IOC Report

loading gif

Files

File Path
Type
Category
Malicious
sample20220124-01.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: VETTORE BRT S.P.A., Create Time/Date: Mon Jan 24 08:04:38 2022, Last Saved Time/Date: Mon Jan 24 08:04:41 2022, Security: 0, Comments: DATA ORA
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\958B8392-5DD4-4333-8B8D-A800E81F435C
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\~DF4020A80B58AC9E01.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DF487FAA2431CA0C2F.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\41FF.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\~DF12FD691A8C519DA7.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF53CCF8CC4483A0FB.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFA1A8704CE37CB6FE.TMP
data
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding

URLs

Name
IP
Malicious
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://shell.suite.office.com:1443
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://autodiscover-s.outlook.com/
unknown
https://roaming.edog.
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://powerlift.acompli.net
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://cortana.ai
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://cloudfiles.onenote.com/upload.aspx
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://entitlement.diagnosticssdf.office.com
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
https://api.aadrm.com/
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
https://portal.office.com/account/?ref=ClientMeControl
unknown
https://graph.ppe.windows.net
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://powerlift-frontdesk.acompli.net
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
https://store.office.cn/addinstemplate
unknown
https://api.aadrm.com
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
https://globaldisco.crm.dynamics.com
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://dev0-api.acompli.net/autodetect
unknown
https://www.odwebp.svc.ms
unknown
https://api.diagnosticssdf.office.com/v2/feedback
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://dataservice.o365filtering.com/
unknown
https://officesetup.getmicrosoftkey.com
unknown
https://analysis.windows.net/powerbi/api
unknown
https://prod-global-autodetect.acompli.net/autodetect
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://ncus.contentsync.
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://apis.live.net/v5.0/
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://management.azure.com
unknown
https://outlook.office365.com
unknown
https://wus2.contentsync.
unknown
https://incidents.diagnostics.office.com
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://insertmedia.bing.office.net/odc/insertmedia
unknown
https://o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://api.office.net
unknown
https://incidents.diagnosticssdf.office.com
unknown
https://asgsmsproxyapi.azurewebsites.net/
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://substrate.office.com/search/api/v2/init
unknown
https://outlook.office.com/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://outlook.office365.com/
unknown
https://webshell.suite.office.com
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://management.azure.com/
unknown
https://login.windows.net/common/oauth2/authorize
unknown
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://graph.windows.net/
unknown
https://api.powerbi.com/beta/myorg/imports
unknown
https://devnull.onenote.com
unknown
https://ncus.pagecontentsync.
unknown
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
https://messaging.office.com/
unknown
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://augloop.office.com/v2
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://clients.config.office.net/user/v1.0/mac
unknown
https://dataservice.o365filtering.com
unknown
https://api.cortana.ai
unknown
https://onedrive.live.com
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
b%2
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
c%2
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSForms
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSComctlLib
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\4BE5C
4BE5C
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
b/2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
EXCELFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
.s(
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DF28
2DF28
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
!x(
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34B33
34B33
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\352A2
352A2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
There are 82 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
109759F000
stack
page read and write
7FF54BCEE000
unkown image
page readonly
7FF5AAEA4000
unkown image
page readonly
285F558D000
unkown
page read and write
7DF5C01F0000
unkown image
page readonly
285F55D0000
unkown
page read and write
29E9B640000
unkown image
page readonly
7DF5C01E0000
unkown image
page readonly
7FF534A74000
unkown image
page readonly
285F4CAC000
unkown
page read and write
2EC44350000
unkown image
page readonly
29E9B900000
unkown
page read and write
285F55B6000
unkown
page read and write
2EC448D0000
unkown image
page readonly
7FF5AB09F000
unkown image
page readonly
7DF5355C2000
unkown image
page readonly
14890251000
unkown
page read and write
FAEC3FE000
stack
page read and write
29E9B660000
heap default
page read and write
7FF54B53E000
unkown image
page readonly
2EC446D0000
unkown image
page readonly
285F551E000
unkown
page read and write
2EC4444D000
unkown
page read and write
7FF51DFB1000
unkown image
page readonly
285F5270000
unkown
page read and write
7FF5AAF07000
unkown image
page readonly
7DF560E72000
unkown image
page readonly
2EC443B0000
unkown image
page readonly
29E9B600000
heap private
page read and write
285F5574000
unkown
page read and write
285F5559000
unkown
page read and write
7FF520477000
unkown image
page readonly
1B8D7110000
unkown
page read and write
7DF5C01E2000
unkown image
page readonly
285F4AA0000
unkown image
page read and write
7FF51E1C2000
unkown image
page readonly
7FF51E1B4000
unkown image
page readonly
14890247000
unkown
page read and write
7FF534AAD000
unkown image
page readonly
7FF51E13E000
unkown image
page readonly
285F559E000
unkown
page read and write
7DF533260000
unkown image
page readonly
7DF560E80000
unkown image
page readonly
7FF51DFCE000
unkown image
page readonly
1B8D6FC0000
unkown image
page read and write
285F55AB000
unkown
page read and write
7FF5AAC87000
unkown image
page readonly
14890288000
unkown
page read and write
285F52C0000
unkown image
page write copy
285F4C2D000
unkown
page read and write
7FF51E146000
unkown image
page readonly
7DF447A70000
unkown image
page readonly
285F5558000
unkown
page read and write
1489024B000
unkown
page read and write
7DF5355C0000
unkown image
page readonly
7FF54BBB1000
unkown image
page readonly
7FF52048A000
unkown image
page readonly
7DF5355C0000
unkown image
page readonly
1B8D7146000
unkown
page read and write
FAEC1FF000
stack
page read and write
D81CC7F000
stack
page read and write
7FF54BCEA000
unkown image
page readonly
285F558D000
unkown
page read and write
7DF5355D0000
unkown image
page readonly
7FF5AA972000
unkown image
page readonly
14890040000
unkown image
page readonly
7DF5355C2000
unkown image
page readonly
29E9B5F0000
unkown image
page read and write
FAEC2F7000
stack
page read and write
7FF54BD44000
unkown image
page readonly
7FF51E0BC000
unkown image
page readonly
285F4D13000
unkown
page read and write
285F4AB0000
heap private
page read and write
7FF51DFCB000
unkown image
page readonly
7FF5203AC000
unkown image
page readonly
7FF54BB41000
unkown image
page readonly
285F5589000
unkown
page read and write
7FF52033B000
unkown image
page readonly
2F9807F000
stack
page read and write
285F4C72000
unkown
page read and write
1B8D7172000
unkown
page read and write
2EC44447000
unkown
page read and write
7FF52042C000
unkown image
page readonly
7DF533252000
unkown image
page readonly
7FF520440000
unkown image
page readonly
29E9B854000
unkown
page read and write
1B8D715F000
unkown
page read and write
2F978AB000
unkown
page read and write
14890300000
unkown
page read and write
7FF5AAC85000
unkown image
page readonly
285F4AC0000
unkown image
page readonly
EC294FE000
stack
page read and write
2EC4444B000
unkown
page read and write
7FF54BD3A000
unkown image
page readonly
29E9B902000
unkown
page read and write
7FF51D7F5000
unkown image
page readonly
7FF52049F000
unkown image
page readonly
1B8D70F0000
unkown
page read and write
7FF5204BD000
unkown image
page readonly
7FF534A8E000
unkown image
page readonly
7FF54B8B0000
unkown image
page readonly
7FF534A9E000
unkown image
page readonly
FAEC07B000
stack
page read and write
7FF51E0FC000
unkown image
page readonly
285F5589000
unkown
page read and write
7FF5AAE36000
unkown image
page readonly
7DF533250000
unkown image
page readonly
285F5587000
unkown
page read and write
D81CA7B000
stack
page read and write
29E9B630000
unkown image
page readonly
29E9B855000
unkown
page read and write
14890600000
unkown image
page readonly
29E9B800000
unkown
page read and write
7FF51DCA5000
unkown image
page readonly
7FF5AABDE000
unkown image
page readonly
7DF549BA2000
unkown image
page readonly
285F4C3C000
unkown
page read and write
14890020000
unkown image
page readonly
7FF5AAFD4000
unkown image
page readonly
285F5589000
unkown
page read and write
7FF5AADE7000
unkown image
page readonly
285F556F000
unkown
page read and write
7FF5AAF6E000
unkown image
page readonly
285F5A02000
unkown
page read and write
29E9B851000
unkown
page read and write
285F4CDC000
unkown
page read and write
2EC44413000
unkown
page read and write
285F5587000
unkown
page read and write
7FF5AAFDC000
unkown image
page readonly
1B8D715F000
unkown
page read and write
1489026A000
unkown
page read and write
7FF52042A000
unkown image
page readonly
285F4D08000
unkown
page read and write
7FF5AB03B000
unkown image
page readonly
7DF549BC0000
unkown image
page readonly
285F55B4000
unkown
page read and write
FAEBE7C000
unkown
page read and write
1489026E000
unkown
page read and write
1097AFE000
stack
page read and write
7FF534383000
unkown image
page readonly
285F556B000
unkown
page read and write
14890000000
unkown image
page read and write
285F558B000
unkown
page read and write
285F5572000
unkown
page read and write
7DF5C01E0000
unkown image
page readonly
2EC44C02000
unkown
page read and write
7FF54BCDA000
unkown image
page readonly
7FF51E023000
unkown image
page readonly
7FF5AB012000
unkown image
page readonly
14890400000
unkown image
page readonly
285F4CE5000
unkown
page read and write
2EC44466000
unkown
page read and write
7DF5355B2000
unkown image
page readonly
7FF5AB05C000
unkown image
page readonly
2EC44340000
heap private
page read and write
7FF51FC8E000
unkown image
page readonly
7FF5203A4000
unkown image
page readonly
7DF5C01F0000
unkown image
page readonly
EC28E7E000
stack
page read and write
109787F000
stack
page read and write
7FF51E124000
unkown image
page readonly
7FF5AB0CF000
unkown image
page readonly
285F558C000
unkown
page read and write
285F5A02000
unkown
page read and write
285F559A000
unkown
page read and write
7FF5AB0C4000
unkown image
page readonly
10978F9000
stack
page read and write
7FF51E114000
unkown image
page readonly
EC28B6C000
unkown
page read and write
7DF5355B0000
unkown image
page readonly
7FF5AAEA6000
unkown image
page readonly
285F4AE0000
unkown image
page readonly
7FF534A30000
unkown image
page readonly
7FF54BD34000
unkown image
page readonly
7DF549BB2000
unkown image
page readonly
7FF54BD69000
unkown image
page readonly
7FF54BCF5000
unkown image
page readonly
2F97CFB000
stack
page read and write
7FF54BC54000
unkown image
page readonly
7FF54BD4F000
unkown image
page readonly
285F5581000
unkown
page read and write
29E9B87B000
unkown
page read and write
2EC44480000
unkown
page read and write
7FF5AB07B000
unkown image
page readonly
285F4C56000
unkown
page read and write
7FF51E14D000
unkown image
page readonly
7FF520301000
unkown image
page readonly
7FF52033E000
unkown image
page readonly
285F5330000
unkown
page read and write
285F4C55000
unkown
page read and write
285F5000000
unkown image
page readonly
7FF534A35000
unkown image
page readonly
285F55AB000
unkown
page read and write
7FF51E034000
unkown image
page readonly
7FF5201B7000
unkown image
page readonly
7FF5204B9000
unkown image
page readonly
14890229000
unkown
page read and write
7DF549BA0000
unkown image
page readonly
1B8D715F000
unkown
page read and write
7FF51E1C1000
unkown image
page readonly
7FF51DC90000
unkown image
page readonly
D81C52C000
unkown
page read and write
2F979AE000
stack
page read and write
285F558C000
unkown
page read and write
7FF5AAF73000
unkown image
page readonly
7FF52044B000
unkown image
page readonly
7FF5AB15A000
unkown image
page readonly
285F557E000
unkown
page read and write
285F5585000
unkown
page read and write
285F4C7D000
unkown
page read and write
285F5340000
unkown image
page read and write
7FF5AB03F000
unkown image
page readonly
7FF534387000
unkown image
page readonly
7FF534A98000
unkown image
page readonly
7FF520393000
unkown image
page readonly
14890249000
unkown
page read and write
285F5558000
unkown
page read and write
7FF5204AE000
unkown image
page readonly
285F5580000
unkown
page read and write
7FF5AB04F000
unkown image
page readonly
7DF5C01F2000
unkown image
page readonly
29E9C002000
unkown
page read and write
14890308000
unkown
page read and write
1489022C000
unkown
page read and write
1489023C000
unkown
page read and write
10979FF000
stack
page read and write
7FF5AABD2000
unkown image
page readonly
7DF5355B0000
unkown image
page readonly
285F55AB000
unkown
page read and write
D81CB77000
stack
page read and write
285F4C4C000
unkown
page read and write
7FF5AAC45000
unkown image
page readonly
7FF534B1A000
unkown image
page readonly
7FF51E0D0000
unkown image
page readonly
7FF5AB044000
unkown image
page readonly
285F4CAF000
unkown
page read and write
7FF5AB0D8000
unkown image
page readonly
EC28BEE000
stack
page read and write
29E9B913000
unkown
page read and write
285F558D000
unkown
page read and write
7DF533240000
unkown image
page readonly
2EC44500000
unkown
page read and write
7DF433480000
unkown image
page readonly
14890020000
unkown image
page readonly
7DF549BA2000
unkown image
page readonly
7FF51DF73000
unkown image
page readonly
7FF51E107000
unkown image
page readonly
7DF560E72000
unkown image
page readonly
7DF5C0200000
unkown image
page readonly
7FF54B8C5000
unkown image
page readonly
1B8D7290000
heap private
page read and write
EC2957F000
stack
page read and write
29E9B84E000
unkown
page read and write
1B8D7156000
unkown
page read and write
7FF5204A8000
unkown image
page readonly
1B8D7141000
unkown
page read and write
7DF5C01E2000
unkown image
page readonly
29E9B610000
unkown image
page readonly
285F4C4B000
unkown
page read and write
7FF5AAF13000
unkown image
page readonly
7FF54BBD1000
unkown image
page readonly
14890070000
heap default
page read and write
285F4D16000
unkown
page read and write
7DF549BB2000
unkown image
page readonly
7FF5AAF1A000
unkown image
page readonly
7FF52046C000
unkown image
page readonly
7FF534AA9000
unkown image
page readonly
285F4D02000
unkown
page read and write
285F55AD000
unkown
page read and write
7DF549BB0000
unkown image
page readonly
2F9792E000
stack
page read and write
1B8D7146000
heap default
page read and write
2EC44508000
unkown
page read and write
285F5594000
unkown
page read and write
109797A000
stack
page read and write
14890256000
unkown
page read and write
7DF533240000
unkown image
page readonly
1B8D7165000
unkown
page read and write
1B8D6FE0000
unkown image
page readonly
285F559A000
unkown
page read and write
7DF45ED30000
unkown image
page readonly
7FF51E0CE000
unkown image
page readonly
2EC44513000
unkown
page read and write
7DF549BB0000
unkown image
page readonly
2EC44A50000
unkown image
page readonly
7FF54BDE2000
unkown image
page readonly
7FF5AB0B4000
unkown image
page readonly
7FF520445000
unkown image
page readonly
14890313000
unkown
page read and write
285F4CEA000
unkown
page read and write
7DF560E60000
unkown image
page readonly
2F97F77000
stack
page read and write
FAEBF7E000
stack
page read and write
14890213000
unkown
page read and write
285F4C82000
unkown
page read and write
7DF5355D0000
unkown image
page readonly
29E9B888000
unkown
page read and write
7FF520291000
unkown image
page readonly
285F5A63000
unkown
page read and write
7FF5AAF31000
unkown image
page readonly
285F5585000
unkown
page read and write
7FF51E12F000
unkown image
page readonly
285F5A00000
unkown
page read and write
285F4C00000
unkown
page read and write
7FF5202E3000
unkown image
page readonly
285F554D000
unkown
page read and write
2EC4446F000
unkown
page read and write
285F5A02000
unkown
page read and write
7FF54BCDC000
unkown image
page readonly
1B8D7295000
heap private
page read and write
29E9B760000
unkown
page read and write
7FF51E0FF000
unkown image
page readonly
EC2937E000
stack
page read and write
7FF5AB0A7000
unkown image
page readonly
285F52A0000
unkown image
page readonly
2F9817F000
stack
page read and write
2EC44476000
unkown
page read and write
2EC44350000
unkown image
page readonly
285F4C4E000
unkown
page read and write
7FF54BD1C000
unkown image
page readonly
7FF5AB06E000
unkown image
page readonly
7FF534A7A000
unkown image
page readonly
1B8D7130000
heap default
page read and write
7FF534B21000
unkown image
page readonly
2EC44449000
unkown
page read and write
285F55D7000
unkown
page read and write
7FF5AB010000
unkown image
page readonly
285F5585000
unkown
page read and write
7FF5AAF78000
unkown image
page readonly
7FF534B22000
unkown image
page readonly
7FF5AAFBD000
unkown image
page readonly
285F5589000
unkown
page read and write
285F5180000
unkown image
page readonly
7FF520006000
unkown image
page readonly
7FF5AAEC1000
unkown image
page readonly
285F5330000
unkown
page read and write
285F4CF8000
unkown
page read and write
1B8D7000000
unkown image
page readonly
7DF533242000
unkown image
page readonly
7FF54BD6D000
unkown image
page readonly
285F4C29000
unkown
page read and write
14890253000
unkown
page read and write
7FF54BA70000
unkown image
page readonly
7FF520015000
unkown image
page readonly
14890170000
unkown
page read and write
285F5572000
unkown
page read and write
285F5587000
unkown
page read and write
7FF54BDD4000
unkown image
page readonly
FAEC4FF000
stack
page read and write
285F4CBD000
unkown
page read and write
EC29477000
stack
page read and write
7FF534A5F000
unkown image
page readonly
285F4AF0000
unkown image
page readonly
2EC44400000
unkown
page read and write
285F4CE8000
unkown
page read and write
7DF533252000
unkown image
page readonly
29E9B610000
unkown image
page readonly
285F4C58000
unkown
page read and write
7FF5201C0000
unkown image
page readonly
285F5585000
unkown
page read and write
7FF51DF91000
unkown image
page readonly
1489024E000
unkown
page read and write
285F4CA5000
unkown
page read and write
7FF520524000
unkown image
page readonly
EC29078000
stack
page read and write
29E9BD80000
unkown image
page readonly
1489024C000
unkown
page read and write
7FF54BBEB000
unkown image
page readonly
7FF54BD5E000
unkown image
page readonly
2EC44502000
unkown
page read and write
109751A000
unkown
page read and write
14890150000
unkown image
page readonly
7FF51E03C000
unkown image
page readonly
1B8D7171000
unkown
page read and write
D81C87F000
stack
page read and write
7DF560E70000
unkown image
page readonly
7FF51DC96000
unkown image
page readonly
7FF5AB161000
unkown image
page readonly
7FF52043E000
unkown image
page readonly
285F558B000
unkown
page read and write
285F5330000
unkown
page read and write
7FF520531000
unkown image
page readonly
7FF5AB05A000
unkown image
page readonly
7DF560E62000
unkown image
page readonly
7FF520484000
unkown image
page readonly
7FF5AB070000
unkown image
page readonly
29E9B853000
unkown
page read and write
7FF51E0D5000
unkown image
page readonly
7FF5AABE2000
unkown image
page readonly
1B8D72A0000
unkown image
page readonly
7FF534A68000
unkown image
page readonly
7FF52043A000
unkown image
page readonly
285F5587000
unkown
page read and write
29E9B740000
unkown image
page readonly
2EC44450000
unkown
page read and write
7DF431110000
unkown image
page readonly
285F5583000
unkown
page read and write
285F558D000
unkown
page read and write
7FF51E0DB000
unkown image
page readonly
7FF5AAB4E000
unkown image
page readonly
285F5500000
unkown
page read and write
7FF5AB075000
unkown image
page readonly
285F556D000
unkown
page read and write
7DF533250000
unkown image
page readonly
2EC4444A000
unkown
page read and write
285F5596000
unkown
page read and write
EC29177000
stack
page read and write
285F4C9E000
unkown
page read and write
7FF51E0BA000
unkown image
page readonly
14890200000
unkown
page read and write
2EC4443C000
unkown
page read and write
2EC4442C000
unkown
page read and write
7DF4BE0B0000
unkown image
page readonly
285F5570000
unkown
page read and write
7FF51E0CA000
unkown image
page readonly
285F4C6D000
unkown
page read and write
7DF549BA0000
unkown image
page readonly
14890302000
unkown
page read and write
7FF54BD58000
unkown image
page readonly
7FF51E1BA000
unkown image
page readonly
285F55A9000
unkown
page read and write
285F4C13000
unkown
page read and write
7FF5348C7000
unkown image
page readonly
7FF5204B6000
unkown image
page readonly
285F5402000
unkown
page read and write
285F5585000
unkown
page read and write
7FF520494000
unkown image
page readonly
29E9BC00000
unkown image
page readonly
1B8D7155000
unkown
page read and write
29E9B870000
unkown
page read and write
7FF51E01D000
unkown image
page readonly
285F4E00000
unkown image
page readonly
7FF54BCFB000
unkown image
page readonly
285F5587000
unkown
page read and write
D81CD7E000
stack
page read and write
7FF534A5C000
unkown image
page readonly
285F5585000
unkown
page read and write
29E9B856000
unkown
page read and write
1B8D7250000
unkown image
page readonly
7FF54B8B6000
unkown image
page readonly
7DF533242000
unkown image
page readonly
7DF560E80000
unkown image
page readonly
7FF5AAE70000
unkown image
page readonly
7FF51DE50000
unkown image
page readonly
2EC443A0000
heap default
page read and write
7FF534A3B000
unkown image
page readonly
1B8D7620000
unkown image
page readonly
D81C97B000
stack
page read and write
7FF520532000
unkown image
page readonly
285F55AD000
unkown
page read and write
7FF51DF21000
unkown image
page readonly
285F4BF0000
unkown image
page readonly
285F4C4A000
unkown
page read and write
7FF5AAF51000
unkown image
page readonly
1B8D6FE0000
unkown image
page readonly
2EC44380000
unkown image
page readonly
7FF54BD07000
unkown image
page readonly
7FF5AB06A000
unkown image
page readonly
7FF54BD66000
unkown image
page readonly
FAEC17B000
stack
page read and write
285F558E000
unkown
page read and write
7FF51DE47000
unkown image
page readonly
7FF54BA67000
unkown image
page readonly
7FF54BDE1000
unkown image
page readonly
EC2927A000
stack
page read and write
7DF560E60000
unkown image
page readonly
285F55D1000
unkown
page read and write
7FF5AB0DE000
unkown image
page readonly
1B8D713B000
heap default
page read and write
29E9B813000
unkown
page read and write
1B8D74A0000
unkown image
page readonly
7FF5AB0E9000
unkown image
page readonly
29E9B83C000
unkown
page read and write
1B8D7164000
unkown
page read and write
7FF54BC3D000
unkown image
page readonly
285F559A000
unkown
page read and write
7FF51E11A000
unkown image
page readonly
285F4AC0000
unkown image
page readonly
1097A7F000
stack
page read and write
7FF5AA9C3000
unkown image
page readonly
285F5598000
unkown
page read and write
FAEBEFE000
stack
page read and write
285F5596000
unkown
page read and write
285F55D0000
unkown
page read and write
2EC44452000
unkown
page read and write
29E9BA00000
unkown image
page readonly
285F4C53000
unkown
page read and write
7DF560E70000
unkown image
page readonly
285F5589000
unkown
page read and write
7FF5AA8BE000
unkown image
page readonly
2F97DFB000
stack
page read and write
2EC44466000
unkown
page read and write
7FF54BB93000
unkown image
page readonly
D81C5AF000
stack
page read and write
285F55AB000
unkown
page read and write
29E9B84B000
unkown
page read and write
7FF51E149000
unkown image
page readonly
7FF5AB023000
unkown image
page readonly
7FF5AB154000
unkown image
page readonly
7FF5AAC36000
unkown image
page readonly
7DF5C0200000
unkown image
page readonly
285F5589000
unkown
page read and write
285F4B10000
heap default
page read and write
285F556D000
unkown
page read and write
7FF52052A000
unkown image
page readonly
29E9B829000
unkown
page read and write
7FF5AAF6B000
unkown image
page readonly
7FF5AB0E6000
unkown image
page readonly
14890A02000
unkown
page read and write
7FF54BD27000
unkown image
page readonly
7DF5355B2000
unkown image
page readonly
7FF54BDDA000
unkown image
page readonly
7DF5C01F2000
unkown image
page readonly
7FF520457000
unkown image
page readonly
29E9B849000
unkown
page read and write
285F5A02000
unkown
page read and write
7FF5AAFC3000
unkown image
page readonly
7FF54BD1F000
unkown image
page readonly
2EC443D0000
unkown
page read and write
7FF54BC43000
unkown image
page readonly
7DF533260000
unkown image
page readonly
7FF5AB162000
unkown image
page readonly
14890010000
heap private
page read and write
2EC44429000
unkown
page read and write
2F97E7E000
stack
page read and write
7FF51E0E7000
unkown image
page readonly
7FF5AB087000
unkown image
page readonly
285F55B0000
unkown
page read and write
14890780000
unkown image
page readonly
7FF5AAC30000
unkown image
page readonly
14890050000
unkown image
page readonly
1B8D7240000
unkown image
page readonly
7FF54BC5C000
unkown image
page readonly
285F558D000
unkown
page read and write
7FF5AAEB1000
unkown image
page readonly
7FF51E138000
unkown image
page readonly
7FF5AB0BA000
unkown image
page readonly
7FF534A84000
unkown image
page readonly
7FF54BBEE000
unkown image
page readonly
285F5590000
unkown
page read and write
29E9B908000
unkown
page read and write
7FF54BCF0000
unkown image
page readonly
2EC44370000
unkown image
page readonly
7FF5AAE2B000
unkown image
page readonly
285F55A9000
unkown
page read and write
14890255000
unkown
page read and write
14890248000
unkown
page read and write
285F5516000
unkown
page read and write
7FF520000000
unkown image
page readonly
285F5514000
unkown
page read and write
7DF549BC0000
unkown image
page readonly
285F4CC3000
unkown
page read and write
7FF5AA9C7000
unkown image
page readonly
7FF52038D000
unkown image
page readonly
285F558F000
unkown
page read and write
1B8D713D000
heap default
page read and write
7FF5AB09C000
unkown image
page readonly
7FF520321000
unkown image
page readonly
7DF560E62000
unkown image
page readonly
285F55AF000
unkown
page read and write
7FF534B14000
unkown image
page readonly
2EC44330000
unkown image
page read and write
7FF52046F000
unkown image
page readonly
There are 553 hidden memdumps, click here to show them.