Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
message_tracking_1655942871715.xlsx
|
Microsoft OOXML
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\14FAC50B-DCF4-41CB-B655-19278342466F
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://messaging.lifecycle.office.com/getcustommessage16
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
||
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.action.office.com/
|
unknown
|
||
|
https://ncus.pagecontentsync.
|
unknown
|
||
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
||
|
https://messaging.office.com/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://augloop.office.com/v2
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
40>
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
50>
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2F469
|
2F469
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
sb>
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
There are 23 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1F910420000
|
trusted library allocation
|
page read and write
|
||
|
24789D02000
|
heap
|
page read and write
|
||
|
1F90BDA0000
|
trusted library section
|
page readonly
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D324000
|
heap
|
page read and write
|
||
|
1F910504000
|
heap
|
page read and write
|
||
|
1E48D379000
|
heap
|
page read and write
|
||
|
1A677D40000
|
heap
|
page read and write
|
||
|
1E48D371000
|
heap
|
page read and write
|
||
|
664EBF8000
|
stack
|
page read and write
|
||
|
12935F7000
|
stack
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1F4B7488000
|
heap
|
page read and write
|
||
|
1F9103E0000
|
trusted library allocation
|
page read and write
|
||
|
3B3B3FF000
|
stack
|
page read and write
|
||
|
1A677CB0000
|
heap
|
page read and write
|
||
|
24789C5D000
|
heap
|
page read and write
|
||
|
1292FFB000
|
stack
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1F91041D000
|
heap
|
page read and write
|
||
|
1E48C902000
|
heap
|
page read and write
|
||
|
1E48D335000
|
heap
|
page read and write
|
||
|
3B3AF7A000
|
stack
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
199C2B55000
|
heap
|
page read and write
|
||
|
1E48D3A3000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1F910504000
|
heap
|
page read and write
|
||
|
1E48D395000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1E48D202000
|
heap
|
page read and write
|
||
|
1F90AD02000
|
heap
|
page read and write
|
||
|
1A677DF5000
|
heap
|
page read and write
|
||
|
1F90AC3D000
|
heap
|
page read and write
|
||
|
3B3B27B000
|
stack
|
page read and write
|
||
|
1F90AC5F000
|
heap
|
page read and write
|
||
|
1F910304000
|
trusted library allocation
|
page read and write
|
||
|
1E48C8F9000
|
heap
|
page read and write
|
||
|
1A677DDF000
|
heap
|
page read and write
|
||
|
1E48D36C000
|
heap
|
page read and write
|
||
|
1E48D0E0000
|
remote allocation
|
page read and write
|
||
|
1E48D3A7000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1E48D37A000
|
heap
|
page read and write
|
||
|
1E48D34E000
|
heap
|
page read and write
|
||
|
8365B7E000
|
stack
|
page read and write
|
||
|
1E48C720000
|
heap
|
page read and write
|
||
|
3B3AD78000
|
stack
|
page read and write
|
||
|
1F90AD13000
|
heap
|
page read and write
|
||
|
1E48C8A9000
|
heap
|
page read and write
|
||
|
1F90AD26000
|
heap
|
page read and write
|
||
|
12934FB000
|
stack
|
page read and write
|
||
|
24789C00000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1F910502000
|
heap
|
page read and write
|
||
|
1F4B71C0000
|
heap
|
page read and write
|
||
|
1F90AC9F000
|
heap
|
page read and write
|
||
|
1A677B80000
|
heap
|
page read and write
|
||
|
1E48D803000
|
heap
|
page read and write
|
||
|
1F4B7424000
|
heap
|
page read and write
|
||
|
3B3B5FF000
|
stack
|
page read and write
|
||
|
1F9102F0000
|
trusted library allocation
|
page read and write
|
||
|
24789C8C000
|
heap
|
page read and write
|
||
|
1E48D35F000
|
heap
|
page read and write
|
||
|
8A5FA7E000
|
stack
|
page read and write
|
||
|
1E48C908000
|
heap
|
page read and write
|
||
|
24789C68000
|
heap
|
page read and write
|
||
|
1F9101A0000
|
trusted library allocation
|
page read and write
|
||
|
1E48D38A000
|
heap
|
page read and write
|
||
|
1F910506000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D31F000
|
heap
|
page read and write
|
||
|
1E48D0E0000
|
remote allocation
|
page read and write
|
||
|
199C29C0000
|
heap
|
page read and write
|
||
|
8A5F72B000
|
stack
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1F910620000
|
remote allocation
|
page read and write
|
||
|
12933FB000
|
stack
|
page read and write
|
||
|
1E48D3A1000
|
heap
|
page read and write
|
||
|
1F90BD50000
|
trusted library section
|
page readonly
|
||
|
9FDA077000
|
stack
|
page read and write
|
||
|
24789C5B000
|
heap
|
page read and write
|
||
|
1E48D36D000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1F910600000
|
trusted library allocation
|
page read and write
|
||
|
1F90AC2A000
|
heap
|
page read and write
|
||
|
199C2B5C000
|
heap
|
page read and write
|
||
|
1F9104FF000
|
heap
|
page read and write
|
||
|
1AFA2520000
|
trusted library allocation
|
page read and write
|
||
|
1F90B502000
|
heap
|
page read and write
|
||
|
1E48D392000
|
heap
|
page read and write
|
||
|
1E48D3A1000
|
heap
|
page read and write
|
||
|
1E48D0E0000
|
remote allocation
|
page read and write
|
||
|
1E48D3A3000
|
heap
|
page read and write
|
||
|
1E48C8EC000
|
heap
|
page read and write
|
||
|
1A677DDF000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
3B3B17A000
|
stack
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1AFA262A000
|
heap
|
page read and write
|
||
|
1AFA264F000
|
heap
|
page read and write
|
||
|
3B3A94B000
|
stack
|
page read and write
|
||
|
1A677DD8000
|
heap
|
page read and write
|
||
|
1E48C882000
|
heap
|
page read and write
|
||
|
836571A000
|
stack
|
page read and write
|
||
|
1E48C8BF000
|
heap
|
page read and write
|
||
|
24789C88000
|
heap
|
page read and write
|
||
|
12932FE000
|
stack
|
page read and write
|
||
|
24789C65000
|
heap
|
page read and write
|
||
|
664EEF8000
|
stack
|
page read and write
|
||
|
1A677CD0000
|
heap
|
page read and write
|
||
|
1AFA2700000
|
heap
|
page read and write
|
||
|
12937FE000
|
stack
|
page read and write
|
||
|
114A379000
|
stack
|
page read and write
|
||
|
1AFA2E02000
|
trusted library allocation
|
page read and write
|
||
|
1F910506000
|
heap
|
page read and write
|
||
|
1E48D3B2000
|
heap
|
page read and write
|
||
|
1E48D333000
|
heap
|
page read and write
|
||
|
8365BF8000
|
stack
|
page read and write
|
||
|
1E48D3B9000
|
heap
|
page read and write
|
||
|
1F9104FF000
|
heap
|
page read and write
|
||
|
1A677DD4000
|
heap
|
page read and write
|
||
|
664EAFB000
|
stack
|
page read and write
|
||
|
1E48D395000
|
heap
|
page read and write
|
||
|
1AFA2708000
|
heap
|
page read and write
|
||
|
1AFA2654000
|
heap
|
page read and write
|
||
|
1E48C8D5000
|
heap
|
page read and write
|
||
|
1AFA2650000
|
heap
|
page read and write
|
||
|
1F90AAB0000
|
heap
|
page read and write
|
||
|
1E48D323000
|
heap
|
page read and write
|
||
|
1AFA23B0000
|
heap
|
page read and write
|
||
|
1E48D819000
|
heap
|
page read and write
|
||
|
1F910482000
|
heap
|
page read and write
|
||
|
1A677DD7000
|
heap
|
page read and write
|
||
|
1F9102C8000
|
trusted library allocation
|
page read and write
|
||
|
199C2C65000
|
heap
|
page read and write
|
||
|
1F90B518000
|
heap
|
page read and write
|
||
|
8A5FE7F000
|
stack
|
page read and write
|
||
|
3B3AE7A000
|
stack
|
page read and write
|
||
|
1AFA264B000
|
heap
|
page read and write
|
||
|
1F90AAC0000
|
heap
|
page read and write
|
||
|
1F90C110000
|
trusted library allocation
|
page read and write
|
||
|
1E48D3A3000
|
heap
|
page read and write
|
||
|
1AFA264C000
|
heap
|
page read and write
|
||
|
199C29D0000
|
trusted library allocation
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1E48D3A3000
|
heap
|
page read and write
|
||
|
199C3AD0000
|
trusted library allocation
|
page read and write
|
||
|
1F90B518000
|
heap
|
page read and write
|
||
|
1E48D319000
|
heap
|
page read and write
|
||
|
1E48C86A000
|
heap
|
page read and write
|
||
|
1E48D39D000
|
heap
|
page read and write
|
||
|
1A677DDF000
|
heap
|
page read and write
|
||
|
1E48D3A1000
|
heap
|
page read and write
|
||
|
1F910487000
|
heap
|
page read and write
|
||
|
24789C54000
|
heap
|
page read and write
|
||
|
1E48D394000
|
heap
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1E48D3CA000
|
heap
|
page read and write
|
||
|
9FDA17F000
|
stack
|
page read and write
|
||
|
1F90BD90000
|
trusted library section
|
page readonly
|
||
|
1E48D394000
|
heap
|
page read and write
|
||
|
1E48D373000
|
heap
|
page read and write
|
||
|
1F4B747B000
|
heap
|
page read and write
|
||
|
1E48D803000
|
heap
|
page read and write
|
||
|
199C3790000
|
trusted library allocation
|
page read and write
|
||
|
199C3A80000
|
trusted library allocation
|
page read and write
|
||
|
1F9101B0000
|
trusted library allocation
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1F90AB20000
|
heap
|
page read and write
|
||
|
1F9104FC000
|
heap
|
page read and write
|
||
|
1F90B400000
|
heap
|
page read and write
|
||
|
1E48C710000
|
heap
|
page read and write
|
||
|
24789D08000
|
heap
|
page read and write
|
||
|
1F91043E000
|
heap
|
page read and write
|
||
|
199C2C69000
|
heap
|
page read and write
|
||
|
1E48D300000
|
heap
|
page read and write
|
||
|
1E48D317000
|
heap
|
page read and write
|
||
|
1F910506000
|
heap
|
page read and write
|
||
|
836579F000
|
stack
|
page read and write
|
||
|
199C2B56000
|
heap
|
page read and write
|
||
|
24789C67000
|
heap
|
page read and write
|
||
|
199C37A0000
|
trusted library allocation
|
page read and write
|
||
|
8365A7F000
|
stack
|
page read and write
|
||
|
1F9104F7000
|
heap
|
page read and write
|
||
|
1E48D3A2000
|
heap
|
page read and write
|
||
|
1F4B7488000
|
heap
|
page read and write
|
||
|
1A677DDF000
|
heap
|
page read and write
|
||
|
1AFA2649000
|
heap
|
page read and write
|
||
|
1E48C913000
|
heap
|
page read and write
|
||
|
1AFA2648000
|
heap
|
page read and write
|
||
|
199C3A70000
|
trusted library allocation
|
page read and write
|
||
|
1F90AC00000
|
heap
|
page read and write
|
||
|
664EDFF000
|
stack
|
page read and write
|
||
|
24789C60000
|
heap
|
page read and write
|
||
|
1F90AC8D000
|
heap
|
page read and write
|
||
|
199C2C60000
|
heap
|
page read and write
|
||
|
1F910620000
|
remote allocation
|
page read and write
|
||
|
1F910504000
|
heap
|
page read and write
|
||
|
114A57F000
|
stack
|
page read and write
|
||
|
199C2C30000
|
heap
|
page read and write
|
||
|
1AFA2600000
|
heap
|
page read and write
|
||
|
24789C13000
|
heap
|
page read and write
|
||
|
1A677DEF000
|
heap
|
page read and write
|
||
|
1F4B7513000
|
heap
|
page read and write
|
||
|
1E48C84C000
|
heap
|
page read and write
|
||
|
24789C2A000
|
heap
|
page read and write
|
||
|
12936FE000
|
stack
|
page read and write
|
||
|
1F9102E4000
|
trusted library allocation
|
page read and write
|
||
|
1F4B7470000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1F9104EF000
|
heap
|
page read and write
|
||
|
1F910390000
|
trusted library allocation
|
page read and write
|
||
|
1F910502000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1AFA2657000
|
heap
|
page read and write
|
||
|
1E48C8B3000
|
heap
|
page read and write
|
||
|
8A5FC7B000
|
stack
|
page read and write
|
||
|
24789D13000
|
heap
|
page read and write
|
||
|
1E48C8C5000
|
heap
|
page read and write
|
||
|
24789C7D000
|
heap
|
page read and write
|
||
|
114A47E000
|
stack
|
page read and write
|
||
|
1F910461000
|
heap
|
page read and write
|
||
|
3B3B6FC000
|
stack
|
page read and write
|
||
|
1AFA263C000
|
heap
|
page read and write
|
||
|
1F4B743C000
|
heap
|
page read and write
|
||
|
114A27F000
|
stack
|
page read and write
|
||
|
2478A3A0000
|
trusted library allocation
|
page read and write
|
||
|
1F9102C0000
|
trusted library allocation
|
page read and write
|
||
|
1F4B7489000
|
heap
|
page read and write
|
||
|
1A677DD6000
|
heap
|
page read and write
|
||
|
3B3B4FF000
|
stack
|
page read and write
|
||
|
1E48D384000
|
heap
|
page read and write
|
||
|
24789B00000
|
heap
|
page read and write
|
||
|
3B3B9FF000
|
stack
|
page read and write
|
||
|
1F4B7413000
|
heap
|
page read and write
|
||
|
1F90C120000
|
trusted library allocation
|
page read and write
|
||
|
199C2B10000
|
heap
|
page read and write
|
||
|
1F4B7502000
|
heap
|
page read and write
|
||
|
8365AFF000
|
stack
|
page read and write
|
||
|
199C3A60000
|
heap
|
page readonly
|
||
|
1A677DD3000
|
heap
|
page read and write
|
||
|
1F90ACB0000
|
heap
|
page read and write
|
||
|
1F90ACFD000
|
heap
|
page read and write
|
||
|
1A677DF0000
|
heap
|
page read and write
|
||
|
1F4B7488000
|
heap
|
page read and write
|
||
|
1E48D392000
|
heap
|
page read and write
|
||
|
1AFA2653000
|
heap
|
page read and write
|
||
|
1A677DDF000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1F91042A000
|
heap
|
page read and write
|
||
|
1E48C865000
|
heap
|
page read and write
|
||
|
1E48C916000
|
heap
|
page read and write
|
||
|
8365CFC000
|
stack
|
page read and write
|
||
|
114A3F9000
|
stack
|
page read and write
|
||
|
664E72E000
|
stack
|
page read and write
|
||
|
1AFA2688000
|
heap
|
page read and write
|
||
|
1F90AC68000
|
heap
|
page read and write
|
||
|
1E48D3C7000
|
heap
|
page read and write
|
||
|
1E48C813000
|
heap
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1E48D379000
|
heap
|
page read and write
|
||
|
1AFA2656000
|
heap
|
page read and write
|
||
|
114A4F9000
|
stack
|
page read and write
|
||
|
3B3B47F000
|
stack
|
page read and write
|
||
|
1F90B3D0000
|
trusted library section
|
page read and write
|
||
|
1E48C84B000
|
heap
|
page read and write
|
||
|
1E48D3A2000
|
heap
|
page read and write
|
||
|
1AFA267E000
|
heap
|
page read and write
|
||
|
1F4B7489000
|
heap
|
page read and write
|
||
|
1F4B71B0000
|
heap
|
page read and write
|
||
|
1F4B7C02000
|
trusted library allocation
|
page read and write
|
||
|
1E48D3A9000
|
heap
|
page read and write
|
||
|
1E48C8E9000
|
heap
|
page read and write
|
||
|
1F90B415000
|
heap
|
page read and write
|
||
|
1F4B7488000
|
heap
|
page read and write
|
||
|
1E48D820000
|
heap
|
page read and write
|
||
|
1F910620000
|
remote allocation
|
page read and write
|
||
|
1E48D3D5000
|
heap
|
page read and write
|
||
|
1F4B7457000
|
heap
|
page read and write
|
||
|
1F9102E1000
|
trusted library allocation
|
page read and write
|
||
|
1F90ACA1000
|
heap
|
page read and write
|
||
|
1F4B7500000
|
heap
|
page read and write
|
||
|
199C3A50000
|
trusted library allocation
|
page read and write
|
||
|
1F9104A6000
|
heap
|
page read and write
|
||
|
24789C3C000
|
heap
|
page read and write
|
||
|
1F9104E3000
|
heap
|
page read and write
|
||
|
1A677DC1000
|
heap
|
page read and write
|
||
|
1E48C84D000
|
heap
|
page read and write
|
||
|
24789AA0000
|
heap
|
page read and write
|
||
|
1F9104E5000
|
heap
|
page read and write
|
||
|
1F90AC24000
|
heap
|
page read and write
|
||
|
1F90B402000
|
heap
|
page read and write
|
||
|
664F078000
|
stack
|
page read and write
|
||
|
129327E000
|
stack
|
page read and write
|
||
|
1A677DC6000
|
heap
|
page read and write
|
||
|
1E48C7B0000
|
trusted library allocation
|
page read and write
|
||
|
1F90BD80000
|
trusted library section
|
page readonly
|
||
|
1E48D3B2000
|
heap
|
page read and write
|
||
|
24789A90000
|
heap
|
page read and write
|
||
|
1F9104EA000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D3A3000
|
heap
|
page read and write
|
||
|
664E7AE000
|
stack
|
page read and write
|
||
|
24789C63000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1E48C868000
|
heap
|
page read and write
|
||
|
1E48C84F000
|
heap
|
page read and write
|
||
|
199C2B5C000
|
heap
|
page read and write
|
||
|
1F9102F0000
|
trusted library allocation
|
page read and write
|
||
|
1F90BD70000
|
trusted library section
|
page readonly
|
||
|
1A677DF4000
|
heap
|
page read and write
|
||
|
9FDA37F000
|
stack
|
page read and write
|
||
|
1E48C8AF000
|
heap
|
page read and write
|
||
|
1F90C113000
|
trusted library allocation
|
page read and write
|
||
|
199C2C10000
|
heap
|
page read and write
|
||
|
1AFA2613000
|
heap
|
page read and write
|
||
|
1E48D3B2000
|
heap
|
page read and write
|
||
|
1E48D38A000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1E48D802000
|
heap
|
page read and write
|
||
|
1F9102C0000
|
trusted library allocation
|
page read and write
|
||
|
1AFA2652000
|
heap
|
page read and write
|
||
|
1F90C0F1000
|
trusted library allocation
|
page read and write
|
||
|
1E48D83E000
|
heap
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1AFA2670000
|
heap
|
page read and write
|
||
|
8365C7E000
|
stack
|
page read and write
|
||
|
199C3810000
|
trusted library allocation
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1E48C83C000
|
heap
|
page read and write
|
||
|
1AFA2420000
|
heap
|
page read and write
|
||
|
1E48D323000
|
heap
|
page read and write
|
||
|
1F910410000
|
trusted library allocation
|
page read and write
|
||
|
2478A402000
|
trusted library allocation
|
page read and write
|
||
|
1F90AC57000
|
heap
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1F4B7320000
|
trusted library allocation
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
199C2B21000
|
heap
|
page read and write
|
||
|
1E48D37C000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1E48D800000
|
heap
|
page read and write
|
||
|
1F90B3C0000
|
trusted library allocation
|
page read and write
|
||
|
1E48C866000
|
heap
|
page read and write
|
||
|
1E48D371000
|
heap
|
page read and write
|
||
|
1F910411000
|
heap
|
page read and write
|
||
|
1F90AC94000
|
heap
|
page read and write
|
||
|
1F91044B000
|
heap
|
page read and write
|
||
|
1F90BC70000
|
trusted library allocation
|
page read and write
|
||
|
24789C66000
|
heap
|
page read and write
|
||
|
1F90B513000
|
heap
|
page read and write
|
||
|
1AFA265A000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1E48D3A1000
|
heap
|
page read and write
|
||
|
1A677DC6000
|
heap
|
page read and write
|
||
|
1F9102E0000
|
trusted library allocation
|
page read and write
|
||
|
1F90AC13000
|
heap
|
page read and write
|
||
|
1E48C800000
|
heap
|
page read and write
|
||
|
1E48D37E000
|
heap
|
page read and write
|
||
|
1E48D379000
|
heap
|
page read and write
|
||
|
1E48D388000
|
heap
|
page read and write
|
||
|
9FD9CFE000
|
stack
|
page read and write
|
||
|
1AFA23C0000
|
heap
|
page read and write
|
||
|
1F910502000
|
heap
|
page read and write
|
||
|
24789C5A000
|
heap
|
page read and write
|
||
|
1E48D3B9000
|
heap
|
page read and write
|
||
|
1E48C879000
|
heap
|
page read and write
|
||
|
199C2C70000
|
trusted library allocation
|
page read and write
|
||
|
1E48D392000
|
heap
|
page read and write
|
||
|
1F9104D7000
|
heap
|
page read and write
|
||
|
1F4B7400000
|
heap
|
page read and write
|
||
|
1F911000000
|
heap
|
page read and write
|
||
|
3B3B7FB000
|
stack
|
page read and write
|
||
|
1E48D38A000
|
heap
|
page read and write
|
||
|
1AFA268F000
|
heap
|
page read and write
|
||
|
3B3B07E000
|
stack
|
page read and write
|
||
|
199C3800000
|
trusted library allocation
|
page read and write
|
||
|
1F90AC64000
|
heap
|
page read and write
|
||
|
9FD9C7B000
|
stack
|
page read and write
|
||
|
1E48C8EB000
|
heap
|
page read and write
|
||
|
1149F9C000
|
stack
|
page read and write
|
||
|
1E48C8A2000
|
heap
|
page read and write
|
||
|
199C2B5D000
|
heap
|
page read and write
|
||
|
1E48D390000
|
heap
|
page read and write
|
||
|
1E48D38F000
|
heap
|
page read and write
|
||
|
8A5FD7B000
|
stack
|
page read and write
|
||
|
3B3B57F000
|
stack
|
page read and write
|
||
|
1A677D45000
|
heap
|
page read and write
|
||
|
24789D00000
|
heap
|
page read and write
|
||
|
1F910300000
|
trusted library allocation
|
page read and write
|
||
|
1F4B7487000
|
heap
|
page read and write
|
||
|
1AFA2659000
|
heap
|
page read and write
|
||
|
1AFA264D000
|
heap
|
page read and write
|
||
|
1F910120000
|
trusted library allocation
|
page read and write
|
||
|
1E48C829000
|
heap
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1E48C879000
|
heap
|
page read and write
|
||
|
1E48C82C000
|
heap
|
page read and write
|
||
|
1F90AC8B000
|
heap
|
page read and write
|
||
|
1AFA2702000
|
heap
|
page read and write
|
||
|
9FD9F7B000
|
stack
|
page read and write
|
||
|
1A677DD8000
|
heap
|
page read and write
|
||
|
1F9102CE000
|
trusted library allocation
|
page read and write
|
||
|
1A677DB0000
|
heap
|
page read and write
|
||
|
1F910506000
|
heap
|
page read and write
|
||
|
3B3B37F000
|
stack
|
page read and write
|
||
|
1F910400000
|
heap
|
page read and write
|
||
|
1E48D379000
|
heap
|
page read and write
|
||
|
664EF7F000
|
unkown
|
page read and write
|
||
|
1F4B748A000
|
heap
|
page read and write
|
||
|
1F90B500000
|
heap
|
page read and write
|
||
|
1E48D3AB000
|
heap
|
page read and write
|
||
|
114A2FE000
|
stack
|
page read and write
|
||
|
8A5FF7B000
|
stack
|
page read and write
|
||
|
1E48D373000
|
heap
|
page read and write
|
||
|
1F90BD60000
|
trusted library section
|
page readonly
|
||
|
1E48C780000
|
heap
|
page read and write
|
||
|
1F4B7487000
|
heap
|
page read and write
|
||
|
1F9103F0000
|
trusted library allocation
|
page read and write
|
||
|
9FD9E7B000
|
stack
|
page read and write
|
||
|
9FDA27F000
|
stack
|
page read and write
|
||
|
1E48C8E2000
|
heap
|
page read and write
|
||
|
1F4B7486000
|
heap
|
page read and write
|
||
|
1F910504000
|
heap
|
page read and write
|
||
|
1F9103D0000
|
trusted library allocation
|
page read and write
|
||
|
664E6AC000
|
stack
|
page read and write
|
||
|
1F9104F8000
|
heap
|
page read and write
|
||
|
1A677DD8000
|
heap
|
page read and write
|
||
|
9FD9D7E000
|
stack
|
page read and write
|
||
|
1F910130000
|
trusted library allocation
|
page read and write
|
||
|
1F4B7220000
|
heap
|
page read and write
|
||
|
664ECF7000
|
stack
|
page read and write
|
||
|
1E48D394000
|
heap
|
page read and write
|
||
|
1AFA2713000
|
heap
|
page read and write
|
||
|
1E48D37C000
|
heap
|
page read and write
|
There are 431 hidden memdumps, click here to show them.