cobaltstrike | f5143400314f9b4f2a39b26af90c3c7eb57ec5235b6553b7c087f4dbf61395d2

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
Size

5.9MB
MD5

58d4b1edd02a7d7e1b06932a67ec3e50
SHA1

9feb03a555d240cb262883ee2280b25293348f15
SHA256

f5143400314f9b4f2a39b26af90c3c7eb57ec5235b6553b7c087f4dbf61395d2
SHA512

2aa1014ce4c87b03d5e82e5e89612d75630cd15adcb59cc9c056e32298249d15e5ffaa4f10307079474c5e5a631b08c03a6bfc9d3fdff71aae4e46f732e171e7
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUu:Q+856utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000a000000023480-6.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348e-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348f-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023490-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000022b20-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000022b23-36.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023406-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023492-63.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023493-67.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023494-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023498-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023499-101.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349b-114.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349c-116.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349a-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023497-95.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023496-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023495-82.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023491-62.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023487-54.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023404-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4868-0-0x00007FF624280000-0x00007FF6245D4000-memory.dmp	xmrig
behavioral2/files/0x000a000000023480-6.dat	xmrig
behavioral2/memory/516-8-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	xmrig
behavioral2/files/0x000700000002348e-11.dat	xmrig
behavioral2/files/0x000700000002348f-10.dat	xmrig
behavioral2/memory/4372-20-0x00007FF785F20000-0x00007FF786274000-memory.dmp	xmrig
behavioral2/memory/4724-14-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023490-23.dat	xmrig
behavioral2/memory/2868-26-0x00007FF679010000-0x00007FF679364000-memory.dmp	xmrig
behavioral2/files/0x0007000000022b20-28.dat	xmrig
behavioral2/files/0x0007000000022b23-36.dat	xmrig
behavioral2/files/0x000d000000023406-46.dat	xmrig
behavioral2/memory/1384-51-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	xmrig
behavioral2/files/0x0007000000023492-63.dat	xmrig
behavioral2/files/0x0007000000023493-67.dat	xmrig
behavioral2/files/0x0007000000023494-74.dat	xmrig
behavioral2/files/0x0007000000023498-94.dat	xmrig
behavioral2/files/0x0007000000023499-101.dat	xmrig
behavioral2/files/0x000700000002349b-114.dat	xmrig
behavioral2/files/0x000700000002349c-116.dat	xmrig
behavioral2/files/0x000700000002349a-109.dat	xmrig
behavioral2/files/0x0007000000023497-95.dat	xmrig
behavioral2/files/0x0007000000023496-90.dat	xmrig
behavioral2/files/0x0007000000023495-82.dat	xmrig
behavioral2/memory/5016-69-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	xmrig
behavioral2/memory/3420-68-0x00007FF769730000-0x00007FF769A84000-memory.dmp	xmrig
behavioral2/memory/5056-66-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023491-62.dat	xmrig
behavioral2/memory/1360-61-0x00007FF746EF0000-0x00007FF747244000-memory.dmp	xmrig
behavioral2/memory/3456-58-0x00007FF703430000-0x00007FF703784000-memory.dmp	xmrig
behavioral2/memory/2420-56-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp	xmrig
behavioral2/files/0x0009000000023487-54.dat	xmrig
behavioral2/files/0x0009000000023404-41.dat	xmrig
behavioral2/memory/2160-30-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	xmrig
behavioral2/memory/4868-119-0x00007FF624280000-0x00007FF6245D4000-memory.dmp	xmrig
behavioral2/memory/4996-120-0x00007FF7322B0000-0x00007FF732604000-memory.dmp	xmrig
behavioral2/memory/2900-121-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp	xmrig
behavioral2/memory/4512-122-0x00007FF6683C0000-0x00007FF668714000-memory.dmp	xmrig
behavioral2/memory/3064-123-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp	xmrig
behavioral2/memory/1676-125-0x00007FF74B4E0000-0x00007FF74B834000-memory.dmp	xmrig
behavioral2/memory/1032-124-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp	xmrig
behavioral2/memory/2224-126-0x00007FF7E12D0000-0x00007FF7E1624000-memory.dmp	xmrig
behavioral2/memory/3536-128-0x00007FF66D850000-0x00007FF66DBA4000-memory.dmp	xmrig
behavioral2/memory/4068-127-0x00007FF623AF0000-0x00007FF623E44000-memory.dmp	xmrig
behavioral2/memory/516-129-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	xmrig
behavioral2/memory/2868-130-0x00007FF679010000-0x00007FF679364000-memory.dmp	xmrig
behavioral2/memory/2160-131-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	xmrig
behavioral2/memory/5056-132-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp	xmrig
behavioral2/memory/3420-133-0x00007FF769730000-0x00007FF769A84000-memory.dmp	xmrig
behavioral2/memory/5016-134-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	xmrig
behavioral2/memory/516-135-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	xmrig
behavioral2/memory/4724-136-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp	xmrig
behavioral2/memory/4372-137-0x00007FF785F20000-0x00007FF786274000-memory.dmp	xmrig
behavioral2/memory/2868-138-0x00007FF679010000-0x00007FF679364000-memory.dmp	xmrig
behavioral2/memory/2160-139-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	xmrig
behavioral2/memory/1384-140-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	xmrig
behavioral2/memory/3456-142-0x00007FF703430000-0x00007FF703784000-memory.dmp	xmrig
behavioral2/memory/1360-141-0x00007FF746EF0000-0x00007FF747244000-memory.dmp	xmrig
behavioral2/memory/2420-143-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp	xmrig
behavioral2/memory/5016-145-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	xmrig
behavioral2/memory/2900-146-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp	xmrig
behavioral2/memory/3420-144-0x00007FF769730000-0x00007FF769A84000-memory.dmp	xmrig
behavioral2/memory/3064-153-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp	xmrig
behavioral2/memory/1032-152-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
516	dhXwvRt.exe
4724	hqbLuwk.exe
4372	gBwGIDk.exe
2868	PBzNnuM.exe
2160	ocABtiM.exe
1384	eIbutRj.exe
2420	JuLrPwR.exe
3456	Hyqkdhf.exe
1360	RZTRGyW.exe
5056	nRqsekO.exe
3420	IpGeQpG.exe
5016	kuLpEWW.exe
4996	nozmpup.exe
2900	TDFcFlu.exe
4512	iZxiyGQ.exe
3064	ZXrpscN.exe
1032	kVoPGRR.exe
1676	peewyCv.exe
2224	WbNmeei.exe
4068	nIyttFc.exe
3536	lhZmUCg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4868-0-0x00007FF624280000-0x00007FF6245D4000-memory.dmp	upx
behavioral2/files/0x000a000000023480-6.dat	upx
behavioral2/memory/516-8-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	upx
behavioral2/files/0x000700000002348e-11.dat	upx
behavioral2/files/0x000700000002348f-10.dat	upx
behavioral2/memory/4372-20-0x00007FF785F20000-0x00007FF786274000-memory.dmp	upx
behavioral2/memory/4724-14-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp	upx
behavioral2/files/0x0007000000023490-23.dat	upx
behavioral2/memory/2868-26-0x00007FF679010000-0x00007FF679364000-memory.dmp	upx
behavioral2/files/0x0007000000022b20-28.dat	upx
behavioral2/files/0x0007000000022b23-36.dat	upx
behavioral2/files/0x000d000000023406-46.dat	upx
behavioral2/memory/1384-51-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	upx
behavioral2/files/0x0007000000023492-63.dat	upx
behavioral2/files/0x0007000000023493-67.dat	upx
behavioral2/files/0x0007000000023494-74.dat	upx
behavioral2/files/0x0007000000023498-94.dat	upx
behavioral2/files/0x0007000000023499-101.dat	upx
behavioral2/files/0x000700000002349b-114.dat	upx
behavioral2/files/0x000700000002349c-116.dat	upx
behavioral2/files/0x000700000002349a-109.dat	upx
behavioral2/files/0x0007000000023497-95.dat	upx
behavioral2/files/0x0007000000023496-90.dat	upx
behavioral2/files/0x0007000000023495-82.dat	upx
behavioral2/memory/5016-69-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	upx
behavioral2/memory/3420-68-0x00007FF769730000-0x00007FF769A84000-memory.dmp	upx
behavioral2/memory/5056-66-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp	upx
behavioral2/files/0x0007000000023491-62.dat	upx
behavioral2/memory/1360-61-0x00007FF746EF0000-0x00007FF747244000-memory.dmp	upx
behavioral2/memory/3456-58-0x00007FF703430000-0x00007FF703784000-memory.dmp	upx
behavioral2/memory/2420-56-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp	upx
behavioral2/files/0x0009000000023487-54.dat	upx
behavioral2/files/0x0009000000023404-41.dat	upx
behavioral2/memory/2160-30-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	upx
behavioral2/memory/4868-119-0x00007FF624280000-0x00007FF6245D4000-memory.dmp	upx
behavioral2/memory/4996-120-0x00007FF7322B0000-0x00007FF732604000-memory.dmp	upx
behavioral2/memory/2900-121-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp	upx
behavioral2/memory/4512-122-0x00007FF6683C0000-0x00007FF668714000-memory.dmp	upx
behavioral2/memory/3064-123-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp	upx
behavioral2/memory/1676-125-0x00007FF74B4E0000-0x00007FF74B834000-memory.dmp	upx
behavioral2/memory/1032-124-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp	upx
behavioral2/memory/2224-126-0x00007FF7E12D0000-0x00007FF7E1624000-memory.dmp	upx
behavioral2/memory/3536-128-0x00007FF66D850000-0x00007FF66DBA4000-memory.dmp	upx
behavioral2/memory/4068-127-0x00007FF623AF0000-0x00007FF623E44000-memory.dmp	upx
behavioral2/memory/516-129-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	upx
behavioral2/memory/2868-130-0x00007FF679010000-0x00007FF679364000-memory.dmp	upx
behavioral2/memory/2160-131-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	upx
behavioral2/memory/5056-132-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp	upx
behavioral2/memory/3420-133-0x00007FF769730000-0x00007FF769A84000-memory.dmp	upx
behavioral2/memory/5016-134-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	upx
behavioral2/memory/516-135-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp	upx
behavioral2/memory/4724-136-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp	upx
behavioral2/memory/4372-137-0x00007FF785F20000-0x00007FF786274000-memory.dmp	upx
behavioral2/memory/2868-138-0x00007FF679010000-0x00007FF679364000-memory.dmp	upx
behavioral2/memory/2160-139-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp	upx
behavioral2/memory/1384-140-0x00007FF746EE0000-0x00007FF747234000-memory.dmp	upx
behavioral2/memory/3456-142-0x00007FF703430000-0x00007FF703784000-memory.dmp	upx
behavioral2/memory/1360-141-0x00007FF746EF0000-0x00007FF747244000-memory.dmp	upx
behavioral2/memory/2420-143-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp	upx
behavioral2/memory/5016-145-0x00007FF653750000-0x00007FF653AA4000-memory.dmp	upx
behavioral2/memory/2900-146-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp	upx
behavioral2/memory/3420-144-0x00007FF769730000-0x00007FF769A84000-memory.dmp	upx
behavioral2/memory/3064-153-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp	upx
behavioral2/memory/1032-152-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\JuLrPwR.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\RZTRGyW.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\nozmpup.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\TDFcFlu.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\iZxiyGQ.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\kVoPGRR.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\ocABtiM.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\gBwGIDk.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\PBzNnuM.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\eIbutRj.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\nRqsekO.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\IpGeQpG.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\peewyCv.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\WbNmeei.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\dhXwvRt.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\Hyqkdhf.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\kuLpEWW.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\ZXrpscN.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\nIyttFc.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\lhZmUCg.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
File created	C:\Windows\System\hqbLuwk.exe	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
Token: SeLockMemoryPrivilege	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 516	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	84
PID 4868 wrote to memory of 516	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	84
PID 4868 wrote to memory of 4724	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 4724	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	86
PID 4868 wrote to memory of 4372	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	87
PID 4868 wrote to memory of 4372	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	87
PID 4868 wrote to memory of 2868	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 2868	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	88
PID 4868 wrote to memory of 2160	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 2160	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	90
PID 4868 wrote to memory of 1384	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 1384	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	91
PID 4868 wrote to memory of 2420	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	92
PID 4868 wrote to memory of 2420	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	92
PID 4868 wrote to memory of 3456	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	93
PID 4868 wrote to memory of 3456	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	93
PID 4868 wrote to memory of 1360	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	94
PID 4868 wrote to memory of 1360	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	94
PID 4868 wrote to memory of 5056	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	95
PID 4868 wrote to memory of 5056	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	95
PID 4868 wrote to memory of 3420	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	96
PID 4868 wrote to memory of 3420	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	96
PID 4868 wrote to memory of 5016	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 5016	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	97
PID 4868 wrote to memory of 4996	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	98
PID 4868 wrote to memory of 4996	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	98
PID 4868 wrote to memory of 2900	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 2900	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	99
PID 4868 wrote to memory of 4512	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	100
PID 4868 wrote to memory of 4512	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	100
PID 4868 wrote to memory of 3064	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 3064	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	101
PID 4868 wrote to memory of 1032	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	102
PID 4868 wrote to memory of 1032	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	102
PID 4868 wrote to memory of 1676	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	103
PID 4868 wrote to memory of 1676	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	103
PID 4868 wrote to memory of 2224	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	104
PID 4868 wrote to memory of 2224	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	104
PID 4868 wrote to memory of 4068	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 4068	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	105
PID 4868 wrote to memory of 3536	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	106
PID 4868 wrote to memory of 3536	4868	58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe	106

C:\Users\Admin\AppData\Local\Temp\58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\58d4b1edd02a7d7e1b06932a67ec3e50_NeikiAnalytics.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\System\dhXwvRt.exe
  C:\Windows\System\dhXwvRt.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\hqbLuwk.exe
  C:\Windows\System\hqbLuwk.exe
  2⤵
  - Executes dropped EXE
  PID:4724
- C:\Windows\System\gBwGIDk.exe
  C:\Windows\System\gBwGIDk.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\PBzNnuM.exe
  C:\Windows\System\PBzNnuM.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\ocABtiM.exe
  C:\Windows\System\ocABtiM.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\eIbutRj.exe
  C:\Windows\System\eIbutRj.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\JuLrPwR.exe
  C:\Windows\System\JuLrPwR.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\Hyqkdhf.exe
  C:\Windows\System\Hyqkdhf.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\RZTRGyW.exe
  C:\Windows\System\RZTRGyW.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\nRqsekO.exe
  C:\Windows\System\nRqsekO.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\IpGeQpG.exe
  C:\Windows\System\IpGeQpG.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\kuLpEWW.exe
  C:\Windows\System\kuLpEWW.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\nozmpup.exe
  C:\Windows\System\nozmpup.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\TDFcFlu.exe
  C:\Windows\System\TDFcFlu.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\iZxiyGQ.exe
  C:\Windows\System\iZxiyGQ.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\ZXrpscN.exe
  C:\Windows\System\ZXrpscN.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\kVoPGRR.exe
  C:\Windows\System\kVoPGRR.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\peewyCv.exe
  C:\Windows\System\peewyCv.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\WbNmeei.exe
  C:\Windows\System\WbNmeei.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\nIyttFc.exe
  C:\Windows\System\nIyttFc.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\lhZmUCg.exe
  C:\Windows\System\lhZmUCg.exe
  2⤵
  - Executes dropped EXE
  PID:3536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\Hyqkdhf.exe

Filesize
5.9MB

MD5
6fdbeed23ca29d80ce606bb3c6bd33de

SHA1
7da363926df6ac345b76f7946eaaebf10411c28e

SHA256
9e60b47dd65399126e5a45f038c92aad47fea3c865494cb7e51842f4109e1802

SHA512
550c2f1b2e527e835d4e5ebf31de26710fc633703cb41b5df093910adb393ec9ee303fbc1738494509d15362ef767b21a13933072f887b4cf9a1ccd6dc904792

Download Submit
C:\Windows\System\IpGeQpG.exe

Filesize
5.9MB

MD5
244199e967e540d47ccf6e47f3d37d31

SHA1
b3f225c20a68df37fdccecf7c9866ff1f98e23b7

SHA256
f831f8a2ebe201279645813d8db83f10a1afff2db1f6f84c8f797e588f6d6851

SHA512
6aad81fd714081223087fc6b092d0f1278ca5c71771a3979098dcec7911d17b6d5e462622acd2a9afd64e999357f37eb16f7441f8afbccdf4a3b9f0f95a84545

Download Submit
C:\Windows\System\JuLrPwR.exe

Filesize
5.9MB

MD5
dac831005c4d95fe4df2f2daa0630472

SHA1
9eb213682c5c94f880492ee59634bd4757cbbac0

SHA256
90419b7bca21d22a4136104df7d770542b496001d3f78ea964ff98b26d8eaa15

SHA512
24e69e473246ac2b0d9349d8ac40cdd7b3b884fd0a779d29e20d164d55d10a3ab5476994801e1bc0939a39cfea798796a1fe1048d65023babb179ca004a907b1

Download Submit
C:\Windows\System\PBzNnuM.exe

Filesize
5.9MB

MD5
674677d396ecd42cb38a032a27c118d2

SHA1
5c18d1d2e6669dff6996ef93a680322b7e8c2f38

SHA256
ce994b0f48c0100b80d3de2b4976b223ff1eef0ac354b130369a16b8395a41f4

SHA512
d0a5288055fb13858539a5578c08a47be10aa05a76406732ccb55e3dde30d3579c7fb0bc4cd913ce0213369b38d225af6042a16246f3d17407401a0c136c176e

Download Submit
C:\Windows\System\RZTRGyW.exe

Filesize
5.9MB

MD5
2aa9c0621c5db156043aa380ee936a77

SHA1
e32f754a80c0e85abcf50206052352eb0f953686

SHA256
c2a485f7d1d0de65729f5642c06c95365baafd4e56fc582a5380f93fd858a794

SHA512
3f072f599aa1bfec88bad8771bc6f22b209c1f35e0c98cfb1315781a0e12d0ce706059db03e0cc7c9a5de90228489d880dd9d545fe8b3c88d52a53d9ef222aee

Download Submit
C:\Windows\System\TDFcFlu.exe

Filesize
5.9MB

MD5
6a0ae0ccdeb477bcc593a6bdedd0efab

SHA1
74de478fb63fa8ac6ecd8ccbaeb4809ab4d7c58e

SHA256
f59d7f0b651c90e905db7f16275bc3fb7e486c023c136fdc6f721f4e1ad960db

SHA512
5fe1ac4a6a0a41eba5e8df2a54e051cc2e5a294158007f160da28a4993e9b31151eaf7cdf186d2cc20cd7a98157feb3a5e5a3a5548577c721c1809860bb5ad8e

Download Submit
C:\Windows\System\WbNmeei.exe

Filesize
5.9MB

MD5
c8cc7e99b6d12256f91ef1dd856d633b

SHA1
f6ab0888f3c925bec711f4e0767941c9219d2d9d

SHA256
d3c23c7fb10ea5ed884e71b51819c955459366cfe83ed737f2a2e261ce85b3c7

SHA512
aaf4f0c45190dc86c74123cefa5e08b81b3d096b50318688323d899f7c021b56e75f60cd93e27c8ae4483fb999e34387e01ae832e310246e5591d1c317f9186a

Download Submit
C:\Windows\System\ZXrpscN.exe

Filesize
5.9MB

MD5
afec2c79e2b9287c42696bb85fe5edeb

SHA1
6b04fc39db9011c3d67c1773f29d06cd9cff11ea

SHA256
18240b26cb7d2355aec01ec5c9111aed09e5e725ebc7c150c420b14712d862c5

SHA512
d732263e6a2ef898ee3709b885abada1495ba6226eb618c3513d1f34f83be9b629f54f99f77e5fb3b28947598d09813f828262df12e5b9c2fd8084828e307f1b

Download Submit
C:\Windows\System\dhXwvRt.exe

Filesize
5.9MB

MD5
f891cab3d41a7b79a9a2b11f597f5496

SHA1
29b414dee3738367ae01a84ab651d12d708786cf

SHA256
fe214d91f7eed7e0301750c0067a0b9a93b1c0e9d2b532620a615d877583938a

SHA512
1e7f61d361837fd20a3736b3388fbcf2982d2d7350e47910c1c01785215e7ef5089bf3cf4100675179fc884213a6d5cf4c7ffe137beae1fca56db7bbf203e784

Download Submit
C:\Windows\System\eIbutRj.exe

Filesize
5.9MB

MD5
ac5393bafe1942431bd0e23bb1050282

SHA1
bda9d1077d8016668dc9cc6fc573bb5b4fd0a8bb

SHA256
975add307ea7d4a9e206aedc4ec28d85fdf71a476a082a9851185c33e8dd8d8a

SHA512
4062c2fefb085be35a346a23c0a0bd412fda1ce388ce2f678168e90acb119304b4ad3246cd6b5c184954adb37d7dcf171a3ad0febefaa6229783765e6ab54fe1

Download Submit
C:\Windows\System\gBwGIDk.exe

Filesize
5.9MB

MD5
122dc3c91f200bea6cfe816d17970101

SHA1
2714d680000dc028663084b1e131921075c7f01c

SHA256
4c5acbadc9402266ce3bf65eaef0be59dae5e9d338f3df233323b5f155e9f161

SHA512
050025062d457f56ec675c4670a0de41d02d37715c4a6b613427e13b694a78aaaee5c1997c49acc180e028479423e976a596a177f86b6137a89b86c530350f1c

Download Submit
C:\Windows\System\hqbLuwk.exe

Filesize
5.9MB

MD5
da475edc8d637188e1fe292fb68b4e2b

SHA1
466fed24cff5225be25aff16f2536ac7c38c586d

SHA256
0b97afa1b916f945c95564a086a0ecebf418b834577b07b7930c1ba1cdf5a1b3

SHA512
a708b04b89f696be8634d0a572f3e01fc22eba516c4bab29a7552ce6a5fd49d63e21e3ca812f70da8f55c262319db8d20ca3a44d64b158e91bea7daa2c8f90fa

Download Submit
C:\Windows\System\iZxiyGQ.exe

Filesize
5.9MB

MD5
0fdc48eddc7f92e4dfb93c63072ebfda

SHA1
2bb373457dc61864601a4ab855056cac51b9792f

SHA256
f675dca4f76ecb6c012ebce304e9ea82380fb5d028232fc052abc9a5c6dd2cde

SHA512
a73c4721e258caa715e7f87f216c3f5859635ad5549af515668880a99289aea44c63a0f473e64bb0753629b28c6c2e570b46afe724b3a2914fbe1f2534b99526

Download Submit
C:\Windows\System\kVoPGRR.exe

Filesize
5.9MB

MD5
69c85b0e5527129c03ce78fb15f2b3c9

SHA1
fc5b4ed2ac57d3f05d8492c740ae4224afa16b63

SHA256
058e6c1e7bc64b96ed3ae079c70cd69266cf1bca08f28a2b47275408755e2905

SHA512
76c0d24be25f1cfafb71c327892ea0620ec4bd961d9412860816ef0885d200b2f5ce9d512a5ab01fafa4a7105ffdeaa63ab2d94c76c244da673aacb40c8e84ac

Download Submit
C:\Windows\System\kuLpEWW.exe

Filesize
5.9MB

MD5
0a0080ec9352c46ae8b5f481ea824bd7

SHA1
a523d6bae004a9622373c0013777e3c52276d88b

SHA256
60c3ac00c41a90a91896f81cc57d3ae4b0bfa49831e3b3fca738f3981ade7c35

SHA512
acaeda0d3cec8541cee579c1ca3ac30c75fc62a22c427fe3f6cbf3c36b25dfff05ceee2ef86a3813b7c507fc12542ca7de173b417f495cd39a9e695e416348eb

Download Submit
C:\Windows\System\lhZmUCg.exe

Filesize
5.9MB

MD5
0ceb56cec146b8e2b208bcfbcc3d9a39

SHA1
c46757ddff723837b9ae274ecced70a8dfd79b6e

SHA256
8e5ca5f3b87104696a1c3e9861842a9141f0cad4d07d84ca9d37db62dc8744cc

SHA512
0d5834fa8fe06f46c7c4e0318805ac9889dd2838c3ea5448e54acdd1859f3765caa1a919e38fd1704ab02eae987cfb6b3159d53fc4afb80a3ec666ebca8a7b4d

Download Submit
C:\Windows\System\nIyttFc.exe

Filesize
5.9MB

MD5
21dc35f6038eccb92237d266901d3958

SHA1
9222f45d91ef20dad98f3d98a1df298b847b757d

SHA256
2e8a1d3e92d9e6037cb4e9c2560933e4183f2c9bf6d922c3c6b35c2cf4885237

SHA512
25a57e0caaf66115b5b2056c0e1e3b5d1c30758d4a2af0486ff5a6710b00be8267087e64ffbc284669d591d646ffa5af4dec1c79d000b664ea665e41787dc26b

Download Submit
C:\Windows\System\nRqsekO.exe

Filesize
5.9MB

MD5
848674b12e73b1ddf1d68185394e95e2

SHA1
33846e0fe5a5b10015bd0f3a09ac6352d47dcb51

SHA256
82f1386e8e3d418b08de1817a3e4eeb6ae4c319f1ecb3a5464a8325edd4e3bd8

SHA512
187594ed8ab88d9170fa503d7acf1fb38f7f32b9c3a1b17b04165840d087d691d48a282aa7d708c76e6a2abc52639173a584537d9aad0ac62e08ef99ad7b4485

Download Submit
C:\Windows\System\nozmpup.exe

Filesize
5.9MB

MD5
d527c221bb28ab466ea71456102ec238

SHA1
4ae6aac62e26f232f3d48a291265aa9c963ba370

SHA256
76e9f53b7a67eae6efa7f43f7ee71f2b13b322dba7cc4a23341beadd012d7c5f

SHA512
bea7df6c73f39e287d8a0c3a700d6220392f9dc3ccd738aa1d39f20f0630071a1c3291fb5c08b699755f7f4e467a3870d69198a1e672c013f4bd556f75bc7944

Download Submit
C:\Windows\System\ocABtiM.exe

Filesize
5.9MB

MD5
c6b7124388df9c32f73fcfe72c44dc5d

SHA1
f51d53c1d5dd8d878f95f9743dbdd0589199be09

SHA256
fc6c1fc2935560e8505deccacccf8ece5ce27a0dbc3c4fdc4588364fd92577db

SHA512
eef85f93eb60c9c4def7bb82d8a3bec08582a3e51f0d8c9a32f1ec0535d3aaf4eb246f3907bd6d07f5689afe547778e12987067e5ead1633fabcd47869796242

Download Submit
C:\Windows\System\peewyCv.exe

Filesize
5.9MB

MD5
c8eaa66ecb1858696801400cbe8fe8d8

SHA1
f7267a57b927e54149974a26e517722f082f73c7

SHA256
3fbfbd22b2b6b8b4259294f474dbc8dc6b0a8aff404163468ebbf92ffbd3f9b4

SHA512
ee1eaeffe51ac946ecd45ec612cd83d7ede4b701f1c4984617ed4d49eb3996aafa50b839f034b97a69aebc4a6966e9296ea0325de8c9e0a72095cc2b9988205a

Download Submit
memory/516-129-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/516-8-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/516-135-0x00007FF7BA160000-0x00007FF7BA4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-152-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp

Filesize
3.3MB

Download
memory/1032-124-0x00007FF7AA920000-0x00007FF7AAC74000-memory.dmp

Filesize
3.3MB

Download
memory/1360-141-0x00007FF746EF0000-0x00007FF747244000-memory.dmp

Filesize
3.3MB

Download
memory/1360-61-0x00007FF746EF0000-0x00007FF747244000-memory.dmp

Filesize
3.3MB

Download
memory/1384-140-0x00007FF746EE0000-0x00007FF747234000-memory.dmp

Filesize
3.3MB

Download
memory/1384-51-0x00007FF746EE0000-0x00007FF747234000-memory.dmp

Filesize
3.3MB

Download
memory/1676-151-0x00007FF74B4E0000-0x00007FF74B834000-memory.dmp

Filesize
3.3MB

Download
memory/1676-125-0x00007FF74B4E0000-0x00007FF74B834000-memory.dmp

Filesize
3.3MB

Download
memory/2160-139-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-30-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-131-0x00007FF661DA0000-0x00007FF6620F4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-126-0x00007FF7E12D0000-0x00007FF7E1624000-memory.dmp

Filesize
3.3MB

Download
memory/2224-150-0x00007FF7E12D0000-0x00007FF7E1624000-memory.dmp

Filesize
3.3MB

Download
memory/2420-56-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp

Filesize
3.3MB

Download
memory/2420-143-0x00007FF6A6B20000-0x00007FF6A6E74000-memory.dmp

Filesize
3.3MB

Download
memory/2868-138-0x00007FF679010000-0x00007FF679364000-memory.dmp

Filesize
3.3MB

Download
memory/2868-130-0x00007FF679010000-0x00007FF679364000-memory.dmp

Filesize
3.3MB

Download
memory/2868-26-0x00007FF679010000-0x00007FF679364000-memory.dmp

Filesize
3.3MB

Download
memory/2900-146-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp

Filesize
3.3MB

Download
memory/2900-121-0x00007FF62F1F0000-0x00007FF62F544000-memory.dmp

Filesize
3.3MB

Download
memory/3064-123-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp

Filesize
3.3MB

Download
memory/3064-153-0x00007FF76A910000-0x00007FF76AC64000-memory.dmp

Filesize
3.3MB

Download
memory/3420-133-0x00007FF769730000-0x00007FF769A84000-memory.dmp

Filesize
3.3MB

Download
memory/3420-68-0x00007FF769730000-0x00007FF769A84000-memory.dmp

Filesize
3.3MB

Download
memory/3420-144-0x00007FF769730000-0x00007FF769A84000-memory.dmp

Filesize
3.3MB

Download
memory/3456-142-0x00007FF703430000-0x00007FF703784000-memory.dmp

Filesize
3.3MB

Download
memory/3456-58-0x00007FF703430000-0x00007FF703784000-memory.dmp

Filesize
3.3MB

Download
memory/3536-147-0x00007FF66D850000-0x00007FF66DBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3536-128-0x00007FF66D850000-0x00007FF66DBA4000-memory.dmp

Filesize
3.3MB

Download
memory/4068-127-0x00007FF623AF0000-0x00007FF623E44000-memory.dmp

Filesize
3.3MB

Download
memory/4068-149-0x00007FF623AF0000-0x00007FF623E44000-memory.dmp

Filesize
3.3MB

Download
memory/4372-137-0x00007FF785F20000-0x00007FF786274000-memory.dmp

Filesize
3.3MB

Download
memory/4372-20-0x00007FF785F20000-0x00007FF786274000-memory.dmp

Filesize
3.3MB

Download
memory/4512-154-0x00007FF6683C0000-0x00007FF668714000-memory.dmp

Filesize
3.3MB

Download
memory/4512-122-0x00007FF6683C0000-0x00007FF668714000-memory.dmp

Filesize
3.3MB

Download
memory/4724-14-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4724-136-0x00007FF66A150000-0x00007FF66A4A4000-memory.dmp

Filesize
3.3MB

Download
memory/4868-0-0x00007FF624280000-0x00007FF6245D4000-memory.dmp

Filesize
3.3MB

Download
memory/4868-1-0x000001F9939A0000-0x000001F9939B0000-memory.dmp

Filesize
64KB

Download
memory/4868-119-0x00007FF624280000-0x00007FF6245D4000-memory.dmp

Filesize
3.3MB

Download
memory/4996-148-0x00007FF7322B0000-0x00007FF732604000-memory.dmp

Filesize
3.3MB

Download
memory/4996-120-0x00007FF7322B0000-0x00007FF732604000-memory.dmp

Filesize
3.3MB

Download
memory/5016-145-0x00007FF653750000-0x00007FF653AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-69-0x00007FF653750000-0x00007FF653AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5016-134-0x00007FF653750000-0x00007FF653AA4000-memory.dmp

Filesize
3.3MB

Download
memory/5056-66-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp

Filesize
3.3MB

Download
memory/5056-132-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp

Filesize
3.3MB

Download
memory/5056-155-0x00007FF7EF020000-0x00007FF7EF374000-memory.dmp

Filesize
3.3MB

Download