Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Exploit.CVE-2018-0798.4.1674.19041.rtf
|
Rich Text Format data, version 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1BC0D30C-906E-41DA-A53D-99EC4AE5726E
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\APASixthEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\CHICAGO.XSL
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GB.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostName.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\GostTitle.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\HarvardAnglia2008OfficeOnline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\IEEE2006OfficeOnline.xsl
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\ISO690Nmerical.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\SIST02.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Bibliography\Style\TURABIAN.XSL
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.CVE-2018-0798.4.1674.19041.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 16 21:54:42
2022, mtime=Wed Nov 30 07:33:06 2022, atime=Wed Nov 30 07:33:01 2022, length=23332, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
Generic INItialization configuration [folders]
|
modified
|
||
|
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.CVE-2018-0798.4.1674.19041.rtf
|
data
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://api.scheduler.
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://messaging.lifecycle.office.com/getcustommessage16
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
||
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.action.office.com/
|
unknown
|
||
|
https://ncus.pagecontentsync.
|
unknown
|
||
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
00.
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
10.
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Wizards
|
PageSize
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\MailSettings
|
Template
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
FirstRunOnRTM
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
}:.
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\1C715
|
1C715
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033
|
Options Version
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
|
Name
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
|
Data
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
|
Name
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
|
Data
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
There are 46 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
27F2B280000
|
heap
|
page read and write
|
||
|
25106293000
|
heap
|
page read and write
|
||
|
B0062FD000
|
stack
|
page read and write
|
||
|
FEBFBAE000
|
stack
|
page read and write
|
||
|
1FE8F600000
|
heap
|
page read and write
|
||
|
27F2B431000
|
heap
|
page read and write
|
||
|
EB8DC79000
|
stack
|
page read and write
|
||
|
2D33D441000
|
heap
|
page read and write
|
||
|
27F2B46D000
|
heap
|
page read and write
|
||
|
27F2B446000
|
heap
|
page read and write
|
||
|
27F2B432000
|
heap
|
page read and write
|
||
|
1182FFE000
|
stack
|
page read and write
|
||
|
1C4A9642000
|
heap
|
page read and write
|
||
|
1C4A9E02000
|
heap
|
page read and write
|
||
|
27F2B46B000
|
heap
|
page read and write
|
||
|
25106A02000
|
heap
|
page read and write
|
||
|
B00617E000
|
stack
|
page read and write
|
||
|
2D33DE02000
|
trusted library allocation
|
page read and write
|
||
|
53F057F000
|
stack
|
page read and write
|
||
|
27F2B45F000
|
heap
|
page read and write
|
||
|
2510638C000
|
heap
|
page read and write
|
||
|
25106B6F000
|
heap
|
page read and write
|
||
|
F4069FE000
|
stack
|
page read and write
|
||
|
F406EFE000
|
stack
|
page read and write
|
||
|
1FE8F658000
|
heap
|
page read and write
|
||
|
27F2BC02000
|
trusted library allocation
|
page read and write
|
||
|
25106B22000
|
heap
|
page read and write
|
||
|
25106277000
|
heap
|
page read and write
|
||
|
F406AFD000
|
stack
|
page read and write
|
||
|
1FE8F430000
|
heap
|
page read and write
|
||
|
1FE8F640000
|
heap
|
page read and write
|
||
|
53F07FA000
|
stack
|
page read and write
|
||
|
1FE8F560000
|
remote allocation
|
page read and write
|
||
|
1C4A96CC000
|
heap
|
page read and write
|
||
|
1182B1C000
|
stack
|
page read and write
|
||
|
27F2B3F0000
|
trusted library allocation
|
page read and write
|
||
|
27F2B47E000
|
heap
|
page read and write
|
||
|
53F08FE000
|
stack
|
page read and write
|
||
|
2510626F000
|
heap
|
page read and write
|
||
|
53F0AFF000
|
stack
|
page read and write
|
||
|
118317E000
|
stack
|
page read and write
|
||
|
1FBB9637000
|
heap
|
page read and write
|
||
|
1FBB9653000
|
heap
|
page read and write
|
||
|
27F2B484000
|
heap
|
page read and write
|
||
|
FEBFB2B000
|
stack
|
page read and write
|
||
|
27F2B290000
|
heap
|
page read and write
|
||
|
EB8DB7C000
|
stack
|
page read and write
|
||
|
251063E5000
|
heap
|
page read and write
|
||
|
25106264000
|
heap
|
page read and write
|
||
|
118357F000
|
stack
|
page read and write
|
||
|
25106295000
|
heap
|
page read and write
|
||
|
25106C02000
|
heap
|
page read and write
|
||
|
EB8D87B000
|
stack
|
page read and write
|
||
|
FEC00FE000
|
stack
|
page read and write
|
||
|
1C4A9F00000
|
heap
|
page read and write
|
||
|
1FE8F560000
|
remote allocation
|
page read and write
|
||
|
2D33D513000
|
heap
|
page read and write
|
||
|
1C4A96BB000
|
heap
|
page read and write
|
||
|
1FBB9613000
|
heap
|
page read and write
|
||
|
F40616B000
|
stack
|
page read and write
|
||
|
25106200000
|
heap
|
page read and write
|
||
|
1FBB9644000
|
heap
|
page read and write
|
||
|
1FBB9602000
|
heap
|
page read and write
|
||
|
1C4A9688000
|
heap
|
page read and write
|
||
|
27F2B477000
|
heap
|
page read and write
|
||
|
53F0B7E000
|
stack
|
page read and write
|
||
|
25106B94000
|
heap
|
page read and write
|
||
|
1FE8F3D0000
|
heap
|
page read and write
|
||
|
27F2B461000
|
heap
|
page read and write
|
||
|
11832FE000
|
stack
|
page read and write
|
||
|
25106B02000
|
heap
|
page read and write
|
||
|
F4066FC000
|
stack
|
page read and write
|
||
|
FEBFFFE000
|
stack
|
page read and write
|
||
|
1FBBA002000
|
trusted library allocation
|
page read and write
|
||
|
25106255000
|
heap
|
page read and write
|
||
|
25106C00000
|
heap
|
page read and write
|
||
|
F406BFE000
|
stack
|
page read and write
|
||
|
1FE8F602000
|
heap
|
page read and write
|
||
|
2D33D42A000
|
heap
|
page read and write
|
||
|
F406FFF000
|
stack
|
page read and write
|
||
|
1FBB9649000
|
heap
|
page read and write
|
||
|
27F2B458000
|
heap
|
page read and write
|
||
|
F406DFE000
|
stack
|
page read and write
|
||
|
2D33D45C000
|
heap
|
page read and write
|
||
|
1C4A9629000
|
heap
|
page read and write
|
||
|
27F2B42E000
|
heap
|
page read and write
|
||
|
B005D7C000
|
stack
|
page read and write
|
||
|
27F2B47A000
|
heap
|
page read and write
|
||
|
25106268000
|
heap
|
page read and write
|
||
|
27F2B457000
|
heap
|
page read and write
|
||
|
2510625A000
|
heap
|
page read and write
|
||
|
1C4A96E6000
|
heap
|
page read and write
|
||
|
1FBB9702000
|
heap
|
page read and write
|
||
|
2D33D413000
|
heap
|
page read and write
|
||
|
2D33DC80000
|
trusted library allocation
|
page read and write
|
||
|
1FBB963D000
|
heap
|
page read and write
|
||
|
1FE8F635000
|
heap
|
page read and write
|
||
|
25106070000
|
heap
|
page read and write
|
||
|
53F067B000
|
stack
|
page read and write
|
||
|
27F2B444000
|
heap
|
page read and write
|
||
|
27F2B440000
|
heap
|
page read and write
|
||
|
27F2B44E000
|
heap
|
page read and write
|
||
|
FEC01FF000
|
stack
|
page read and write
|
||
|
B0065FE000
|
stack
|
page read and write
|
||
|
53F027C000
|
stack
|
page read and write
|
||
|
B005CFE000
|
stack
|
page read and write
|
||
|
1C4A93F0000
|
heap
|
page read and write
|
||
|
F4068FE000
|
stack
|
page read and write
|
||
|
1FE8FE02000
|
trusted library allocation
|
page read and write
|
||
|
2D33D402000
|
heap
|
page read and write
|
||
|
EB8DD7F000
|
stack
|
page read and write
|
||
|
27F2B429000
|
heap
|
page read and write
|
||
|
25106B00000
|
heap
|
page read and write
|
||
|
251063B9000
|
heap
|
page read and write
|
||
|
1C4A96E1000
|
heap
|
page read and write
|
||
|
F40657B000
|
stack
|
page read and write
|
||
|
1C4A9670000
|
heap
|
page read and write
|
||
|
11833FD000
|
stack
|
page read and write
|
||
|
B0064FC000
|
stack
|
page read and write
|
||
|
2510628E000
|
heap
|
page read and write
|
||
|
251061D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE8F702000
|
heap
|
page read and write
|
||
|
25106313000
|
heap
|
page read and write
|
||
|
2D33D46A000
|
heap
|
page read and write
|
||
|
2D33D3E0000
|
heap
|
page read and write
|
||
|
27F2B442000
|
heap
|
page read and write
|
||
|
2D33D502000
|
heap
|
page read and write
|
||
|
27F2B43A000
|
heap
|
page read and write
|
||
|
2510628A000
|
heap
|
page read and write
|
||
|
2510626A000
|
heap
|
page read and write
|
||
|
11834FD000
|
stack
|
page read and write
|
||
|
B0061FB000
|
stack
|
page read and write
|
||
|
27F2B502000
|
heap
|
page read and write
|
||
|
1C4A9F32000
|
heap
|
page read and write
|
||
|
2D33D380000
|
heap
|
page read and write
|
||
|
F4067FF000
|
stack
|
page read and write
|
||
|
1C4A9702000
|
heap
|
page read and write
|
||
|
118307E000
|
stack
|
page read and write
|
||
|
27F2B441000
|
heap
|
page read and write
|
||
|
1C4A9560000
|
trusted library allocation
|
page read and write
|
||
|
25106060000
|
heap
|
page read and write
|
||
|
B00591B000
|
stack
|
page read and write
|
||
|
1FE8F3C0000
|
heap
|
page read and write
|
||
|
27F2B475000
|
heap
|
page read and write
|
||
|
1C4A9713000
|
heap
|
page read and write
|
||
|
1FBB9629000
|
heap
|
page read and write
|
||
|
F406CFF000
|
stack
|
page read and write
|
||
|
B00607F000
|
stack
|
page read and write
|
||
|
27F2B45A000
|
heap
|
page read and write
|
||
|
B0063FE000
|
stack
|
page read and write
|
||
|
27F2B474000
|
heap
|
page read and write
|
||
|
25106253000
|
heap
|
page read and write
|
||
|
FEBFE7E000
|
stack
|
page read and write
|
||
|
251069A0000
|
trusted library allocation
|
page read and write
|
||
|
25106266000
|
heap
|
page read and write
|
||
|
27F2B462000
|
heap
|
page read and write
|
||
|
2D33D479000
|
heap
|
page read and write
|
||
|
27F2B2F0000
|
heap
|
page read and write
|
||
|
27F2B47B000
|
heap
|
page read and write
|
||
|
25106B54000
|
heap
|
page read and write
|
||
|
118327D000
|
stack
|
page read and write
|
||
|
27F2B43D000
|
heap
|
page read and write
|
||
|
27F2B46A000
|
heap
|
page read and write
|
||
|
1FBB9560000
|
trusted library allocation
|
page read and write
|
||
|
27F2B400000
|
heap
|
page read and write
|
||
|
27F2B413000
|
heap
|
page read and write
|
||
|
25106243000
|
heap
|
page read and write
|
||
|
B005F7C000
|
stack
|
page read and write
|
||
|
1FE8F629000
|
heap
|
page read and write
|
||
|
27F2B449000
|
heap
|
page read and write
|
||
|
27F2B467000
|
heap
|
page read and write
|
||
|
25106BB2000
|
heap
|
page read and write
|
||
|
25106C23000
|
heap
|
page read and write
|
||
|
25106213000
|
heap
|
page read and write
|
||
|
53F0C7E000
|
stack
|
page read and write
|
||
|
27F2B459000
|
heap
|
page read and write
|
||
|
25106B22000
|
heap
|
page read and write
|
||
|
FEC02FF000
|
stack
|
page read and write
|
||
|
1C4A9613000
|
heap
|
page read and write
|
||
|
25106C27000
|
heap
|
page read and write
|
||
|
27F2B445000
|
heap
|
page read and write
|
||
|
25106C30000
|
heap
|
page read and write
|
||
|
1FBB94E0000
|
heap
|
page read and write
|
||
|
27F2B432000
|
heap
|
page read and write
|
||
|
2D33D400000
|
heap
|
page read and write
|
||
|
2D33D370000
|
heap
|
page read and write
|
||
|
1FE8F560000
|
remote allocation
|
page read and write
|
||
|
53F09FE000
|
stack
|
page read and write
|
||
|
1FBB9624000
|
heap
|
page read and write
|
||
|
1FBB9600000
|
heap
|
page read and write
|
||
|
25106229000
|
heap
|
page read and write
|
||
|
25106BBE000
|
heap
|
page read and write
|
||
|
1C4A9400000
|
heap
|
page read and write
|
||
|
53F06F9000
|
stack
|
page read and write
|
||
|
25106BC9000
|
heap
|
page read and write
|
||
|
1FE8F530000
|
trusted library allocation
|
page read and write
|
||
|
27F2B460000
|
heap
|
page read and write
|
||
|
25106C13000
|
heap
|
page read and write
|
||
|
1C4A9600000
|
heap
|
page read and write
|
||
|
1FBB94D0000
|
heap
|
page read and write
|
||
|
1FBB962E000
|
heap
|
page read and write
|
||
|
27F2B42D000
|
heap
|
page read and write
|
||
|
1FE8F613000
|
heap
|
page read and write
|
||
|
1FBB9530000
|
heap
|
page read and write
|
||
|
53F047A000
|
stack
|
page read and write
|
||
|
2D33D43D000
|
heap
|
page read and write
|
||
|
1C4A9460000
|
heap
|
page read and write
|
||
|
EB8DA7F000
|
stack
|
page read and write
|
||
|
25106B43000
|
heap
|
page read and write
|
||
|
27F2B45C000
|
heap
|
page read and write
|
||
|
1C4A96C4000
|
heap
|
page read and write
|
||
|
25106274000
|
heap
|
page read and write
|
||
|
251060D0000
|
heap
|
page read and write
|
||
|
2510623C000
|
heap
|
page read and write
|
There are 204 hidden memdumps, click here to show them.