
|
|
|
17874800000
|
unkown
|
page readonly
|
|
|
|
7FF5E4481000
|
unkown
|
page readonly
|
|
|
|
17874740000
|
unkown
|
page read and write
|
|
|
|
7FF5E458A000
|
unkown
|
page readonly
|
|
|
|
7FF5E449E000
|
unkown
|
page readonly
|
|
|
|
1787475C000
|
unkown
|
page read and write
|
|
|
|
1E1D0A02000
|
unkown
|
page read and write
|
|
|
|
7FF5221A4000
|
unkown
|
page readonly
|
|
|
|
11A07D91000
|
unkown
|
page read and write
|
|
|
|
6A618A000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
1787473D000
|
unkown
|
page read and write
|
|
|
|
1E1D0286000
|
unkown
|
page read and write
|
|
|
|
7FF5E456B000
|
unkown
|
page readonly
|
|
|
|
17873DE0000
|
unkown
|
page read and write
|
|
|
|
2DE677000
|
unkown
|
page read and write
|
|
|
|
1787473A000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD1A000
|
unkown
|
page readonly
|
|
|
|
17873F02000
|
unkown
|
page read and write
|
|
|
|
17873DE0000
|
unkown
|
page read and write
|
|
|
|
7FF4FD8F0000
|
unkown
|
page readonly
|
|
|
|
17874741000
|
unkown
|
page read and write
|
|
|
|
7FF5E468A000
|
unkown
|
page readonly
|
|
|
|
11A07D85000
|
unkown
|
page read and write
|
|
|
|
17874723000
|
unkown
|
page read and write
|
|
|
|
1E1D04D0000
|
unkown
|
page readonly
|
|
|
|
17873E00000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD3B000
|
unkown
|
page readonly
|
|
|
|
11A07D40000
|
unkown
|
page readonly
|
|
|
|
6A647F000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874C55000
|
unkown
|
page read and write
|
|
|
|
2DE2FE000
|
unkown
|
page read and write
|
|
|
|
1E1D0300000
|
unkown
|
page read and write
|
|
|
|
17874E00000
|
unkown
|
page readonly
|
|
|
|
17873E29000
|
unkown
|
page read and write
|
|
|
|
11A07CF0000
|
unkown
|
page read and write
|
|
|
|
CF33EF000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
178747D9000
|
unkown
|
page read and write
|
|
|
|
7FF4FDDA6000
|
unkown
|
page readonly
|
|
|
|
7FF5E41B5000
|
unkown
|
page readonly
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
1E1D0213000
|
unkown
|
page read and write
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
17873EF6000
|
unkown
|
page read and write
|
|
|
|
7FF5E4619000
|
unkown
|
page readonly
|
|
|
|
7FF4FDC2B000
|
unkown
|
page readonly
|
|
|
|
17873D40000
|
heap default
|
page read and write
|
|
|
|
7FF4FDD74000
|
unkown
|
page readonly
|
|
|
|
1E1D0308000
|
unkown
|
page read and write
|
|
|
|
7FF5E45AB000
|
unkown
|
page readonly
|
|
|
|
11A07D7E000
|
unkown
|
page read and write
|
|
|
|
17873E4A000
|
unkown
|
page read and write
|
|
|
|
1787473E000
|
unkown
|
page read and write
|
|
|
|
7FF4FDBD3000
|
unkown
|
page readonly
|
|
|
|
17873E8B000
|
unkown
|
page read and write
|
|
|
|
17874723000
|
unkown
|
page read and write
|
|
|
|
7FF5E4160000
|
unkown
|
page readonly
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
17874759000
|
unkown
|
page read and write
|
|
|
|
6A65FA000
|
unkown
|
page read and write
|
|
|
|
17873D90000
|
unkown
|
page readonly
|
|
|
|
7FF5E3EF7000
|
unkown
|
page readonly
|
|
|
|
1E1D0271000
|
unkown
|
page read and write
|
|
|
|
17874C00000
|
unkown
|
page read and write
|
|
|
|
7FF5221B1000
|
unkown
|
page readonly
|
|
|
|
CF32EB000
|
unkown
|
page read and write
|
|
|
|
17873EEE000
|
unkown
|
page read and write
|
|
|
|
7FF5E45F4000
|
unkown
|
page readonly
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874713000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
17873EBE000
|
unkown
|
page read and write
|
|
|
|
11A07D85000
|
unkown
|
page read and write
|
|
|
|
7FF5E4320000
|
unkown
|
page readonly
|
|
|
|
7FF5E45EA000
|
unkown
|
page readonly
|
|
|
|
7FF5E43F1000
|
unkown
|
page readonly
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
7FF4FDDA9000
|
unkown
|
page readonly
|
|
|
|
7FF5E4540000
|
unkown
|
page readonly
|
|
|
|
7FF4FDC9C000
|
unkown
|
page readonly
|
|
|
|
7FF5220C5000
|
unkown
|
page readonly
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
7FF5E45CF000
|
unkown
|
page readonly
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
17874762000
|
unkown
|
page read and write
|
|
|
|
11A07FF5000
|
heap private
|
page read and write
|
|
|
|
7FF5E4616000
|
unkown
|
page readonly
|
|
|
|
1E1D0400000
|
unkown
|
page readonly
|
|
|
|
1E1D0254000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
2DE878000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
11A07FF0000
|
heap private
|
page read and write
|
|
|
|
178740D0000
|
unkown
|
page readonly
|
|
|
|
6A64FE000
|
unkown
|
page read and write
|
|
|
|
1E1D0930000
|
unkown
|
page readonly
|
|
|
|
CF3AFD000
|
unkown
|
page read and write
|
|
|
|
7FF521A13000
|
unkown
|
page readonly
|
|
|
|
7FF4FDC11000
|
unkown
|
page readonly
|
|
|
|
7FF5221B2000
|
unkown
|
page readonly
|
|
|
|
11A07D76000
|
unkown
|
page read and write
|
|
|
|
7FF4FDE14000
|
unkown
|
page readonly
|
|
|
|
17874730000
|
unkown
|
page read and write
|
|
|
|
17873DD0000
|
unkown
|
page readonly
|
|
|
|
7FF5E456F000
|
unkown
|
page readonly
|
|
|
|
17874763000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
7FF5E3EA1000
|
unkown
|
page readonly
|
|
|
|
1E1D0200000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD7A000
|
unkown
|
page readonly
|
|
|
|
1E1D0940000
|
unkown
|
page read and write
|
|
|
|
17874D00000
|
unkown
|
page read and write
|
|
|
|
CF36F5000
|
unkown
|
page read and write
|
|
|
|
17873DE0000
|
unkown
|
page readonly
|
|
|
|
178747C6000
|
unkown
|
page read and write
|
|
|
|
7FF5220F8000
|
unkown
|
page readonly
|
|
|
|
17874759000
|
unkown
|
page read and write
|
|
|
|
7FF4FDE22000
|
unkown
|
page readonly
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
17873E3C000
|
unkown
|
page read and write
|
|
|
|
1E1D01E0000
|
heap default
|
page read and write
|
|
|
|
17873ED7000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
7FF5E4175000
|
unkown
|
page readonly
|
|
|
|
17874CA8000
|
unkown
|
page read and write
|
|
|
|
7FF5E4691000
|
unkown
|
page readonly
|
|
|
|
7FF5E4692000
|
unkown
|
page readonly
|
|
|
|
7FF4FDD35000
|
unkown
|
page readonly
|
|
|
|
1E1D0302000
|
unkown
|
page read and write
|
|
|
|
7FF5221AA000
|
unkown
|
page readonly
|
|
|
|
17874C63000
|
unkown
|
page read and write
|
|
|
|
7FF5220EC000
|
unkown
|
page readonly
|
|
|
|
11A07D8C000
|
unkown
|
page read and write
|
|
|
|
1787479B000
|
unkown
|
page read and write
|
|
|
|
7FF5E3EF3000
|
unkown
|
page readonly
|
|
|
|
178747D9000
|
unkown
|
page read and write
|
|
|
|
7FF4FDAB0000
|
unkown
|
page readonly
|
|
|
|
1E1D0248000
|
unkown
|
page read and write
|
|
|
|
7FF522104000
|
unkown
|
page readonly
|
|
|
|
6A6579000
|
unkown
|
page read and write
|
|
|
|
7FF4FDC83000
|
unkown
|
page readonly
|
|
|
|
17873E85000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874760000
|
unkown
|
page read and write
|
|
|
|
17873DC0000
|
unkown
|
page readonly
|
|
|
|
7FF5E45A5000
|
unkown
|
page readonly
|
|
|
|
11A07D8C000
|
unkown
|
page read and write
|
|
|
|
2DE977000
|
unkown
|
page read and write
|
|
|
|
7FF5E3DAD000
|
unkown
|
page readonly
|
|
|
|
2DE57B000
|
unkown
|
page read and write
|
|
|
|
17873DF0000
|
unkown
|
page read and write
|
|
|
|
7FF521A17000
|
unkown
|
page readonly
|
|
|
|
1E1D0258000
|
unkown
|
page read and write
|
|
|
|
7FF5E43D4000
|
unkown
|
page readonly
|
|
|
|
17874759000
|
unkown
|
page read and write
|
|
|
|
17873D70000
|
unkown
|
page read and write
|
|
|
|
17873E4C000
|
unkown
|
page read and write
|
|
|
|
17874530000
|
unkown
|
page write copy
|
|
|
|
CF37FB000
|
unkown
|
page read and write
|
|
|
|
7FF5E4504000
|
unkown
|
page readonly
|
|
|
|
17874C63000
|
unkown
|
page read and write
|
|
|
|
7FF5E44A3000
|
unkown
|
page readonly
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
11A07D75000
|
unkown
|
page read and write
|
|
|
|
2DE475000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874C02000
|
unkown
|
page read and write
|
|
|
|
7FF5E458C000
|
unkown
|
page readonly
|
|
|
|
17874C55000
|
unkown
|
page read and write
|
|
|
|
6A677F000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD67000
|
unkown
|
page readonly
|
|
|
|
11A07D5B000
|
heap default
|
page read and write
|
|
|
|
CF3BFF000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874580000
|
unkown
|
page readonly
|
|
|
|
7FF5E45A0000
|
unkown
|
page readonly
|
|
|
|
17873F13000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD1C000
|
unkown
|
page readonly
|
|
|
|
7FF522114000
|
unkown
|
page readonly
|
|
|
|
7FF4FDE1A000
|
unkown
|
page readonly
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
11A07D50000
|
heap default
|
page read and write
|
|
|
|
17873EC5000
|
unkown
|
page read and write
|
|
|
|
7FF5E45CC000
|
unkown
|
page readonly
|
|
|
|
17874766000
|
unkown
|
page read and write
|
|
|
|
17874D02000
|
unkown
|
page read and write
|
|
|
|
11A07D90000
|
unkown
|
page read and write
|
|
|
|
17874785000
|
unkown
|
page read and write
|
|
|
|
17873E53000
|
unkown
|
page read and write
|
|
|
|
CF39FF000
|
unkown
|
page read and write
|
|
|
|
7FF5220EF000
|
unkown
|
page readonly
|
|
|
|
7FF5E457F000
|
unkown
|
page readonly
|
|
|
|
7FF5E4608000
|
unkown
|
page readonly
|
|
|
|
178747B5000
|
unkown
|
page read and write
|
|
|
|
1E1D0247000
|
unkown
|
page read and write
|
|
|
|
6A66FE000
|
unkown
|
page read and write
|
|
|
|
11A07D7E000
|
unkown
|
page read and write
|
|
|
|
7FF5E460E000
|
unkown
|
page readonly
|
|
|
|
7FF5E450C000
|
unkown
|
page readonly
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
1787473A000
|
unkown
|
page read and write
|
|
|
|
7FF52211E000
|
unkown
|
page readonly
|
|
|
|
178747A0000
|
unkown
|
page read and write
|
|
|
|
1E1D0C00000
|
unkown
|
page readonly
|
|
|
|
7FF5E4166000
|
unkown
|
page readonly
|
|
|
|
7FF4FD8F6000
|
unkown
|
page readonly
|
|
|
|
17873EEE000
|
unkown
|
page read and write
|
|
|
|
7FF5E45FF000
|
unkown
|
page readonly
|
|
|
|
7FF5E44A8000
|
unkown
|
page readonly
|
|
|
|
1787473E000
|
unkown
|
page read and write
|
|
|
|
17874784000
|
unkown
|
page read and write
|
|
|
|
2DEAFB000
|
unkown
|
page read and write
|
|
|
|
7FF4FDD47000
|
unkown
|
page readonly
|
|
|
|
7FF4FDAA7000
|
unkown
|
page readonly
|
|
|
|
17874723000
|
unkown
|
page read and write
|
|
|
|
7FF4FDC2E000
|
unkown
|
page readonly
|
|
|
|
17874774000
|
unkown
|
page read and write
|
|
|
|
17874763000
|
unkown
|
page read and write
|
|
|
|
6A667F000
|
unkown
|
page read and write
|
|
|
|
CF38F7000
|
unkown
|
page read and write
|
|
|
|
1E1D01F0000
|
unkown
|
page readonly
|
|
|
|
11A07D66000
|
heap default
|
page read and write
|
|
|
|
17873E13000
|
unkown
|
page read and write
|
|
|
|
17873E57000
|
unkown
|
page read and write
|
|
|
|
11A07D61000
|
unkown
|
page read and write
|
|
|
|
17874794000
|
unkown
|
page read and write
|
|
|
|
CF336E000
|
unkown
|
page read and write
|
|
|
|
7FF5E4366000
|
unkown
|
page readonly
|
|
|
|
17873DE0000
|
unkown
|
page read and write
|
|
|
|
1E1D0313000
|
unkown
|
page read and write
|
|
|
|
17874763000
|
unkown
|
page read and write
|
|
|
|
1E1D022A000
|
unkown
|
page read and write
|
|
|
|
17874757000
|
unkown
|
page read and write
|
|
|
|
17873D50000
|
unkown
|
page readonly
|
|
There are 351 hidden memdumps, click here to show them.