Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
XSG2363662.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: VETTORE; BRT S .P
.A., Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Jan 24 11:15:40 2022, Last Saved Time/Date: Mon
Jan 24 11:15:43 2022, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DDF17BCC-E47B-4784-99D4-89162EBE509E
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF09A82308E61BD2D4.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF380378EE1DD6AC3F.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\3977.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1716BD010027B375.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF67575D7F5A6EBB68.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF85705E9879F41F79.TMP
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
1,0,281480500,0000006D90879000,00000104,00000010,00020000,00000000,1,0
|
|
||
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
||
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://ncus.pagecontentsync.
|
unknown
|
||
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://augloop.office.com/v2
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
||
|
https://skyapi.live.net/Activity/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
||
|
https://dataservice.o365filtering.com
|
unknown
|
||
|
https://api.cortana.ai
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
~o8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
o8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\20527
|
20527
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
.z8
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
cl-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DC1C
|
2DC1C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
5q-
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3426D
|
3426D
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34B04
|
34B04
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
There are 82 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21027600000
|
unkown
|
page read and write
|
||
|
23C7CC13000
|
unkown
|
page read and write
|
||
|
1EC13029000
|
unkown
|
page read and write
|
||
|
258BEFF000
|
stack
|
page read and write
|
||
|
19918202000
|
unkown
|
page read and write
|
||
|
B08A77D000
|
stack
|
page read and write
|
||
|
1FEC525C000
|
unkown
|
page read and write
|
||
|
6D911FE000
|
stack
|
page read and write
|
||
|
258B977000
|
stack
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
18D7FF90000
|
unkown
|
page read and write
|
||
|
1FEC523A000
|
unkown
|
page read and write
|
||
|
19917A2A000
|
unkown
|
page read and write
|
||
|
21027685000
|
unkown
|
page read and write
|
||
|
23F958B8000
|
heap
|
page read and write
|
||
|
84FE37E000
|
stack
|
page read and write
|
||
|
8BD7EFE000
|
stack
|
page read and write
|
||
|
1FB1E140000
|
heap
|
page read and write
|
||
|
18D7F64D000
|
unkown
|
page read and write
|
||
|
1FEC526E000
|
unkown
|
page read and write
|
||
|
18D7FD00000
|
remote allocation
|
page read and write
|
||
|
4F3E6FE000
|
stack
|
page read and write
|
||
|
19917A51000
|
unkown
|
page read and write
|
||
|
57EE5FF000
|
stack
|
page read and write
|
||
|
1FB1E200000
|
unkown
|
page read and write
|
||
|
1FB1E300000
|
unkown
|
page read and write
|
||
|
18D7F600000
|
unkown
|
page read and write
|
||
|
23F958B8000
|
heap
|
page read and write
|
||
|
18D7FFAC000
|
unkown
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
57EE17B000
|
stack
|
page read and write
|
||
|
20216900000
|
unkown
|
page read and write
|
||
|
1FEC5265000
|
unkown
|
page read and write
|
||
|
18D7FFA6000
|
unkown
|
page read and write
|
||
|
D79D94A000
|
stack
|
page read and write
|
||
|
18D7FF7C000
|
unkown
|
page read and write
|
||
|
1EC13000000
|
unkown
|
page read and write
|
||
|
23F957D0000
|
heap
|
page read and write
|
||
|
6D90F7E000
|
stack
|
page read and write
|
||
|
258BC7F000
|
stack
|
page read and write
|
||
|
18D7FF81000
|
unkown
|
page read and write
|
||
|
19917930000
|
heap
|
page read and write
|
||
|
1FB1E28A000
|
unkown
|
page read and write
|
||
|
1EC13802000
|
unkown
|
page read and write
|
||
|
1EC13054000
|
unkown
|
page read and write
|
||
|
B08AD7F000
|
stack
|
page read and write
|
||
|
D79D9CF000
|
stack
|
page read and write
|
||
|
18D7FF69000
|
unkown
|
page read and write
|
||
|
18D7F6DF000
|
unkown
|
page read and write
|
||
|
1FEC526B000
|
unkown
|
page read and write
|
||
|
258BDFF000
|
stack
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
19917B02000
|
unkown
|
page read and write
|
||
|
18D7FF8F000
|
unkown
|
page read and write
|
||
|
8BD83FE000
|
stack
|
page read and write
|
||
|
1FEC523D000
|
unkown
|
page read and write
|
||
|
21027D40000
|
unkown
|
page read and write
|
||
|
18D7FF6C000
|
unkown
|
page read and write
|
||
|
18D7FF6C000
|
unkown
|
page read and write
|
||
|
18D80063000
|
unkown
|
page read and write
|
||
|
18D7F470000
|
heap
|
page read and write
|
||
|
18D7FF75000
|
unkown
|
page read and write
|
||
|
199179F0000
|
remote allocation
|
page read and write
|
||
|
18D7FE02000
|
unkown
|
page read and write
|
||
|
1EC13013000
|
unkown
|
page read and write
|
||
|
18D7FF67000
|
unkown
|
page read and write
|
||
|
18D7FF7B000
|
unkown
|
page read and write
|
||
|
4F3EA7D000
|
stack
|
page read and write
|
||
|
18D7FF69000
|
unkown
|
page read and write
|
||
|
D79DDFE000
|
stack
|
page read and write
|
||
|
1FEC5231000
|
unkown
|
page read and write
|
||
|
23C7CB80000
|
unkown
|
page read and write
|
||
|
2102767A000
|
unkown
|
page read and write
|
||
|
23C7CC81000
|
unkown
|
page read and write
|
||
|
23F958C0000
|
heap
|
page read and write
|
||
|
18D7F681000
|
unkown
|
page read and write
|
||
|
23C7CC5C000
|
unkown
|
page read and write
|
||
|
2102768B000
|
unkown
|
page read and write
|
||
|
1EC13108000
|
unkown
|
page read and write
|
||
|
23F95B80000
|
heap
|
page read and write
|
||
|
18D7FF79000
|
unkown
|
page read and write
|
||
|
258B67E000
|
stack
|
page read and write
|
||
|
18D7FF6B000
|
unkown
|
page read and write
|
||
|
8BD82FF000
|
stack
|
page read and write
|
||
|
1EC1307A000
|
unkown
|
page read and write
|
||
|
18D7FF75000
|
unkown
|
page read and write
|
||
|
23C7CC4E000
|
unkown
|
page read and write
|
||
|
21027624000
|
unkown
|
page read and write
|
||
|
84FE57B000
|
stack
|
page read and write
|
||
|
6D913FF000
|
stack
|
page read and write
|
||
|
1FEC526A000
|
unkown
|
page read and write
|
||
|
18D7FFD9000
|
unkown
|
page read and write
|
||
|
18D7F6E9000
|
unkown
|
page read and write
|
||
|
258BD7B000
|
stack
|
page read and write
|
||
|
1FEC5261000
|
unkown
|
page read and write
|
||
|
1EC12EF0000
|
heap
|
page read and write
|
||
|
BEC0BFF000
|
stack
|
page read and write
|
||
|
18D7FF79000
|
unkown
|
page read and write
|
||
|
1FEC5276000
|
unkown
|
page read and write
|
||
|
202160BF000
|
unkown
|
page read and write
|
||
|
20216000000
|
unkown
|
page read and write
|
||
|
19917990000
|
heap
|
page read and write
|
||
|
202160CB000
|
unkown
|
page read and write
|
||
|
B08A87F000
|
stack
|
page read and write
|
||
|
18D7F708000
|
unkown
|
page read and write
|
||
|
1FB1E202000
|
unkown
|
page read and write
|
||
|
19917A00000
|
unkown
|
page read and write
|
||
|
18D7F6BC000
|
unkown
|
page read and write
|
||
|
1FB1E308000
|
unkown
|
page read and write
|
||
|
23C7D402000
|
unkown
|
page read and write
|
||
|
258BA77000
|
stack
|
page read and write
|
||
|
6D910FD000
|
stack
|
page read and write
|
||
|
1FB1E26A000
|
unkown
|
page read and write
|
||
|
18D7F702000
|
unkown
|
page read and write
|
||
|
18D7FF00000
|
unkown
|
page read and write
|
||
|
6D90E7C000
|
stack
|
page read and write
|
||
|
84FE47B000
|
stack
|
page read and write
|
||
|
B08A11C000
|
stack
|
page read and write
|
||
|
20216113000
|
unkown
|
page read and write
|
||
|
18D7FF87000
|
unkown
|
page read and write
|
||
|
1EC12E80000
|
heap
|
page read and write
|
||
|
199179C0000
|
unkown
|
page read and write
|
||
|
B08AB7F000
|
stack
|
page read and write
|
||
|
1FB1E229000
|
unkown
|
page read and write
|
||
|
18D7FFCC000
|
unkown
|
page read and write
|
||
|
2021608A000
|
unkown
|
page read and write
|
||
|
1FEC5262000
|
unkown
|
page read and write
|
||
|
258B87E000
|
stack
|
page read and write
|
||
|
1FEC5200000
|
unkown
|
page read and write
|
||
|
18D7FF6B000
|
unkown
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
1FEC5257000
|
unkown
|
page read and write
|
||
|
23C7CC27000
|
unkown
|
page read and write
|
||
|
23F95B85000
|
heap
|
page read and write
|
||
|
1FEC5264000
|
unkown
|
page read and write
|
||
|
18D7FFA7000
|
unkown
|
page read and write
|
||
|
57EE27B000
|
stack
|
page read and write
|
||
|
18D7F686000
|
unkown
|
page read and write
|
||
|
2021606E000
|
unkown
|
page read and write
|
||
|
1EC1304D000
|
unkown
|
page read and write
|
||
|
199179F0000
|
remote allocation
|
page read and write
|
||
|
1EC1304F000
|
unkown
|
page read and write
|
||
|
20215FE0000
|
unkown
|
page read and write
|
||
|
B08AE7E000
|
stack
|
page read and write
|
||
|
BEC09FE000
|
stack
|
page read and write
|
||
|
18D7FF77000
|
unkown
|
page read and write
|
||
|
57EDDAE000
|
stack
|
page read and write
|
||
|
18D7F6AD000
|
unkown
|
page read and write
|
||
|
1FB1E252000
|
unkown
|
page read and write
|
||
|
D79DD7F000
|
stack
|
page read and write
|
||
|
1FEC525F000
|
unkown
|
page read and write
|
||
|
21027641000
|
unkown
|
page read and write
|
||
|
18D7FD00000
|
remote allocation
|
page read and write
|
||
|
1FEC527F000
|
unkown
|
page read and write
|
||
|
84FE27B000
|
stack
|
page read and write
|
||
|
18D7FF4A000
|
unkown
|
page read and write
|
||
|
1FEC5270000
|
unkown
|
page read and write
|
||
|
18D80002000
|
unkown
|
page read and write
|
||
|
18D7F627000
|
unkown
|
page read and write
|
||
|
8BD7B8C000
|
stack
|
page read and write
|
||
|
18D7F5E0000
|
unkown
|
page read and write
|
||
|
18D7F4E0000
|
heap
|
page read and write
|
||
|
B08AC7F000
|
stack
|
page read and write
|
||
|
18D7FD00000
|
remote allocation
|
page read and write
|
||
|
18D7FF8F000
|
unkown
|
page read and write
|
||
|
1EC1304A000
|
unkown
|
page read and write
|
||
|
8BD7FFC000
|
stack
|
page read and write
|
||
|
1FEC5258000
|
unkown
|
page read and write
|
||
|
6D9087C000
|
stack
|
page read and write
|
||
|
23C7CC3C000
|
unkown
|
page read and write
|
||
|
4F3E87F000
|
stack
|
page read and write
|
||
|
18D7FF7A000
|
unkown
|
page read and write
|
||
|
18D7F64F000
|
unkown
|
page read and write
|
||
|
6D90CFF000
|
stack
|
page read and write
|
||
|
21027580000
|
heap
|
page read and write
|
||
|
4F3E08B000
|
stack
|
page read and write
|
||
|
1EC1303C000
|
unkown
|
page read and write
|
||
|
18D7FF7F000
|
unkown
|
page read and write
|
||
|
1FEC5302000
|
unkown
|
page read and write
|
||
|
B08A67E000
|
stack
|
page read and write
|
||
|
1FB1E170000
|
unkown
|
page read and write
|
||
|
199179F0000
|
remote allocation
|
page read and write
|
||
|
1EC13113000
|
unkown
|
page read and write
|
||
|
1EC12E90000
|
heap
|
page read and write
|
||
|
23F958A6000
|
heap
|
page read and write
|
||
|
23F95891000
|
heap
|
page read and write
|
||
|
1FB1E24A000
|
unkown
|
page read and write
|
||
|
8BD80FB000
|
stack
|
page read and write
|
||
|
18D7FF7F000
|
unkown
|
page read and write
|
||
|
4F3E97D000
|
stack
|
page read and write
|
||
|
84FE2FE000
|
stack
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
4F3E5FC000
|
stack
|
page read and write
|
||
|
20216932000
|
unkown
|
page read and write
|
||
|
23F95850000
|
heap
|
page read and write
|
||
|
1FEC5260000
|
unkown
|
page read and write
|
||
|
1FB1E24D000
|
unkown
|
page read and write
|
||
|
23C7CC47000
|
unkown
|
page read and write
|
||
|
1FB1E0D0000
|
heap
|
page read and write
|
||
|
1FEC5241000
|
unkown
|
page read and write
|
||
|
23F95830000
|
heap
|
page read and write
|
||
|
18D7F629000
|
unkown
|
page read and write
|
||
|
23C7CAF0000
|
heap
|
page read and write
|
||
|
258BFFA000
|
stack
|
page read and write
|
||
|
18D7FF75000
|
unkown
|
page read and write
|
||
|
20216802000
|
unkown
|
page read and write
|
||
|
18D7FFA1000
|
unkown
|
page read and write
|
||
|
18D7FF87000
|
unkown
|
page read and write
|
||
|
23C7CD08000
|
unkown
|
page read and write
|
||
|
202160E2000
|
unkown
|
page read and write
|
||
|
1FB1E23C000
|
unkown
|
page read and write
|
||
|
1FEC5244000
|
unkown
|
page read and write
|
||
|
18D7FF8B000
|
unkown
|
page read and write
|
||
|
18D7F6C3000
|
unkown
|
page read and write
|
||
|
18D7FF98000
|
unkown
|
page read and write
|
||
|
18D7FFA2000
|
unkown
|
page read and write
|
||
|
19917A02000
|
unkown
|
page read and write
|
||
|
18D80000000
|
unkown
|
page read and write
|
||
|
18D7F713000
|
unkown
|
page read and write
|
||
|
B08A97D000
|
stack
|
page read and write
|
||
|
18D7F64C000
|
unkown
|
page read and write
|
||
|
23C7CD00000
|
unkown
|
page read and write
|
||
|
1EC13065000
|
unkown
|
page read and write
|
||
|
18D7F6A3000
|
unkown
|
page read and write
|
||
|
23C7CC00000
|
unkown
|
page read and write
|
||
|
BEC087E000
|
stack
|
page read and write
|
||
|
23C7CC53000
|
unkown
|
page read and write
|
||
|
23C7CB50000
|
heap
|
page read and write
|
||
|
18D7FF6F000
|
unkown
|
page read and write
|
||
|
18D7FF7F000
|
unkown
|
page read and write
|
||
|
20215FB0000
|
heap
|
page read and write
|
||
|
21027655000
|
unkown
|
page read and write
|
||
|
18D7FF6F000
|
unkown
|
page read and write
|
||
|
B08A57A000
|
stack
|
page read and write
|
||
|
18D7FFCC000
|
unkown
|
page read and write
|
||
|
1EC13070000
|
unkown
|
page read and write
|
||
|
BEC0AFE000
|
stack
|
page read and write
|
||
|
1FB1E27F000
|
unkown
|
page read and write
|
||
|
18D7FF14000
|
unkown
|
page read and write
|
||
|
18D7F480000
|
heap
|
page read and write
|
||
|
1FEC5285000
|
unkown
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
1FEC50B0000
|
heap
|
page read and write
|
||
|
6D912FC000
|
stack
|
page read and write
|
||
|
18D7F63C000
|
unkown
|
page read and write
|
||
|
8BD81F7000
|
stack
|
page read and write
|
||
|
18D7FF1E000
|
unkown
|
page read and write
|
||
|
18D7FF87000
|
unkown
|
page read and write
|
||
|
1EC13100000
|
unkown
|
page read and write
|
||
|
1FB1E247000
|
unkown
|
page read and write
|
||
|
18D7FF7F000
|
unkown
|
page read and write
|
||
|
18D7FF96000
|
unkown
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
57EE3F7000
|
stack
|
page read and write
|
||
|
20216013000
|
unkown
|
page read and write
|
||
|
20216102000
|
unkown
|
page read and write
|
||
|
1FEC5240000
|
unkown
|
page read and write
|
||
|
18D7F64B000
|
unkown
|
page read and write
|
||
|
8BD7E7E000
|
stack
|
page read and write
|
||
|
57EDD2B000
|
stack
|
page read and write
|
||
|
202160D0000
|
unkown
|
page read and write
|
||
|
20215F50000
|
heap
|
page read and write
|
||
|
84FE87F000
|
stack
|
page read and write
|
||
|
23F958C1000
|
heap
|
page read and write
|
||
|
18D7F613000
|
unkown
|
page read and write
|
||
|
18D7FFD0000
|
unkown
|
page read and write
|
||
|
1FEC527C000
|
unkown
|
page read and write
|
||
|
18D7FF73000
|
unkown
|
page read and write
|
||
|
6D90C7B000
|
stack
|
page read and write
|
||
|
23F95880000
|
heap
|
page read and write
|
||
|
18D80002000
|
unkown
|
page read and write
|
||
|
BEC05EE000
|
stack
|
page read and write
|
||
|
18D7FF9B000
|
unkown
|
page read and write
|
||
|
21027702000
|
unkown
|
page read and write
|
||
|
1FEC5263000
|
unkown
|
page read and write
|
||
|
1EC13081000
|
unkown
|
page read and write
|
||
|
23C7CC5C000
|
unkown
|
page read and write
|
||
|
1FB1E302000
|
unkown
|
page read and write
|
||
|
20216040000
|
unkown
|
page read and write
|
||
|
23C7CC70000
|
unkown
|
page read and write
|
||
|
D79DC7F000
|
stack
|
page read and write
|
||
|
1FEC526C000
|
unkown
|
page read and write
|
||
|
18D7F6F8000
|
unkown
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
1FEC5238000
|
unkown
|
page read and write
|
||
|
23F958A7000
|
heap
|
page read and write
|
||
|
1FEC5268000
|
unkown
|
page read and write
|
||
|
23C7CC29000
|
unkown
|
page read and write
|
||
|
1FEC525A000
|
unkown
|
page read and write
|
||
|
23C7CD13000
|
unkown
|
page read and write
|
||
|
1FEC527E000
|
unkown
|
page read and write
|
||
|
BEC056B000
|
stack
|
page read and write
|
||
|
84FE677000
|
stack
|
page read and write
|
||
|
D79DCF9000
|
stack
|
page read and write
|
||
|
21027570000
|
heap
|
page read and write
|
||
|
1FB1E0E0000
|
heap
|
page read and write
|
||
|
1FEC5040000
|
heap
|
page read and write
|
||
|
2102767E000
|
unkown
|
page read and write
|
||
|
21027613000
|
unkown
|
page read and write
|
||
|
1FB1E313000
|
unkown
|
page read and write
|
||
|
18D7FF88000
|
unkown
|
page read and write
|
||
|
18D7FFA9000
|
unkown
|
page read and write
|
||
|
1FB1EA02000
|
unkown
|
page read and write
|
||
|
1EC13102000
|
unkown
|
page read and write
|
||
|
1FB1E213000
|
unkown
|
page read and write
|
||
|
1FEC5275000
|
unkown
|
page read and write
|
||
|
18D7FF8A000
|
unkown
|
page read and write
|
||
|
18D7F69C000
|
unkown
|
page read and write
|
||
|
6D90FFB000
|
stack
|
page read and write
|
||
|
18D7FF8C000
|
unkown
|
page read and write
|
||
|
84FE77F000
|
stack
|
page read and write
|
||
|
1FEC5248000
|
unkown
|
page read and write
|
||
|
1FEC5273000
|
unkown
|
page read and write
|
||
|
210275E0000
|
heap
|
page read and write
|
||
|
57EE07D000
|
stack
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
18D7FFA9000
|
unkown
|
page read and write
|
||
|
18D7FFB0000
|
unkown
|
page read and write
|
||
|
21027713000
|
unkown
|
page read and write
|
||
|
6D90DFE000
|
stack
|
page read and write
|
||
|
23F958B8000
|
heap
|
page read and write
|
||
|
21027E02000
|
unkown
|
page read and write
|
||
|
4F3E57F000
|
stack
|
page read and write
|
||
|
1FEC5050000
|
heap
|
page read and write
|
||
|
18D7FF87000
|
unkown
|
page read and write
|
||
|
19917A13000
|
unkown
|
page read and write
|
||
|
1FEC5259000
|
unkown
|
page read and write
|
||
|
19917A3D000
|
unkown
|
page read and write
|
||
|
18D7F716000
|
unkown
|
page read and write
|
||
|
18D7FF16000
|
unkown
|
page read and write
|
||
|
23C7CC73000
|
unkown
|
page read and write
|
||
|
1FEC524E000
|
unkown
|
page read and write
|
||
|
1FEC5245000
|
unkown
|
page read and write
|
||
|
258B7FC000
|
stack
|
page read and write
|
||
|
18D80002000
|
unkown
|
page read and write
|
||
|
23C7CAE0000
|
heap
|
page read and write
|
||
|
19917920000
|
heap
|
page read and write
|
||
|
4F3EAFE000
|
stack
|
page read and write
|
||
|
23C7CD02000
|
unkown
|
page read and write
|
||
|
21027669000
|
unkown
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
20215F40000
|
heap
|
page read and write
|
||
|
1FEC5229000
|
unkown
|
page read and write
|
||
|
18D7FF77000
|
unkown
|
page read and write
|
||
|
1FEC5A02000
|
unkown
|
page read and write
|
||
|
18D7FF77000
|
unkown
|
page read and write
|
||
|
21027602000
|
unkown
|
page read and write
|
||
|
18D7FF98000
|
unkown
|
page read and write
|
||
|
18D7FFA6000
|
unkown
|
page read and write
|
||
|
18D7F6A9000
|
unkown
|
page read and write
|
||
|
20216024000
|
unkown
|
page read and write
|
||
|
18D7FF7E000
|
unkown
|
page read and write
|
||
|
2102765B000
|
unkown
|
page read and write
|
||
|
258B3EB000
|
stack
|
page read and write
|
||
|
1FEC5213000
|
unkown
|
page read and write
|
||
|
57EE2FE000
|
stack
|
page read and write
|
||
|
1FEC5267000
|
unkown
|
page read and write
|
||
|
18D7FF87000
|
unkown
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
1EC12FF0000
|
unkown
|
page read and write
|
||
|
B08AA7F000
|
stack
|
page read and write
|
||
|
57EE4FF000
|
stack
|
page read and write
|
||
|
23F95896000
|
heap
|
page read and write
|
||
|
258B6FE000
|
stack
|
page read and write
|
||
|
18D7FFA6000
|
unkown
|
page read and write
|
||
|
23C7CC4B000
|
unkown
|
page read and write
|
||
|
18D7FF85000
|
unkown
|
page read and write
|
||
|
20216029000
|
unkown
|
page read and write
|
||
|
1FEC5246000
|
unkown
|
page read and write
|
||
|
18D7FF83000
|
unkown
|
page read and write
|
||
|
18D7F670000
|
unkown
|
page read and write
|
||
|
18D7F650000
|
unkown
|
page read and write
|
||
|
4F3E7FD000
|
stack
|
page read and write
|
||
|
258BB7C000
|
stack
|
page read and write
|
||
|
18D7FF79000
|
unkown
|
page read and write
|
||
|
18D7FFCD000
|
unkown
|
page read and write
|
||
|
BEC0CFE000
|
stack
|
page read and write
|
||
|
1FEC51B0000
|
unkown
|
page read and write
|
||
|
18D7FF7A000
|
unkown
|
page read and write
|
There are 369 hidden memdumps, click here to show them.
DOM / HTML
|
URL
|
Malicious
|
|
|---|---|---|
|
1,0,281480500,0000006D90879000,00000104,00000010,00020000,00000000,1,0
|