Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cnewton doc 08.11.2022.doc
|
Zip archive data, at least v2.0 to extract
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\y6963.tmp.dll
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\y5A7.tmp.dll
|
HTML document, ASCII text
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\cnewton doc 08.11.2022.doc.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:31:50
2022, mtime=Fri Aug 12 00:49:52 2022, atime=Fri Aug 12 00:49:44 2022, length=2248355, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\y745B.tmp.dll
|
HTML document, ASCII text
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\-f[1].htm
|
HTML document, ASCII text
|
downloaded
|
||
|
C:\Users\user\AppData\Local\Temp\CVR5475.tmp.cvr
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\cnewton doc 08.11.2022.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:54
2022, mtime=Tue Mar 8 15:45:54 2022, atime=Fri Aug 12 01:06:11 2022, length=2343230, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\~$ewton doc 08.11.2022.doc
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_WINWORD.EXE_36a787bf8896eba6a9e85f1761f2a7eec6686b_5f94c319_0fad4122\Report.wer
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A7D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Aug 12 01:50:36 2022, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER37FB.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39C1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\AE1D8E82-09A3-4CE3-BB95-E3559641C73B
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\-f[1].htm
|
HTML document, ASCII text
|
downloaded
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 4160
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 4152
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-fC:
|
unknown
|
|
|
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-fggC:
|
unknown
|
|
|
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-ftem32
|
unknown
|
|
|
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-f
|
45.8.146.139
|
|
|
|
http://www.%s.comPA
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
||
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_
|
unknown
|
||
|
https://outlook.office.com2006
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-f71USERNAME=userUSERPROFILE=C:
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizetenk%M
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeaz&L
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizePh
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizese
|
unknown
|
||
|
http://purl.oclc.org/ooxml/drawingml/diagram-E0
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeAx
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveApp
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies_J
|
unknown
|
||
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-fe
|
unknown
|
||
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-fn
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspxBD
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile5QlO
|
unknown
|
||
|
http://45.8.146.139/fhfty/NH1-X8NL7CO4_YNJ-MEFY7BW9QYIJW1I/-fOOC:
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize#
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://login.windows-ppe.net/common/oauth2/authorizewM%M
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize$
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.office.net.&
|
unknown
|
||
|
https://api.cortana.aiU
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeox
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://onedrive.live.com/embed?i
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize/2
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.office.netA&.H
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://api.powerbi.com/beta/myorg/importshG&M
|
unknown
|
||
|
https://outlook.office.comBr
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizerdml
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://api.cortana.aiL
|
unknown
|
||
|
https://onedrive.live.comew
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebookf
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksCP
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.
|
unknown
|
||
|
https://substrate.office.comP
|
unknown
|
||
|
https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2Area
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeOh
|
unknown
|
||
|
https://api.diagnostics.office.comom
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://substrate.office.comW
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://globaldisco.crm.dynamics.comom
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizevB&L
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeg
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize~h
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeN=
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeQ
|
unknown
|
||
|
https://www.odwebp.svc.msom
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeCache
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeR
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizek27L
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeS
|
unknown
|
||
|
https://powerlift.acompli.netPrqL
|
unknown
|
||
|
https://lifecycle.office.comov
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize7ehM
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorizeM
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://dataservice.o365filtering.comVb
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize=
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize0
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api/
|
unknown
|
There are 97 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.8.146.139
|
unknown
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
u$/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
m%/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
o'/
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\65ADC
|
65ADC
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTA
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
{v8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
|v8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
az8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
|c8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\1F604
|
1F604
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHivePermissionsCorrect
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
|
AmiHiveOwnerCorrect
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
ProgramId
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
FileId
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
LongPathHash
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
Name
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
Publisher
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
Version
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
BinFileVersion
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
BinaryType
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
ProductName
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
ProductVersion
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
LinkDate
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
BinProductVersion
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
Size
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
Language
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
IsPeFile
|
||
|
\REGISTRY\A\{50dbf55d-f1e7-f498-6062-44dfbbd3c1f9}\Root\InventoryApplicationFile\winword.exe|597535ad
|
IsOsComponent
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
|
ExceptionRecord
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
|
0018800453F4626F
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
)l0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
/m0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
#o0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\666DE
|
666DE
|
There are 97 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
72B0000
|
unkown
|
page read and write
|
||
|
3C60000
|
unkown
|
page read and write
|
||
|
2414000
|
unkown
|
page read and write
|
||
|
5A70000
|
unkown
|
page read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
2F00000
|
unkown
|
page read and write
|
||
|
1F00000
|
heap
|
page read and write
|
||
|
2EE2000
|
unkown
|
page read and write
|
||
|
6874000
|
unkown
|
page execute and read and write
|
||
|
843E000
|
unkown
|
page read and write
|
||
|
6F4B000
|
heap
|
page read and write
|
||
|
5A60000
|
unkown
|
page read and write
|
||
|
3BDD000
|
unkown
|
page read and write
|
||
|
340000
|
unkown
|
page read and write
|
||
|
9D1F000
|
unkown
|
page read and write
|
||
|
6110000
|
unkown
|
page read and write
|
||
|
1EE0000
|
unkown
|
page read and write
|
||
|
72B4000
|
heap
|
page read and write
|
||
|
65C0000
|
unkown
|
page read and write
|
||
|
9350000
|
unkown
|
page read and write
|
||
|
65C0000
|
unkown
|
page read and write
|
||
|
2E5000
|
heap
|
page read and write
|
||
|
72B7000
|
unkown
|
page read and write
|
||
|
6100000
|
unkown
|
page read and write
|
||
|
5A50000
|
unkown
|
page read and write
|
||
|
59F000
|
stack
|
page read and write
|
||
|
1F18000
|
unkown
|
page read and write
|
||
|
138000
|
unkown
|
page read and write
|
||
|
65CD000
|
unkown
|
page read and write
|
||
|
60E0000
|
unkown
|
page read and write
|
||
|
2F30000
|
unkown
|
page read and write
|
||
|
6F30000
|
unkown
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
4DF000
|
stack
|
page read and write
|
||
|
280000
|
unkown
|
page read and write
|
||
|
9354000
|
unkown
|
page read and write
|
||
|
5A60000
|
unkown
|
page read and write
|
||
|
2ED0000
|
unkown
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
3DC0000
|
unkown
|
page read and write
|
||
|
4060000
|
unkown
|
page read and write
|
||
|
5B00000
|
unkown
|
page read and write
|
||
|
71A0000
|
unkown
|
page read and write
|
||
|
24D0000
|
unkown
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
74E0000
|
unkown
|
page read and write
|
||
|
4060000
|
unkown
|
page read and write
|
||
|
2FD0000
|
unkown
|
page execute and read and write
|
||
|
4900000
|
unkown
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
6050000
|
unkown
|
page read and write
|
||
|
245C000
|
unkown
|
page read and write
|
||
|
1EF4000
|
unkown
|
page read and write
|
||
|
2F45000
|
unkown
|
page read and write
|
||
|
330000
|
unkown
|
page read and write
|
||
|
2E80000
|
unkown
|
page read and write
|
||
|
496000
|
unkown
|
page read and write
|
||
|
81EC000
|
unkown
|
page read and write
|
||
|
290000
|
unkown
|
page read and write
|
||
|
727F000
|
unkown
|
page readonly
|
||
|
170000
|
unkown
|
page readonly
|
||
|
5CB0000
|
unkown
|
page read and write
|
||
|
980000
|
unkown
|
page readonly
|
||
|
1DB6000
|
unkown
|
page read and write
|
||
|
360000
|
unkown
|
page read and write
|
||
|
5FE0000
|
unkown
|
page read and write
|
||
|
2FC0000
|
unkown
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
65CA000
|
unkown
|
page read and write
|
||
|
60E0000
|
unkown
|
page read and write
|
||
|
9350000
|
unkown
|
page read and write
|
||
|
49E000
|
unkown
|
page read and write
|
||
|
8529000
|
unkown
|
page execute and read and write
|
||
|
416E000
|
unkown
|
page read and write
|
||
|
9020000
|
unkown
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
5CC0000
|
unkown
|
page read and write
|
||
|
1F18000
|
unkown
|
page read and write
|
||
|
6D50000
|
unkown
|
page read and write
|
||
|
6010000
|
unkown
|
page read and write
|
||
|
2410000
|
unkown
|
page read and write
|
||
|
6841000
|
unkown
|
page read and write
|
||
|
5A70000
|
heap
|
page read and write
|
||
|
66F9000
|
unkown
|
page read and write
|
||
|
68C4000
|
unkown
|
page read and write
|
||
|
9352000
|
unkown
|
page read and write
|
||
|
1FA4000
|
unkown
|
page read and write
|
||
|
2430000
|
unkown
|
page read and write
|
||
|
2EB0000
|
unkown
|
page read and write
|
||
|
65CD000
|
unkown
|
page read and write
|
||
|
2090000
|
unkown
|
page read and write
|
||
|
2444000
|
unkown
|
page read and write
|
||
|
6A00000
|
unkown
|
page read and write
|
||
|
3EF0000
|
unkown
|
page read and write
|
||
|
6DA0000
|
unkown
|
page read and write
|
||
|
2E5000
|
unkown
|
page read and write
|
||
|
5FD0000
|
unkown
|
page readonly
|
||
|
1D80000
|
unkown
|
page read and write
|
||
|
2480000
|
unkown
|
page read and write
|
||
|
2438000
|
unkown
|
page read and write
|
||
|
2420000
|
unkown
|
page read and write
|
||
|
3D7A000
|
unkown
|
page read and write
|
||
|
71E0000
|
unkown
|
page read and write
|
||
|
330000
|
unkown
|
page read and write
|
||
|
1F00000
|
unkown
|
page read and write
|
||
|
5B48000
|
unkown
|
page read and write
|
||
|
2F3D000
|
unkown
|
page read and write
|
||
|
77000
|
heap
|
page read and write
|
||
|
1F04000
|
unkown
|
page read and write
|
||
|
3C50000
|
unkown
|
page read and write
|
||
|
2119000
|
unkown
|
page read and write
|
||
|
5B40000
|
unkown
|
page read and write
|
||
|
1F30000
|
unkown
|
page read and write
|
||
|
249C000
|
unkown
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
81EE000
|
unkown
|
page read and write
|
||
|
71F2000
|
unkown
|
page read and write
|
||
|
7274000
|
unkown
|
page readonly
|
||
|
2440000
|
unkown
|
page read and write
|
||
|
24D0000
|
unkown
|
page read and write
|
||
|
3D6E000
|
unkown
|
page read and write
|
||
|
3C03000
|
unkown
|
page read and write
|
||
|
1EC0000
|
unkown
|
page read and write
|
||
|
6D10000
|
unkown
|
page read and write
|
||
|
1EB3000
|
unkown
|
page read and write
|
||
|
6110000
|
unkown
|
page read and write
|
||
|
3D80000
|
unkown
|
page read and write
|
||
|
71B0000
|
unkown
|
page read and write
|
||
|
8F00000
|
unkown
|
page read and write
|
||
|
6889000
|
unkown
|
page read and write
|
||
|
7240000
|
unkown
|
page read and write
|
||
|
2FD0000
|
heap
|
page execute and read and write
|
||
|
2EB0000
|
unkown
|
page read and write
|
||
|
2450000
|
unkown
|
page read and write
|
||
|
6877000
|
unkown
|
page read and write
|
||
|
4050000
|
unkown
|
page read and write
|
||
|
7220000
|
unkown
|
page read and write
|
||
|
713E000
|
unkown
|
page read and write
|
||
|
2EF0000
|
unkown
|
page read and write
|
||
|
5CD0000
|
unkown
|
page read and write
|
||
|
2F00000
|
unkown
|
page read and write
|
||
|
660000
|
unkown
|
page readonly
|
||
|
6900000
|
unkown
|
page read and write
|
||
|
3C00000
|
unkown
|
page read and write
|
||
|
3D90000
|
unkown
|
page read and write
|
||
|
560000
|
unkown
|
page read and write
|
||
|
5A20000
|
unkown
|
page read and write
|
||
|
6040000
|
unkown
|
page read and write
|
||
|
2F12000
|
unkown
|
page read and write
|
||
|
3C50000
|
unkown
|
page read and write
|
||
|
2F49000
|
unkown
|
page read and write
|
||
|
7220000
|
unkown
|
page read and write
|
||
|
2460000
|
unkown
|
page readonly
|
||
|
6120000
|
unkown
|
page read and write
|
||
|
4A6000
|
unkown
|
page read and write
|
||
|
340000
|
unkown
|
page read and write
|
||
|
9385000
|
unkown
|
page read and write
|
||
|
3F40000
|
unkown
|
page read and write
|
||
|
612D000
|
unkown
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
3F2D000
|
unkown
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
2460000
|
unkown
|
page readonly
|
||
|
5B30000
|
heap
|
page read and write
|
||
|
7000000
|
unkown
|
page read and write
|
||
|
4A10000
|
unkown
|
page read and write
|
||
|
6841000
|
unkown
|
page read and write
|
||
|
308000
|
unkown
|
page read and write
|
||
|
24F0000
|
unkown
|
page read and write
|
||
|
6877000
|
unkown
|
page read and write
|
||
|
2F3F000
|
unkown
|
page read and write
|
||
|
7020000
|
unkown
|
page read and write
|
||
|
1EA0000
|
unkown
|
page read and write
|
||
|
2119000
|
unkown
|
page read and write
|
||
|
23F0000
|
unkown
|
page readonly
|
||
|
7270000
|
unkown
|
page readonly
|
||
|
4BF000
|
unkown
|
page read and write
|
||
|
6A00000
|
unkown
|
page read and write
|
||
|
6F4B000
|
unkown
|
page read and write
|
||
|
2D0000
|
unkown
|
page read and write
|
||
|
6060000
|
heap
|
page read and write
|
||
|
B6000
|
heap
|
page read and write
|
||
|
2400000
|
unkown
|
page read and write
|
||
|
2EF0000
|
unkown
|
page read and write
|
||
|
3F10000
|
unkown
|
page read and write
|
||
|
3F30000
|
unkown
|
page read and write
|
||
|
B5F000
|
stack
|
page read and write
|
||
|
25C000
|
stack
|
page read and write
|
||
|
3C60000
|
unkown
|
page read and write
|
||
|
404C000
|
unkown
|
page read and write
|
||
|
7180000
|
unkown
|
page read and write
|
||
|
1F30000
|
unkown
|
page read and write
|
||
|
4560000
|
unkown
|
page read and write
|
||
|
7280000
|
unkown
|
page readonly
|
||
|
350000
|
unkown
|
page read and write
|
||
|
72B0000
|
heap
|
page read and write
|
||
|
67B8000
|
unkown
|
page read and write
|
||
|
60F0000
|
unkown
|
page read and write
|
||
|
4CF000
|
unkown
|
page read and write
|
||
|
120000
|
unkown
|
page read and write
|
||
|
460000
|
unkown
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
300000
|
unkown
|
page read and write
|
||
|
6FF0000
|
unkown
|
page read and write
|
||
|
3F20000
|
unkown
|
page read and write
|
||
|
2111000
|
unkown
|
page read and write
|
||
|
2FC0000
|
unkown
|
page read and write
|
||
|
5B46000
|
unkown
|
page read and write
|
||
|
25A000
|
stack
|
page read and write
|
||
|
68C4000
|
unkown
|
page read and write
|
||
|
3AB0000
|
unkown
|
page read and write
|
||
|
596000
|
unkown
|
page read and write
|
||
|
4900000
|
unkown
|
page read and write
|
||
|
683E000
|
unkown
|
page execute and read and write
|
||
|
31A000
|
stack
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
4733000
|
unkown
|
page read and write
|
||
|
3AC0000
|
unkown
|
page read and write
|
||
|
2448000
|
unkown
|
page read and write
|
||
|
4660000
|
unkown
|
page read and write
|
||
|
1EF4000
|
unkown
|
page read and write
|
||
|
5A30000
|
unkown
|
page read and write
|
||
|
7180000
|
unkown
|
page read and write
|
||
|
6E30000
|
unkown
|
page read and write
|
||
|
67B8000
|
unkown
|
page read and write
|
||
|
1F34000
|
unkown
|
page read and write
|
||
|
4170000
|
unkown
|
page readonly
|
||
|
746E000
|
unkown
|
page read and write
|
||
|
3C00000
|
unkown
|
page read and write
|
||
|
68EF000
|
unkown
|
page read and write
|
||
|
39E000
|
heap
|
page read and write
|
||
|
2526000
|
unkown
|
page read and write
|
||
|
2095000
|
heap
|
page read and write
|
||
|
81EC000
|
unkown
|
page read and write
|
||
|
3060000
|
unkown
|
page read and write
|
||
|
3060000
|
unkown
|
page read and write
|
||
|
2F28000
|
unkown
|
page read and write
|
||
|
746E000
|
unkown
|
page read and write
|
||
|
5C89000
|
unkown
|
page read and write
|
||
|
3AE0000
|
unkown
|
page readonly
|
||
|
6DB5000
|
unkown
|
page read and write
|
||
|
2E80000
|
unkown
|
page read and write
|
||
|
3ECB000
|
unkown
|
page read and write
|
||
|
81E9000
|
unkown
|
page read and write
|
||
|
3D96000
|
unkown
|
page read and write
|
||
|
3D80000
|
unkown
|
page read and write
|
||
|
7190000
|
unkown
|
page read and write
|
||
|
5EC0000
|
unkown
|
page read and write
|
||
|
1FA4000
|
unkown
|
page read and write
|
||
|
4770000
|
heap
|
page read and write
|
||
|
120000
|
heap
|
page read and write
|
||
|
7FEFE990000
|
unkown
|
page execute read
|
||
|
D0000
|
unkown
|
page read and write
|
||
|
408000
|
unkown
|
page read and write
|
||
|
2410000
|
unkown
|
page read and write
|
||
|
280000
|
unkown
|
page read and write
|
||
|
6874000
|
unkown
|
page execute and read and write
|
||
|
4760000
|
unkown
|
page read and write
|
||
|
7010000
|
unkown
|
page read and write
|
||
|
5A40000
|
unkown
|
page read and write
|
||
|
2450000
|
unkown
|
page read and write
|
||
|
727F000
|
unkown
|
page readonly
|
||
|
1ED2000
|
unkown
|
page read and write
|
||
|
92D0000
|
unkown
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
1EA6000
|
unkown
|
page read and write
|
||
|
3F2D000
|
unkown
|
page read and write
|
||
|
24A0000
|
unkown
|
page readonly
|
||
|
1EA6000
|
unkown
|
page read and write
|
||
|
6DB5000
|
heap
|
page read and write
|
||
|
2438000
|
unkown
|
page read and write
|
||
|
88D0000
|
unkown
|
page read and write
|
||
|
3070000
|
unkown
|
page read and write
|
||
|
5A10000
|
unkown
|
page read and write
|
||
|
2400000
|
unkown
|
page read and write
|
||
|
2095000
|
unkown
|
page read and write
|
||
|
5B40000
|
heap
|
page read and write
|
||
|
2EE2000
|
unkown
|
page read and write
|
||
|
290000
|
unkown
|
page read and write
|
||
|
2F40000
|
unkown
|
page read and write
|
||
|
2420000
|
unkown
|
page read and write
|
||
|
249C000
|
unkown
|
page read and write
|
||
|
4A15000
|
unkown
|
page read and write
|
||
|
3F40000
|
unkown
|
page read and write
|
||
|
5A50000
|
unkown
|
page read and write
|
||
|
3AC0000
|
unkown
|
page read and write
|
||
|
1EA0000
|
unkown
|
page read and write
|
||
|
1F60000
|
unkown
|
page read and write
|
||
|
350000
|
unkown
|
page read and write
|
||
|
E0000
|
unkown
|
page readonly
|
||
|
6FF0000
|
unkown
|
page read and write
|
||
|
300000
|
unkown
|
page read and write
|
||
|
5E40000
|
unkown
|
page read and write
|
||
|
2D0000
|
unkown
|
page read and write
|
||
|
4170000
|
unkown
|
page readonly
|
||
|
2496000
|
unkown
|
page read and write
|
||
|
7140000
|
unkown
|
page read and write
|
||
|
71A0000
|
unkown
|
page read and write
|
||
|
1FB0000
|
unkown
|
page readonly
|
||
|
6010000
|
unkown
|
page read and write
|
||
|
7280000
|
unkown
|
page readonly
|
||
|
4682000
|
unkown
|
page read and write
|
||
|
713E000
|
unkown
|
page read and write
|
||
|
3050000
|
unkown
|
page read and write
|
||
|
5F40000
|
unkown
|
page read and write
|
||
|
24E0000
|
heap
|
page read and write
|
||
|
1F42000
|
unkown
|
page read and write
|
||
|
2EA0000
|
unkown
|
page read and write
|
||
|
81E9000
|
unkown
|
page read and write
|
||
|
24F0000
|
unkown
|
page read and write
|
||
|
4D4000
|
unkown
|
page read and write
|
||
|
6E30000
|
unkown
|
page read and write
|
||
|
5E40000
|
unkown
|
page read and write
|
||
|
72C0000
|
unkown
|
page read and write
|
||
|
6E66000
|
unkown
|
page read and write
|
||
|
3D72000
|
unkown
|
page read and write
|
||
|
1F50000
|
unkown
|
page read and write
|
||
|
310000
|
unkown
|
page readonly
|
||
|
9370000
|
unkown
|
page read and write
|
||
|
23F0000
|
unkown
|
page readonly
|
||
|
20CB000
|
unkown
|
page read and write
|
||
|
6700000
|
unkown
|
page read and write
|
||
|
5CBA000
|
unkown
|
page read and write
|
||
|
2F3A000
|
unkown
|
page read and write
|
||
|
2429000
|
unkown
|
page read and write
|
||
|
61B0000
|
unkown
|
page read and write
|
||
|
3C03000
|
unkown
|
page read and write
|
||
|
2E7000
|
unkown
|
page read and write
|
||
|
1F2E000
|
unkown
|
page read and write
|
||
|
85B0000
|
unkown
|
page execute and read and write
|
||
|
100000
|
unkown
|
page readonly
|
||
|
67CF000
|
unkown
|
page read and write
|
||
|
416E000
|
unkown
|
page read and write
|
||
|
2499000
|
unkown
|
page read and write
|
||
|
71C0000
|
unkown
|
page read and write
|
||
|
7020000
|
unkown
|
page read and write
|
||
|
24E4000
|
heap
|
page read and write
|
||
|
310000
|
unkown
|
page readonly
|
||
|
3C5D000
|
unkown
|
page read and write
|
||
|
68A6000
|
unkown
|
page read and write
|
||
|
68A6000
|
unkown
|
page read and write
|
||
|
7230000
|
unkown
|
page read and write
|
||
|
3EE0000
|
unkown
|
page read and write
|
||
|
24E0000
|
unkown
|
page read and write
|
||
|
9080000
|
heap
|
page read and write
|
||
|
4A15000
|
unkown
|
page read and write
|
||
|
8440000
|
unkown
|
page execute and read and write
|
||
|
6DB0000
|
heap
|
page read and write
|
||
|
6889000
|
unkown
|
page read and write
|
||
|
8529000
|
unkown
|
page execute and read and write
|
||
|
5FF0000
|
unkown
|
page read and write
|
||
|
2ED0000
|
unkown
|
page read and write
|
||
|
D0000
|
unkown
|
page read and write
|
||
|
3D7A000
|
unkown
|
page read and write
|
||
|
2405000
|
unkown
|
page read and write
|
||
|
1D80000
|
unkown
|
page read and write
|
||
|
27F000
|
stack
|
page read and write
|
||
|
4D4000
|
unkown
|
page read and write
|
||
|
3F00000
|
unkown
|
page read and write
|
||
|
6000000
|
unkown
|
page read and write
|
||
|
1F04000
|
heap
|
page read and write
|
||
|
65B0000
|
unkown
|
page readonly
|
||
|
4682000
|
unkown
|
page read and write
|
||
|
2440000
|
unkown
|
page read and write
|
||
|
320000
|
unkown
|
page read and write
|
||
|
5CD0000
|
unkown
|
page read and write
|
||
|
7230000
|
unkown
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
560000
|
unkown
|
page read and write
|
||
|
2EA0000
|
unkown
|
page read and write
|
||
|
2429000
|
unkown
|
page read and write
|
||
|
1F34000
|
unkown
|
page read and write
|
||
|
7F0000
|
unkown
|
page readonly
|
||
|
9354000
|
unkown
|
page read and write
|
||
|
1F58000
|
unkown
|
page read and write
|
||
|
9D1F000
|
unkown
|
page read and write
|
||
|
4760000
|
unkown
|
page read and write
|
||
|
2E0000
|
unkown
|
page read and write
|
||
|
61B0000
|
unkown
|
page read and write
|
||
|
2F49000
|
heap
|
page read and write
|
||
|
3EF0000
|
unkown
|
page read and write
|
||
|
3D77000
|
unkown
|
page read and write
|
||
|
4A6000
|
unkown
|
page read and write
|
||
|
7EFE0000
|
unkown
|
page readonly
|
||
|
6100000
|
unkown
|
page read and write
|
||
|
6050000
|
unkown
|
page read and write
|
||
|
3D77000
|
unkown
|
page read and write
|
||
|
3EE0000
|
unkown
|
page read and write
|
||
|
1F10000
|
unkown
|
page read and write
|
||
|
596000
|
unkown
|
page read and write
|
||
|
100000
|
unkown
|
page readonly
|
||
|
65B0000
|
unkown
|
page readonly
|
||
|
6130000
|
heap
|
page read and write
|
||
|
5AF0000
|
unkown
|
page read and write
|
||
|
6F40000
|
heap
|
page read and write
|
||
|
3F10000
|
unkown
|
page read and write
|
||
|
612D000
|
unkown
|
page read and write
|
||
|
994A000
|
unkown
|
page read and write
|
||
|
2414000
|
unkown
|
page read and write
|
||
|
6F30000
|
unkown
|
page read and write
|
||
|
2600000
|
unkown
|
page read and write
|
||
|
1DB6000
|
unkown
|
page read and write
|
||
|
6E66000
|
unkown
|
page read and write
|
||
|
4560000
|
unkown
|
page read and write
|
||
|
3070000
|
unkown
|
page read and write
|
||
|
1ED2000
|
unkown
|
page read and write
|
||
|
2F30000
|
unkown
|
page read and write
|
||
|
25C000
|
stack
|
page read and write
|
||
|
8440000
|
unkown
|
page execute and read and write
|
||
|
20CB000
|
heap
|
page read and write
|
||
|
48EB000
|
unkown
|
page read and write
|
||
|
2448000
|
unkown
|
page read and write
|
||
|
68C6000
|
unkown
|
page read and write
|
||
|
2EC0000
|
unkown
|
page read and write
|
||
|
9A7F000
|
unkown
|
page read and write
|
||
|
5C9B000
|
unkown
|
page read and write
|
||
|
2EC0000
|
unkown
|
page read and write
|
||
|
AD000
|
heap
|
page read and write
|
||
|
74E0000
|
unkown
|
page read and write
|
||
|
124000
|
heap
|
page read and write
|
||
|
3D72000
|
unkown
|
page read and write
|
||
|
9020000
|
heap
|
page read and write
|
||
|
3BDD000
|
unkown
|
page read and write
|
||
|
48EB000
|
unkown
|
page read and write
|
||
|
5CE0000
|
unkown
|
page read and write
|
||
|
2419000
|
unkown
|
page read and write
|
||
|
68D6000
|
unkown
|
page read and write
|
||
|
6D50000
|
unkown
|
page read and write
|
||
|
2430000
|
unkown
|
page read and write
|
||
|
245C000
|
unkown
|
page read and write
|
||
|
5B00000
|
unkown
|
page read and write
|
||
|
5A48000
|
unkown
|
page read and write
|
||
|
3F30000
|
unkown
|
page read and write
|
||
|
3DC0000
|
unkown
|
page read and write
|
||
|
49E000
|
unkown
|
page read and write
|
||
|
9370000
|
unkown
|
page read and write
|
||
|
4A10000
|
unkown
|
page read and write
|
||
|
5AF0000
|
unkown
|
page read and write
|
||
|
9352000
|
unkown
|
page read and write
|
||
|
2F20000
|
unkown
|
page read and write
|
||
|
9A7F000
|
unkown
|
page read and write
|
||
|
66F9000
|
unkown
|
page read and write
|
||
|
92D0000
|
heap
|
page read and write
|
||
|
1F42000
|
unkown
|
page read and write
|
||
|
2499000
|
unkown
|
page read and write
|
||
|
170000
|
unkown
|
page readonly
|
||
|
2F3D000
|
unkown
|
page read and write
|
||
|
5B30000
|
unkown
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
317F000
|
unkown
|
page read and write
|
||
|
1EC0000
|
unkown
|
page read and write
|
||
|
6700000
|
unkown
|
page read and write
|
||
|
6D00000
|
unkown
|
page read and write
|
||
|
6D00000
|
unkown
|
page read and write
|
||
|
2490000
|
unkown
|
page read and write
|
||
|
4660000
|
unkown
|
page read and write
|
||
|
9120000
|
heap
|
page read and write
|
||
|
5CBA000
|
unkown
|
page read and write
|
||
|
6040000
|
unkown
|
page read and write
|
||
|
320000
|
unkown
|
page read and write
|
||
|
3AB0000
|
unkown
|
page read and write
|
||
|
6128000
|
unkown
|
page read and write
|
||
|
48F0000
|
unkown
|
page read and write
|
||
|
2405000
|
unkown
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
1F10000
|
unkown
|
page read and write
|
||
|
1FB0000
|
unkown
|
page readonly
|
||
|
5B48000
|
unkown
|
page read and write
|
||
|
24E4000
|
unkown
|
page read and write
|
||
|
3C5D000
|
unkown
|
page read and write
|
||
|
2F20000
|
unkown
|
page read and write
|
||
|
5CB0000
|
unkown
|
page read and write
|
||
|
6DA0000
|
unkown
|
page read and write
|
||
|
68C6000
|
unkown
|
page read and write
|
||
|
460000
|
unkown
|
page read and write
|
||
|
1EB3000
|
unkown
|
page read and write
|
||
|
1EBC000
|
unkown
|
page read and write
|
||
|
3D96000
|
unkown
|
page read and write
|
||
|
3D6E000
|
unkown
|
page read and write
|
||
|
1FA0000
|
unkown
|
page read and write
|
||
|
68EF000
|
unkown
|
page read and write
|
||
|
4770000
|
unkown
|
page read and write
|
||
|
1F58000
|
unkown
|
page read and write
|
||
|
4050000
|
unkown
|
page read and write
|
||
|
9120000
|
unkown
|
page read and write
|
||
|
71F2000
|
unkown
|
page read and write
|
||
|
1F2E000
|
unkown
|
page read and write
|
||
|
994A000
|
unkown
|
page read and write
|
||
|
3ECB000
|
unkown
|
page read and write
|
||
|
88CF000
|
unkown
|
page read and write
|
||
|
85B0000
|
unkown
|
page execute and read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
65CA000
|
unkown
|
page read and write
|
||
|
24A0000
|
unkown
|
page readonly
|
||
|
308000
|
unkown
|
page read and write
|
||
|
450000
|
unkown
|
page read and write
|
||
|
5CC0000
|
unkown
|
page read and write
|
||
|
4A0C000
|
unkown
|
page read and write
|
||
|
6F40000
|
unkown
|
page read and write
|
||
|
5FE0000
|
unkown
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
25F0000
|
unkown
|
page read and write
|
||
|
367000
|
unkown
|
page read and write
|
||
|
9385000
|
unkown
|
page read and write
|
||
|
6900000
|
unkown
|
page read and write
|
||
|
24B0000
|
unkown
|
page read and write
|
||
|
72C0000
|
unkown
|
page read and write
|
||
|
1F60000
|
unkown
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
367000
|
heap
|
page read and write
|
||
|
2444000
|
unkown
|
page read and write
|
||
|
81E5000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4BF000
|
unkown
|
page read and write
|
||
|
843E000
|
unkown
|
page read and write
|
||
|
8F00000
|
heap
|
page read and write
|
||
|
5B46000
|
unkown
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
6D60000
|
unkown
|
page read and write
|
||
|
9080000
|
unkown
|
page read and write
|
||
|
2F3A000
|
unkown
|
page read and write
|
||
|
40000
|
unkown
|
page readonly
|
||
|
1EBC000
|
unkown
|
page read and write
|
||
|
6128000
|
unkown
|
page read and write
|
||
|
67AD000
|
unkown
|
page read and write
|
||
|
404C000
|
unkown
|
page read and write
|
||
|
5B35000
|
unkown
|
page read and write
|
||
|
25A000
|
stack
|
page read and write
|
||
|
7240000
|
unkown
|
page read and write
|
||
|
7274000
|
unkown
|
page readonly
|
||
|
3D90000
|
unkown
|
page read and write
|
||
|
20D000
|
stack
|
page read and write
|
||
|
7010000
|
unkown
|
page read and write
|
||
|
1EE0000
|
unkown
|
page read and write
|
||
|
72B7000
|
heap
|
page read and write
|
||
|
3AE0000
|
unkown
|
page readonly
|
||
|
88CF000
|
unkown
|
page read and write
|
||
|
2480000
|
unkown
|
page read and write
|
||
|
81EE000
|
unkown
|
page read and write
|
||
|
39E000
|
unkown
|
page read and write
|
||
|
3F20000
|
unkown
|
page read and write
|
||
|
6D10000
|
unkown
|
page read and write
|
||
|
5EC0000
|
heap
|
page read and write
|
||
|
4CF000
|
unkown
|
page read and write
|
||
|
4A0C000
|
unkown
|
page read and write
|
||
|
124000
|
unkown
|
page read and write
|
||
|
2419000
|
unkown
|
page read and write
|
||
|
6060000
|
unkown
|
page read and write
|
||
|
5A48000
|
unkown
|
page read and write
|
||
|
3F00000
|
unkown
|
page read and write
|
||
|
5A40000
|
unkown
|
page read and write
|
||
|
7270000
|
unkown
|
page readonly
|
||
|
67AD000
|
unkown
|
page read and write
|
||
|
6DB0000
|
unkown
|
page read and write
|
||
|
68D6000
|
unkown
|
page read and write
|
||
|
5FD0000
|
unkown
|
page readonly
|
||
|
6D60000
|
unkown
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
2496000
|
unkown
|
page read and write
|
||
|
317F000
|
unkown
|
page read and write
|
||
|
27F000
|
stack
|
page read and write
|
||
|
1FA0000
|
unkown
|
page read and write
|
||
|
408000
|
heap
|
page read and write
|
||
|
48F0000
|
unkown
|
page read and write
|
||
|
7140000
|
unkown
|
page read and write
|
||
|
2F3F000
|
unkown
|
page read and write
|
||
|
6120000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2111000
|
unkown
|
page read and write
|
||
|
24B0000
|
unkown
|
page read and write
|
||
|
683E000
|
unkown
|
page execute and read and write
|
||
|
72B4000
|
unkown
|
page read and write
|
||
|
2F28000
|
unkown
|
page read and write
|
||
|
7000000
|
unkown
|
page read and write
|
||
|
3050000
|
unkown
|
page read and write
|
||
|
2F12000
|
unkown
|
page read and write
|
||
|
5F78000
|
unkown
|
page read and write
|
||
|
7FEFE990000
|
unkown
|
page execute read
|
||
|
60F0000
|
unkown
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
1F50000
|
unkown
|
page read and write
|
||
|
81E5000
|
unkown
|
page read and write
|
||
|
4733000
|
unkown
|
page read and write
|
||
|
5B35000
|
heap
|
page read and write
|
||
|
2490000
|
unkown
|
page read and write
|
||
|
71C0000
|
unkown
|
page read and write
|
||
|
67CF000
|
unkown
|
page read and write
|
||
|
2526000
|
unkown
|
page read and write
|
||
|
71B0000
|
unkown
|
page read and write
|
||
|
5CE0000
|
heap
|
page read and write
|
||
|
7190000
|
unkown
|
page read and write
|
||
|
9C0E000
|
unkown
|
page read and write
|
||
|
496000
|
unkown
|
page read and write
|
||
|
6130000
|
unkown
|
page read and write
|
||
|
138000
|
unkown
|
page read and write
|
There are 585 hidden memdumps, click here to show them.