IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Contact.xls
Composite Document File V2 Document, Can't read SAT
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E0DB925F-1BA5-41F7-8DD1-432043A67229
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding

URLs

Name
IP
Malicious
https://api.diagnosticssdf.office.com
unknown
https://login.microsoftonline.com/
unknown
https://shell.suite.office.com:1443
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
https://autodiscover-s.outlook.com/
unknown
https://roaming.edog.
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
https://cdn.entity.
unknown
https://api.addins.omex.office.net/appinfo/query
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
https://powerlift.acompli.net
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
https://lookup.onenote.com/lookup/geolocation/v1
unknown
https://cortana.ai
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://cloudfiles.onenote.com/upload.aspx
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://entitlement.diagnosticssdf.office.com
unknown
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
https://api.aadrm.com/
unknown
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
https://api.microsoftstream.com/api/
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
https://cr.office.com
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
https://portal.office.com/account/?ref=ClientMeControl
unknown
https://graph.ppe.windows.net
unknown
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
https://powerlift-frontdesk.acompli.net
unknown
https://tasks.office.com
unknown
https://officeci.azurewebsites.net/api/
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
https://store.office.cn/addinstemplate
unknown
https://api.aadrm.com
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
https://globaldisco.crm.dynamics.com
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://dev0-api.acompli.net/autodetect
unknown
https://www.odwebp.svc.ms
unknown
https://api.diagnosticssdf.office.com/v2/feedback
unknown
https://api.powerbi.com/v1.0/myorg/groups
unknown
https://web.microsoftstream.com/video/
unknown
https://api.addins.store.officeppe.com/addinstemplate
unknown
https://graph.windows.net
unknown
https://dataservice.o365filtering.com/
unknown
https://officesetup.getmicrosoftkey.com
unknown
https://analysis.windows.net/powerbi/api
unknown
https://prod-global-autodetect.acompli.net/autodetect
unknown
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
https://ncus.contentsync.
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
http://weather.service.msn.com/data.aspx
unknown
https://apis.live.net/v5.0/
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
https://management.azure.com
unknown
https://outlook.office365.com
unknown
https://wus2.contentsync.
unknown
https://incidents.diagnostics.office.com
unknown
https://clients.config.office.net/user/v1.0/ios
unknown
https://insertmedia.bing.office.net/odc/insertmedia
unknown
https://o365auditrealtimeingestion.manage.office.com
unknown
https://outlook.office365.com/api/v1.0/me/Activities
unknown
https://api.office.net
unknown
https://incidents.diagnosticssdf.office.com
unknown
https://asgsmsproxyapi.azurewebsites.net/
unknown
https://clients.config.office.net/user/v1.0/android/policies
unknown
https://entitlement.diagnostics.office.com
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
https://substrate.office.com/search/api/v2/init
unknown
https://outlook.office.com/
unknown
https://storage.live.com/clientlogs/uploadlocation
unknown
https://outlook.office365.com/
unknown
https://webshell.suite.office.com
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
https://substrate.office.com/search/api/v1/SearchHistory
unknown
https://management.azure.com/
unknown
https://login.windows.net/common/oauth2/authorize
unknown
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://graph.windows.net/
unknown
https://api.powerbi.com/beta/myorg/imports
unknown
https://devnull.onenote.com
unknown
https://ncus.pagecontentsync.
unknown
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
https://messaging.office.com/
unknown
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
https://augloop.office.com/v2
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
https://skyapi.live.net/Activity/
unknown
https://clients.config.office.net/user/v1.0/mac
unknown
https://dataservice.o365filtering.com
unknown
https://api.cortana.ai
unknown
https://onedrive.live.com
unknown
There are 90 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
>.=
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
?.=
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
b5=
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\205C3
205C3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
EXCELFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
*d,
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D356
2D356
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
There are 25 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1D64D049000
unkown
page read and write
24D76C54000
unkown
page read and write
66B2EFE000
stack
page read and write
6AACFFB000
stack
page read and write
1F6BD7D0000
heap
page read and write
23D82C80000
heap
page read and write
1D64D058000
unkown
page read and write
273AD620000
heap
page read and write
6AAD0FB000
stack
page read and write
56A44FE000
stack
page read and write
190BE27D000
unkown
page read and write
1F6BE169000
unkown
page read and write
B8ADFD000
stack
page read and write
2435B3C0000
remote allocation
page read and write
DFB8D7D000
stack
page read and write
1DA76D11000
heap
page read and write
24D76D00000
unkown
page read and write
1F6BE19A000
unkown
page read and write
241897E000
stack
page read and write
1F6BE14F000
unkown
page read and write
24D76C13000
unkown
page read and write
2435B429000
unkown
page read and write
14CFB400000
unkown
page read and write
23D82ECC000
unkown
page read and write
23D82EBF000
unkown
page read and write
24185FC000
stack
page read and write
21EC61F0000
unkown
page read and write
2435B400000
unkown
page read and write
1F6BE1CA000
unkown
page read and write
1C8B9A28000
unkown
page read and write
DFB90F7000
stack
page read and write
5DFC97F000
stack
page read and write
5DFC1EE000
stack
page read and write
21EC6249000
unkown
page read and write
1D64D000000
unkown
page read and write
273AD88D000
unkown
page read and write
1F6BD8D8000
unkown
page read and write
9AA067F000
stack
page read and write
23D82C70000
heap
page read and write
DFB8E7B000
stack
page read and write
B8B1FF000
stack
page read and write
9AA077E000
stack
page read and write
190BDFD0000
heap
page read and write
BE2BC7C000
stack
page read and write
273AD908000
unkown
page read and write
1D64D062000
unkown
page read and write
BE2B8FC000
stack
page read and write
BE2B67F000
stack
page read and write
1D64D072000
unkown
page read and write
1D64D059000
unkown
page read and write
21EC628D000
unkown
page read and write
14CFB441000
unkown
page read and write
1C8B9A77000
unkown
page read and write
1F6BE19A000
unkown
page read and write
273AD800000
unkown
page read and write
24D76C00000
unkown
page read and write
2435B2F0000
heap
page read and write
DFB8F7B000
stack
page read and write
273AE002000
unkown
page read and write
5DFC57E000
stack
page read and write
66B307F000
stack
page read and write
1C8B97F0000
heap
page read and write
14CFB513000
unkown
page read and write
23D82E6E000
unkown
page read and write
1F6BDF30000
unkown
page read and write
1D64D08A000
unkown
page read and write
190BE239000
unkown
page read and write
2418BFF000
stack
page read and write
21EC6300000
unkown
page read and write
66B327D000
stack
page read and write
1F6BD85D000
unkown
page read and write
1F6BD908000
unkown
page read and write
50A1F77000
stack
page read and write
23D82F02000
unkown
page read and write
1F6BDFF0000
remote allocation
page read and write
1F6BD813000
unkown
page read and write
50A18BC000
stack
page read and write
5DFC0EB000
stack
page read and write
21EC6200000
unkown
page read and write
DFB91FF000
stack
page read and write
14CFBC02000
unkown
page read and write
2418B77000
stack
page read and write
23D82E8B000
unkown
page read and write
1F6BD864000
unkown
page read and write
2435B43C000
unkown
page read and write
1F6BE1B6000
unkown
page read and write
190BE25E000
unkown
page read and write
1F6BE1AC000
unkown
page read and write
1F6BE163000
unkown
page read and write
1F6BE1BE000
unkown
page read and write
1F6BE116000
unkown
page read and write
273AD913000
unkown
page read and write
1F6BE1BE000
unkown
page read and write
273AD881000
unkown
page read and write
23D82E67000
unkown
page read and write
50A207E000
stack
page read and write
1C8B9800000
heap
page read and write
1F6BE002000
unkown
page read and write
21EC6253000
unkown
page read and write
14CFB502000
unkown
page read and write
1F6BE170000
unkown
page read and write
2435B426000
unkown
page read and write
190BE249000
unkown
page read and write
190BE229000
unkown
page read and write
1C8BA202000
unkown
page read and write
190BE240000
unkown
page read and write
21EC6274000
unkown
page read and write
1F6BD829000
unkown
page read and write
1D64D100000
unkown
page read and write
190BE261000
unkown
page read and write
BE2BE7C000
stack
page read and write
21EC623C000
unkown
page read and write
23D82E64000
unkown
page read and write
1F6BE114000
unkown
page read and write
190BE27A000
unkown
page read and write
1DA76C00000
heap
page read and write
1DA76CE0000
heap
page read and write
1F6BE602000
unkown
page read and write
24D76D13000
unkown
page read and write
1F6BD902000
unkown
page read and write
1F6BE602000
unkown
page read and write
190BE25F000
unkown
page read and write
24D76C88000
unkown
page read and write
1F6BE602000
unkown
page read and write
1F6BE602000
unkown
page read and write
1DA76D1F000
heap
page read and write
190BE244000
unkown
page read and write
B8AFFF000
stack
page read and write
1F6BD770000
heap
page read and write
190BE269000
unkown
page read and write
DFB92FF000
stack
page read and write
1DA76D11000
heap
page read and write
14CFB2B0000
heap
page read and write
190BE23D000
unkown
page read and write
24D76C29000
unkown
page read and write
DFB8CFE000
stack
page read and write
190BE030000
heap
page read and write
1F6BE602000
unkown
page read and write
273AD83C000
unkown
page read and write
6AACA9B000
stack
page read and write
B8B0FF000
stack
page read and write
66B2DFE000
stack
page read and write
1DA76CF1000
heap
page read and write
190BE260000
unkown
page read and write
1F6BE161000
unkown
page read and write
5DFC16E000
stack
page read and write
23D82F13000
unkown
page read and write
2435B458000
unkown
page read and write
1F6BD8C5000
unkown
page read and write
1D64D02A000
unkown
page read and write
1D64D06D000
unkown
page read and write
14CFB402000
unkown
page read and write
DFB8FFE000
stack
page read and write
1F6BD8EA000
unkown
page read and write
1C8B9A56000
unkown
page read and write
1F6BD855000
unkown
page read and write
1F6BDFF0000
remote allocation
page read and write
24184FD000
stack
page read and write
190BE232000
unkown
page read and write
BE2BD7F000
stack
page read and write
1DA76C60000
heap
page read and write
1D64CFB0000
trusted library allocation
page read and write
1F6BE1B1000
unkown
page read and write
1F6BE19A000
unkown
page read and write
190BE241000
unkown
page read and write
21EC61C0000
heap
page read and write
5DFC67B000
stack
page read and write
14CFB46C000
unkown
page read and write
B8B2FF000
stack
page read and write
14D70FE000
stack
page read and write
1F6BE19A000
unkown
page read and write
1D64EA70000
trusted library allocation
page read and write
23D82E42000
unkown
page read and write
190BE274000
unkown
page read and write
6AAD2FF000
stack
page read and write
1F6BE19A000
unkown
page read and write
2435B502000
unkown
page read and write
1D64D013000
unkown
page read and write
21EC6A02000
unkown
page read and write
1DA76CEB000
heap
page read and write
1F6BE167000
unkown
page read and write
190BE266000
unkown
page read and write
1F6BE163000
unkown
page read and write
1F6BE192000
unkown
page read and write
24D76D02000
unkown
page read and write
56A3FCA000
stack
page read and write
14CFB240000
heap
page read and write
1F6BE192000
unkown
page read and write
190BE247000
unkown
page read and write
24181CB000
stack
page read and write
1F6BE1CA000
unkown
page read and write
50A19BE000
stack
page read and write
24D76C4D000
unkown
page read and write
50A193E000
stack
page read and write
66B32FE000
stack
page read and write
DFB8C7B000
stack
page read and write
6AAD1FE000
stack
page read and write
B8ABFF000
stack
page read and write
9AA00AB000
stack
page read and write
1F6BE600000
unkown
page read and write
23D82EE2000
unkown
page read and write
56A4379000
stack
page read and write
273AD853000
unkown
page read and write
1D64D059000
unkown
page read and write
1F6BE19A000
unkown
page read and write
BE2B9FF000
stack
page read and write
1F6BD83C000
unkown
page read and write
14CFB45E000
unkown
page read and write
21EC6150000
heap
page read and write
1F6BD8AE000
unkown
page read and write
50A1CFB000
stack
page read and write
190BE262000
unkown
page read and write
1DA76D07000
heap
page read and write
190BE246000
unkown
page read and write
14CFB42A000
unkown
page read and write
21EC6213000
unkown
page read and write
66B2FFD000
stack
page read and write
24D76C49000
unkown
page read and write
190BE200000
unkown
page read and write
21EC6313000
unkown
page read and write
1C8B9A3C000
unkown
page read and write
1C8B9B02000
unkown
page read and write
1F6BD85B000
unkown
page read and write
1F6BD913000
unkown
page read and write
24D76C4F000
unkown
page read and write
23D82E13000
unkown
page read and write
190BE277000
unkown
page read and write
24D76C70000
unkown
page read and write
190BE275000
unkown
page read and write
2435B3C0000
remote allocation
page read and write
21EC6308000
unkown
page read and write
1F6BE173000
unkown
page read and write
1F6BE169000
unkown
page read and write
1F6BE1AB000
unkown
page read and write
2435B360000
heap
page read and write
2435B402000
unkown
page read and write
1F6BD8A0000
unkown
page read and write
1D64CF90000
unkown
page read and write
1F6BD8F3000
unkown
page read and write
56A42FE000
stack
page read and write
273AD829000
unkown
page read and write
24D76AC0000
heap
page read and write
190BE248000
unkown
page read and write
1D64CF60000
heap
page read and write
9AA04FE000
stack
page read and write
1F6BD8A7000
unkown
page read and write
5DFC87F000
stack
page read and write
1F6BE112000
unkown
page read and write
21EC624C000
unkown
page read and write
24D76BC0000
unkown
page read and write
1F6BE1BB000
unkown
page read and write
21EC6282000
unkown
page read and write
1F6BE663000
unkown
page read and write
190BE232000
unkown
page read and write
23D8373A000
unkown
page read and write
2435B413000
unkown
page read and write
BE2BF7F000
stack
page read and write
B8A4CB000
stack
page read and write
190BE263000
unkown
page read and write
14D75FE000
stack
page read and write
273AD813000
unkown
page read and write
1F6BE1AB000
unkown
page read and write
1D64CFE0000
remote allocation
page read and write
1F6BE19A000
unkown
page read and write
1F6BE19A000
unkown
page read and write
66B28AB000
stack
page read and write
1F6BE191000
unkown
page read and write
2435B390000
unkown
page read and write
9AA0A7C000
stack
page read and write
190BE27B000
unkown
page read and write
1F6BD8B1000
unkown
page read and write
2435BC02000
unkown
page read and write
1F6BE1B3000
unkown
page read and write
1D64CF00000
heap
page read and write
B8ACFE000
stack
page read and write
56A43FA000
stack
page read and write
23D83714000
unkown
page read and write
1DA76D1E000
heap
page read and write
1DA76C80000
heap
page read and write
23D82E00000
unkown
page read and write
56A427F000
stack
page read and write
190BE24B000
unkown
page read and write
14D72FE000
stack
page read and write
14CFB250000
heap
page read and write
190BE264000
unkown
page read and write
1F6BE19A000
unkown
page read and write
241877B000
stack
page read and write
1F6BE1C6000
unkown
page read and write
1F6BE19A000
unkown
page read and write
1DA76D06000
heap
page read and write
1C8B9A13000
unkown
page read and write
2418A78000
stack
page read and write
2418CFC000
stack
page read and write
B8A9FE000
stack
page read and write
1DA77050000
heap
page read and write
190BDFC0000
heap
page read and write
14D707C000
stack
page read and write
1F6BD89B000
unkown
page read and write
B8AEFF000
stack
page read and write
1D64D113000
unkown
page read and write
BE2B29C000
stack
page read and write
273AD630000
heap
page read and write
190BE23A000
unkown
page read and write
1D64CFE0000
remote allocation
page read and write
1F6BDFF0000
remote allocation
page read and write
1C8B9860000
heap
page read and write
1D64EC02000
unkown
page read and write
14CFB477000
unkown
page read and write
190BE23B000
unkown
page read and write
1F6BE100000
unkown
page read and write
190BE245000
unkown
page read and write
66B317D000
stack
page read and write
1C8B9A00000
unkown
page read and write
190BE267000
unkown
page read and write
190BE230000
unkown
page read and write
1C8B9A02000
unkown
page read and write
1F6BD8BE000
unkown
page read and write
24D76C3C000
unkown
page read and write
1C8B9A79000
unkown
page read and write
2435B454000
unkown
page read and write
5DFC4FC000
stack
page read and write
23D82DE0000
unkown
page read and write
1F6BE19A000
unkown
page read and write
1D64D118000
unkown
page read and write
1D64D048000
unkown
page read and write
1D64D102000
unkown
page read and write
1D64D049000
unkown
page read and write
1D64EAB0000
trusted library allocation
page read and write
21EC624E000
unkown
page read and write
1F6BE1B1000
unkown
page read and write
50A217E000
stack
page read and write
56A447F000
stack
page read and write
1F6BE171000
unkown
page read and write
1D64CFE0000
remote allocation
page read and write
1D64CEF0000
heap
page read and write
190BE22D000
unkown
page read and write
1D64D002000
unkown
page read and write
190BE213000
unkown
page read and write
190BE790000
unkown
page read and write
1F6BD800000
unkown
page read and write
1D64D03D000
unkown
page read and write
BE2BB7B000
stack
page read and write
1F6BE181000
unkown
page read and write
14D74FE000
stack
page read and write
50A1DFB000
stack
page read and write
B8AAFD000
stack
page read and write
BE2B6FC000
stack
page read and write
190BE22E000
unkown
page read and write
241847E000
stack
page read and write
1C8B9A63000
unkown
page read and write
190BE283000
unkown
page read and write
21EC6160000
heap
page read and write
241867F000
stack
page read and write
190BE802000
unkown
page read and write
1F6BE177000
unkown
page read and write
23D82ED0000
unkown
page read and write
14CFB45B000
unkown
page read and write
21EC622A000
unkown
page read and write
1DA76CF6000
heap
page read and write
1F6BE19B000
unkown
page read and write
1F6BE602000
unkown
page read and write
1F6BE192000
unkown
page read and write
1F6BE194000
unkown
page read and write
9AA097C000
stack
page read and write
1D64D03B000
unkown
page read and write
273AD900000
unkown
page read and write
273AD84D000
unkown
page read and write
1DA77055000
heap
page read and write
9AA087F000
stack
page read and write
190BE242000
unkown
page read and write
9AA0B7E000
stack
page read and write
1DA76D11000
heap
page read and write
273AD902000
unkown
page read and write
23D83700000
unkown
page read and write
24D76A60000
heap
page read and write
1F6BD85A000
unkown
page read and write
1F6BD8E0000
unkown
page read and write
24D76C7D000
unkown
page read and write
1F6BD760000
heap
page read and write
1F6BE170000
unkown
page read and write
66B2D7C000
stack
page read and write
273AD690000
heap
page read and write
BE2BAFD000
stack
page read and write
14CFB413000
unkown
page read and write
24D76D08000
unkown
page read and write
14D717E000
stack
page read and write
190BE27E000
unkown
page read and write
23D83602000
unkown
page read and write
24D76C7B000
unkown
page read and write
24D76A50000
heap
page read and write
273AD790000
unkown
page read and write
5DFC777000
stack
page read and write
50A1E7E000
stack
page read and write
14CFB3B0000
unkown
page read and write
1C8B9960000
unkown
page read and write
9AA0C7E000
stack
page read and write
24D77402000
unkown
page read and write
23D82E29000
unkown
page read and write
1F6BD868000
unkown
page read and write
1F6BE602000
unkown
page read and write
1F6BD859000
unkown
page read and write
2418877000
stack
page read and write
14D73FF000
stack
page read and write
2435B3C0000
remote allocation
page read and write
21EC6270000
unkown
page read and write
1C8B9B00000
unkown
page read and write
23D82CE0000
heap
page read and write
1C8B9B13000
unkown
page read and write
1F6BD916000
unkown
page read and write
21EC6302000
unkown
page read and write
B8A8FB000
stack
page read and write
273AD86A000
unkown
page read and write
190BE302000
unkown
page read and write
2435B300000
heap
page read and write
There are 404 hidden memdumps, click here to show them.