Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yFwFFUG8b5.rtf
|
Rich Text Format data, version 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\32597437-DE6A-41FE-94A8-35F06685A9D8
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{BC756FC3-E405-47FA-B8A9-6E6B44BDC6EF}.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DC50A48E-EAAC-47AF-9927-355728D16EDF}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{F99806D6-F16F-4DA6-B3B6-FC251D46CB10}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\yFwFFUG8b5.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 16:56:03
2023, mtime=Tue Sep 5 09:38:50 2023, atime=Tue Sep 5 09:38:46 2023, length=104980, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\~$wFFUG8b5.rtf
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://wsvdyhrgebwhevawe.ydns.eu/fileone/Fnvtdhenapsfwu.exej
|
unknown
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://www.yammer.com
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://api.scheduler.
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://substrate.office.com
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://consent.config.office.com/consentcheckin/v1.0/consents
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://d.docs.live.net
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://pushchannel.1drv.ms
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://make.powerautomate.com
|
unknown
|
||
|
https://api.addins.omex.office.net/api/addins/search
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://login.windows.local
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://login.microsoftonline.com
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://messaging.lifecycle.office.com/getcustommessage16
|
unknown
|
||
|
https://api.officescripts.microsoftusercontent.com/api
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
rd?
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
sd?
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
og?
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
sk?
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\24DAA
|
24DAA
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Custom Dictionaries
|
UpdateComplete
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033
|
Options Version
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
|
Name
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 0
|
Data
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
|
Name
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\Grammar\MSGrammar\3.1\1033\Option Set 1
|
Data
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2BC81
|
2BC81
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
File Path
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Datetime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Position
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
VisiFlm
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
AutoGrammar
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
AutosaveInterval
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
PreferredView
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2BC81
|
2BC81
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Data
|
Settings
|
There are 65 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
890829B000
|
stack
|
page read and write
|
||
|
2708978F000
|
heap
|
page read and write
|
||
|
270897F9000
|
heap
|
page read and write
|
||
|
2708978D000
|
heap
|
page read and write
|
||
|
270897B0000
|
heap
|
page read and write
|
||
|
27089783000
|
heap
|
page read and write
|
||
|
2708977F000
|
heap
|
page read and write
|
||
|
27089772000
|
heap
|
page read and write
|
||
|
27089790000
|
heap
|
page read and write
|
||
|
23CE5940000
|
heap
|
page read and write
|
||
|
26975E52000
|
heap
|
page read and write
|
||
|
27088CEC000
|
heap
|
page read and write
|
||
|
27089C00000
|
heap
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
2708978F000
|
heap
|
page read and write
|
||
|
97A8A7A000
|
stack
|
page read and write
|
||
|
2708976D000
|
heap
|
page read and write
|
||
|
270897AA000
|
heap
|
page read and write
|
||
|
2708971B000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
270897B0000
|
heap
|
page read and write
|
||
|
23CE58C0000
|
heap
|
page read and write
|
||
|
2708979E000
|
heap
|
page read and write
|
||
|
89086F9000
|
stack
|
page read and write
|
||
|
1B8F3C60000
|
trusted library allocation
|
page read and write
|
||
|
7123DFB000
|
stack
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
6AB487B000
|
stack
|
page read and write
|
||
|
270897FD000
|
heap
|
page read and write
|
||
|
6AB49F7000
|
stack
|
page read and write
|
||
|
27088CD7000
|
heap
|
page read and write
|
||
|
27089781000
|
heap
|
page read and write
|
||
|
26975E13000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
6AB4AFE000
|
stack
|
page read and write
|
||
|
890839E000
|
stack
|
page read and write
|
||
|
27089781000
|
heap
|
page read and write
|
||
|
1B8F3C50000
|
heap
|
page read and write
|
||
|
27089761000
|
heap
|
page read and write
|
||
|
27088C3C000
|
heap
|
page read and write
|
||
|
1B8F4080000
|
heap
|
page read and write
|
||
|
2708978D000
|
heap
|
page read and write
|
||
|
23CE59A9000
|
heap
|
page read and write
|
||
|
27088D02000
|
heap
|
page read and write
|
||
|
27088CDC000
|
heap
|
page read and write
|
||
|
27088C2C000
|
heap
|
page read and write
|
||
|
1B8F4090000
|
trusted library allocation
|
page read and write
|
||
|
2708978D000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
27088C00000
|
heap
|
page read and write
|
||
|
27088C29000
|
heap
|
page read and write
|
||
|
270897B1000
|
heap
|
page read and write
|
||
|
1B8F4CE0000
|
trusted library allocation
|
page read and write
|
||
|
27089749000
|
heap
|
page read and write
|
||
|
26975E66000
|
heap
|
page read and write
|
||
|
26975E79000
|
heap
|
page read and write
|
||
|
2708977E000
|
heap
|
page read and write
|
||
|
2708978D000
|
heap
|
page read and write
|
||
|
26976802000
|
trusted library allocation
|
page read and write
|
||
|
97A8CFE000
|
stack
|
page read and write
|
||
|
27088D08000
|
heap
|
page read and write
|
||
|
27088CA1000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
26975E5E000
|
heap
|
page read and write
|
||
|
1B8F4A90000
|
trusted library allocation
|
page read and write
|
||
|
26976690000
|
trusted library allocation
|
page read and write
|
||
|
97A8AFE000
|
stack
|
page read and write
|
||
|
2708978F000
|
heap
|
page read and write
|
||
|
1B8F4A42000
|
trusted library allocation
|
page read and write
|
||
|
71243FF000
|
stack
|
page read and write
|
||
|
26975E8D000
|
heap
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
27089773000
|
heap
|
page read and write
|
||
|
27089C03000
|
heap
|
page read and write
|
||
|
270897F7000
|
heap
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
1B8F4D10000
|
trusted library allocation
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
1B8F3DEF000
|
heap
|
page read and write
|
||
|
1B8F4AA0000
|
trusted library allocation
|
page read and write
|
||
|
26975F13000
|
heap
|
page read and write
|
||
|
1B8F3DA8000
|
heap
|
page read and write
|
||
|
27088C4D000
|
heap
|
page read and write
|
||
|
26975E2D000
|
heap
|
page read and write
|
||
|
1B8F3DB1000
|
heap
|
page read and write
|
||
|
270897FB000
|
heap
|
page read and write
|
||
|
27089770000
|
heap
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
2708979E000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
2708978E000
|
heap
|
page read and write
|
||
|
890877E000
|
stack
|
page read and write
|
||
|
27088CE4000
|
heap
|
page read and write
|
||
|
23CE59DF000
|
heap
|
page read and write
|
||
|
1B8F4A40000
|
trusted library allocation
|
page read and write
|
||
|
27089772000
|
heap
|
page read and write
|
||
|
26975E29000
|
heap
|
page read and write
|
||
|
2708974E000
|
heap
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
27088CAD000
|
heap
|
page read and write
|
||
|
26975D80000
|
heap
|
page read and write
|
||
|
27088D13000
|
heap
|
page read and write
|
||
|
26975E3C000
|
heap
|
page read and write
|
||
|
26975E61000
|
heap
|
page read and write
|
||
|
23CE59A7000
|
heap
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
27089774000
|
heap
|
page read and write
|
||
|
27088C52000
|
heap
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
890831D000
|
stack
|
page read and write
|
||
|
27088C85000
|
heap
|
page read and write
|
||
|
27089540000
|
remote allocation
|
page read and write
|
||
|
27089540000
|
remote allocation
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
7123C7E000
|
stack
|
page read and write
|
||
|
26975F08000
|
heap
|
page read and write
|
||
|
1B8F4089000
|
heap
|
page read and write
|
||
|
270897A0000
|
heap
|
page read and write
|
||
|
270897A0000
|
heap
|
page read and write
|
||
|
27089774000
|
heap
|
page read and write
|
||
|
2708979E000
|
heap
|
page read and write
|
||
|
27088B70000
|
heap
|
page read and write
|
||
|
27088CC8000
|
heap
|
page read and write
|
||
|
1B8F4CC0000
|
unclassified section
|
page read and write
|
||
|
27089770000
|
heap
|
page read and write
|
||
|
270897FB000
|
heap
|
page read and write
|
||
|
26975E00000
|
heap
|
page read and write
|
||
|
23CE5920000
|
heap
|
page read and write
|
||
|
27088C6E000
|
heap
|
page read and write
|
||
|
27088CB2000
|
heap
|
page read and write
|
||
|
27088CC1000
|
heap
|
page read and write
|
||
|
23CE59B1000
|
heap
|
page read and write
|
||
|
270897A0000
|
heap
|
page read and write
|
||
|
27089C1C000
|
heap
|
page read and write
|
||
|
1B8F4CF0000
|
heap
|
page readonly
|
||
|
1B8F3DEF000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
6AB4BFD000
|
stack
|
page read and write
|
||
|
270897FD000
|
heap
|
page read and write
|
||
|
27089783000
|
heap
|
page read and write
|
||
|
26975DF0000
|
heap
|
page read and write
|
||
|
6AB434C000
|
stack
|
page read and write
|
||
|
23CE59E0000
|
heap
|
page read and write
|
||
|
27089770000
|
heap
|
page read and write
|
||
|
27088B80000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
27089790000
|
heap
|
page read and write
|
||
|
23CE59A0000
|
heap
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
1B8F3EC0000
|
heap
|
page read and write
|
||
|
27089773000
|
heap
|
page read and write
|
||
|
27089776000
|
heap
|
page read and write
|
||
|
1B8F3DA0000
|
heap
|
page read and write
|
||
|
97A8C7A000
|
stack
|
page read and write
|
||
|
890887F000
|
stack
|
page read and write
|
||
|
2708977A000
|
heap
|
page read and write
|
||
|
7124077000
|
stack
|
page read and write
|
||
|
7123F7F000
|
stack
|
page read and write
|
||
|
23CE5CE0000
|
heap
|
page read and write
|
||
|
27089602000
|
heap
|
page read and write
|
||
|
26975F00000
|
heap
|
page read and write
|
||
|
26975F02000
|
heap
|
page read and write
|
||
|
23CE59B6000
|
heap
|
page read and write
|
||
|
270897F7000
|
heap
|
page read and write
|
||
|
270897FD000
|
heap
|
page read and write
|
||
|
27089C02000
|
heap
|
page read and write
|
||
|
26975E84000
|
heap
|
page read and write
|
||
|
97A8BF9000
|
stack
|
page read and write
|
||
|
1B8F4A4A000
|
trusted library allocation
|
page read and write
|
||
|
6AB48FE000
|
stack
|
page read and write
|
||
|
1B8F4A30000
|
trusted library allocation
|
page read and write
|
||
|
27089750000
|
heap
|
page read and write
|
||
|
7124278000
|
stack
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
7123EFB000
|
stack
|
page read and write
|
||
|
27088C70000
|
heap
|
page read and write
|
||
|
270897FD000
|
heap
|
page read and write
|
||
|
270897A0000
|
heap
|
page read and write
|
||
|
270897FB000
|
heap
|
page read and write
|
||
|
6AB477B000
|
stack
|
page read and write
|
||
|
270897FD000
|
heap
|
page read and write
|
||
|
6AB43CE000
|
stack
|
page read and write
|
||
|
26975E79000
|
heap
|
page read and write
|
||
|
2708976E000
|
heap
|
page read and write
|
||
|
1B8F4A20000
|
trusted library allocation
|
page read and write
|
||
|
2708977E000
|
heap
|
page read and write
|
||
|
27088CA8000
|
heap
|
page read and write
|
||
|
27088BE0000
|
heap
|
page read and write
|
||
|
27089722000
|
heap
|
page read and write
|
||
|
27089700000
|
heap
|
page read and write
|
||
|
2708978E000
|
heap
|
page read and write
|
||
|
23CE5CE5000
|
heap
|
page read and write
|
||
|
27088C6E000
|
heap
|
page read and write
|
||
|
26975E5B000
|
heap
|
page read and write
|
||
|
1B8F4D00000
|
trusted library allocation
|
page read and write
|
||
|
27088D16000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
1B8F3DF0000
|
heap
|
page read and write
|
||
|
27089772000
|
heap
|
page read and write
|
||
|
27088C4B000
|
heap
|
page read and write
|
||
|
7124379000
|
stack
|
page read and write
|
||
|
26975E02000
|
heap
|
page read and write
|
||
|
97A8B7F000
|
stack
|
page read and write
|
||
|
1B8F4A44000
|
trusted library allocation
|
page read and write
|
||
|
270897FB000
|
heap
|
page read and write
|
||
|
27088C89000
|
heap
|
page read and write
|
||
|
27089719000
|
heap
|
page read and write
|
||
|
1B8F4D30000
|
unkown
|
page read and write
|
||
|
1B8F4D60000
|
trusted library allocation
|
page read and write
|
||
|
6AB467E000
|
stack
|
page read and write
|
||
|
7123CFE000
|
stack
|
page read and write
|
||
|
27088C55000
|
heap
|
page read and write
|
||
|
23CE59C6000
|
heap
|
page read and write
|
||
|
23CE59C7000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
97A8D7D000
|
stack
|
page read and write
|
||
|
1B8F4085000
|
heap
|
page read and write
|
||
|
71244FC000
|
stack
|
page read and write
|
||
|
2708977F000
|
heap
|
page read and write
|
||
|
1B8F3EA0000
|
heap
|
page read and write
|
||
|
270897F1000
|
heap
|
page read and write
|
||
|
27089C02000
|
heap
|
page read and write
|
||
|
1B8F4A46000
|
trusted library allocation
|
page read and write
|
||
|
71239BC000
|
stack
|
page read and write
|
||
|
89087F9000
|
stack
|
page read and write
|
||
|
26975D90000
|
heap
|
page read and write
|
||
|
2708977C000
|
heap
|
page read and write
|
||
|
270897F9000
|
heap
|
page read and write
|
||
|
27089540000
|
remote allocation
|
page read and write
|
||
|
890867A000
|
stack
|
page read and write
|
||
|
27089771000
|
heap
|
page read and write
|
||
|
27088C13000
|
heap
|
page read and write
|
||
|
1B8F3DE9000
|
heap
|
page read and write
|
||
|
270897F7000
|
heap
|
page read and write
|
||
|
27088C4F000
|
heap
|
page read and write
|
||
|
27088CFA000
|
heap
|
page read and write
|
||
|
270897F9000
|
heap
|
page read and write
|
||
|
1B8F3DE8000
|
heap
|
page read and write
|
||
|
27089480000
|
trusted library allocation
|
page read and write
|
||
|
712417E000
|
stack
|
page read and write
|
||
|
27088CE1000
|
heap
|
page read and write
|
||
|
2708979E000
|
heap
|
page read and write
|
There are 234 hidden memdumps, click here to show them.