cobaltstrike | a86ca2cbe4d7aa310b91cc4009003f57fd801c272cec2fa1fd204ba9b92ee378

Analysis

max time kernel
117s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 02:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2670489bd08d6f791498818f261c6610N.exe
Size

5.2MB
MD5

2670489bd08d6f791498818f261c6610
SHA1

03659c553706b42077e90013af5abf73671be4f1
SHA256

a86ca2cbe4d7aa310b91cc4009003f57fd801c272cec2fa1fd204ba9b92ee378
SHA512

120e19acf55914ee37b62f4335b5d6a147cad60e26f34706252c42d4bc45d0946b28322179691761ba72949a66dd5d3d63ef824ed30d3cc08e9470a400a3d168
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lw:RWWBibf56utgpPFotBER/mQ32lUc

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023412-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023416-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023417-15.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023418-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023419-28.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002341b-32.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023413-39.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002341c-53.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023421-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023422-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023423-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023426-104.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023427-114.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023429-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023428-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023424-110.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023425-108.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002341f-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023420-65.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002341e-62.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002341d-68.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/4860-130-0x00007FF671950000-0x00007FF671CA1000-memory.dmp	xmrig
behavioral2/memory/3416-119-0x00007FF718610000-0x00007FF718961000-memory.dmp	xmrig
behavioral2/memory/4484-115-0x00007FF6F29A0000-0x00007FF6F2CF1000-memory.dmp	xmrig
behavioral2/memory/4352-102-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp	xmrig
behavioral2/memory/4680-105-0x00007FF6AC720000-0x00007FF6ACA71000-memory.dmp	xmrig
behavioral2/memory/2820-87-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp	xmrig
behavioral2/memory/2200-83-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp	xmrig
behavioral2/memory/4084-78-0x00007FF6F5190000-0x00007FF6F54E1000-memory.dmp	xmrig
behavioral2/memory/184-77-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	xmrig
behavioral2/memory/184-134-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	xmrig
behavioral2/memory/4464-142-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp	xmrig
behavioral2/memory/4964-145-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp	xmrig
behavioral2/memory/2316-144-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp	xmrig
behavioral2/memory/3032-143-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp	xmrig
behavioral2/memory/3464-141-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp	xmrig
behavioral2/memory/1464-152-0x00007FF738890000-0x00007FF738BE1000-memory.dmp	xmrig
behavioral2/memory/2952-153-0x00007FF690500000-0x00007FF690851000-memory.dmp	xmrig
behavioral2/memory/1976-154-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp	xmrig
behavioral2/memory/2604-149-0x00007FF68C320000-0x00007FF68C671000-memory.dmp	xmrig
behavioral2/memory/3808-148-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp	xmrig
behavioral2/memory/2996-146-0x00007FF647EE0000-0x00007FF648231000-memory.dmp	xmrig
behavioral2/memory/2968-155-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp	xmrig
behavioral2/memory/2424-156-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp	xmrig
behavioral2/memory/184-157-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	xmrig
behavioral2/memory/2200-208-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp	xmrig
behavioral2/memory/2820-210-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp	xmrig
behavioral2/memory/3416-213-0x00007FF718610000-0x00007FF718961000-memory.dmp	xmrig
behavioral2/memory/4352-214-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp	xmrig
behavioral2/memory/4860-225-0x00007FF671950000-0x00007FF671CA1000-memory.dmp	xmrig
behavioral2/memory/2316-227-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp	xmrig
behavioral2/memory/3464-229-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp	xmrig
behavioral2/memory/4464-231-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp	xmrig
behavioral2/memory/4964-233-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp	xmrig
behavioral2/memory/4084-235-0x00007FF6F5190000-0x00007FF6F54E1000-memory.dmp	xmrig
behavioral2/memory/3032-237-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp	xmrig
behavioral2/memory/2996-246-0x00007FF647EE0000-0x00007FF648231000-memory.dmp	xmrig
behavioral2/memory/2604-249-0x00007FF68C320000-0x00007FF68C671000-memory.dmp	xmrig
behavioral2/memory/3808-250-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp	xmrig
behavioral2/memory/4680-252-0x00007FF6AC720000-0x00007FF6ACA71000-memory.dmp	xmrig
behavioral2/memory/4484-254-0x00007FF6F29A0000-0x00007FF6F2CF1000-memory.dmp	xmrig
behavioral2/memory/1464-256-0x00007FF738890000-0x00007FF738BE1000-memory.dmp	xmrig
behavioral2/memory/1976-258-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp	xmrig
behavioral2/memory/2968-260-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp	xmrig
behavioral2/memory/2952-262-0x00007FF690500000-0x00007FF690851000-memory.dmp	xmrig
behavioral2/memory/2424-265-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2200	ocyNTAu.exe
2820	oDfdJeP.exe
4352	lQRPSni.exe
3416	BkRwtuR.exe
4860	NHzHdms.exe
2316	CUMbGPW.exe
3464	yIwbNuj.exe
4464	IGZRSpz.exe
3032	lGSNgVD.exe
4964	nngAyZG.exe
2996	GkvMaSr.exe
4084	SfETWMU.exe
3808	nZbmnwr.exe
2604	ggncWpB.exe
4680	ChyUldm.exe
4484	CjtPvIi.exe
1464	VeaxYSE.exe
2952	bbeklow.exe
1976	icsPpPj.exe
2968	iSSfxHG.exe
2424	IAvDBCr.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/184-0-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	upx
behavioral2/files/0x0008000000023412-4.dat	upx
behavioral2/memory/2200-7-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp	upx
behavioral2/files/0x0007000000023416-11.dat	upx
behavioral2/files/0x0007000000023417-15.dat	upx
behavioral2/memory/3416-24-0x00007FF718610000-0x00007FF718961000-memory.dmp	upx
behavioral2/files/0x0007000000023418-25.dat	upx
behavioral2/memory/4352-20-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp	upx
behavioral2/memory/2820-14-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp	upx
behavioral2/files/0x0007000000023419-28.dat	upx
behavioral2/files/0x000700000002341b-32.dat	upx
behavioral2/files/0x0008000000023413-39.dat	upx
behavioral2/files/0x000700000002341c-53.dat	upx
behavioral2/memory/3032-66-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp	upx
behavioral2/files/0x0007000000023421-76.dat	upx
behavioral2/files/0x0007000000023422-81.dat	upx
behavioral2/memory/2604-86-0x00007FF68C320000-0x00007FF68C671000-memory.dmp	upx
behavioral2/files/0x0007000000023423-99.dat	upx
behavioral2/files/0x0007000000023426-104.dat	upx
behavioral2/files/0x0007000000023427-114.dat	upx
behavioral2/memory/2968-129-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp	upx
behavioral2/memory/2424-132-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp	upx
behavioral2/files/0x0007000000023429-131.dat	upx
behavioral2/memory/4860-130-0x00007FF671950000-0x00007FF671CA1000-memory.dmp	upx
behavioral2/files/0x0007000000023428-125.dat	upx
behavioral2/memory/1976-124-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp	upx
behavioral2/memory/2952-120-0x00007FF690500000-0x00007FF690851000-memory.dmp	upx
behavioral2/memory/3416-119-0x00007FF718610000-0x00007FF718961000-memory.dmp	upx
behavioral2/memory/4484-115-0x00007FF6F29A0000-0x00007FF6F2CF1000-memory.dmp	upx
behavioral2/files/0x0007000000023424-110.dat	upx
behavioral2/files/0x0007000000023425-108.dat	upx
behavioral2/memory/1464-106-0x00007FF738890000-0x00007FF738BE1000-memory.dmp	upx
behavioral2/memory/4352-102-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp	upx
behavioral2/memory/4680-105-0x00007FF6AC720000-0x00007FF6ACA71000-memory.dmp	upx
behavioral2/memory/2820-87-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp	upx
behavioral2/memory/2200-83-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp	upx
behavioral2/memory/3808-82-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp	upx
behavioral2/files/0x000700000002341f-79.dat	upx
behavioral2/memory/4084-78-0x00007FF6F5190000-0x00007FF6F54E1000-memory.dmp	upx
behavioral2/memory/184-77-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	upx
behavioral2/memory/2996-72-0x00007FF647EE0000-0x00007FF648231000-memory.dmp	upx
behavioral2/files/0x0007000000023420-65.dat	upx
behavioral2/files/0x000700000002341e-62.dat	upx
behavioral2/files/0x000700000002341d-68.dat	upx
behavioral2/memory/4964-59-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp	upx
behavioral2/memory/4464-51-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp	upx
behavioral2/memory/3464-46-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp	upx
behavioral2/memory/2316-34-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp	upx
behavioral2/memory/4860-31-0x00007FF671950000-0x00007FF671CA1000-memory.dmp	upx
behavioral2/memory/184-134-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	upx
behavioral2/memory/4464-142-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp	upx
behavioral2/memory/4964-145-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp	upx
behavioral2/memory/2316-144-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp	upx
behavioral2/memory/3032-143-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp	upx
behavioral2/memory/3464-141-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp	upx
behavioral2/memory/1464-152-0x00007FF738890000-0x00007FF738BE1000-memory.dmp	upx
behavioral2/memory/2952-153-0x00007FF690500000-0x00007FF690851000-memory.dmp	upx
behavioral2/memory/1976-154-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp	upx
behavioral2/memory/2604-149-0x00007FF68C320000-0x00007FF68C671000-memory.dmp	upx
behavioral2/memory/3808-148-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp	upx
behavioral2/memory/2996-146-0x00007FF647EE0000-0x00007FF648231000-memory.dmp	upx
behavioral2/memory/2968-155-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp	upx
behavioral2/memory/2424-156-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp	upx
behavioral2/memory/184-157-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\ocyNTAu.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\yIwbNuj.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\nngAyZG.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\VeaxYSE.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\NHzHdms.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\CUMbGPW.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\SfETWMU.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\nZbmnwr.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\ChyUldm.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\bbeklow.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\iSSfxHG.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\IAvDBCr.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\IGZRSpz.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\lGSNgVD.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\ggncWpB.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\CjtPvIi.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\oDfdJeP.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\lQRPSni.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\BkRwtuR.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\GkvMaSr.exe	2670489bd08d6f791498818f261c6610N.exe
File created	C:\Windows\System\icsPpPj.exe	2670489bd08d6f791498818f261c6610N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	184	2670489bd08d6f791498818f261c6610N.exe
Token: SeLockMemoryPrivilege	184	2670489bd08d6f791498818f261c6610N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 184 wrote to memory of 2200	184	2670489bd08d6f791498818f261c6610N.exe	85
PID 184 wrote to memory of 2200	184	2670489bd08d6f791498818f261c6610N.exe	85
PID 184 wrote to memory of 2820	184	2670489bd08d6f791498818f261c6610N.exe	86
PID 184 wrote to memory of 2820	184	2670489bd08d6f791498818f261c6610N.exe	86
PID 184 wrote to memory of 4352	184	2670489bd08d6f791498818f261c6610N.exe	87
PID 184 wrote to memory of 4352	184	2670489bd08d6f791498818f261c6610N.exe	87
PID 184 wrote to memory of 3416	184	2670489bd08d6f791498818f261c6610N.exe	88
PID 184 wrote to memory of 3416	184	2670489bd08d6f791498818f261c6610N.exe	88
PID 184 wrote to memory of 4860	184	2670489bd08d6f791498818f261c6610N.exe	89
PID 184 wrote to memory of 4860	184	2670489bd08d6f791498818f261c6610N.exe	89
PID 184 wrote to memory of 2316	184	2670489bd08d6f791498818f261c6610N.exe	92
PID 184 wrote to memory of 2316	184	2670489bd08d6f791498818f261c6610N.exe	92
PID 184 wrote to memory of 3464	184	2670489bd08d6f791498818f261c6610N.exe	93
PID 184 wrote to memory of 3464	184	2670489bd08d6f791498818f261c6610N.exe	93
PID 184 wrote to memory of 4464	184	2670489bd08d6f791498818f261c6610N.exe	94
PID 184 wrote to memory of 4464	184	2670489bd08d6f791498818f261c6610N.exe	94
PID 184 wrote to memory of 3032	184	2670489bd08d6f791498818f261c6610N.exe	95
PID 184 wrote to memory of 3032	184	2670489bd08d6f791498818f261c6610N.exe	95
PID 184 wrote to memory of 4964	184	2670489bd08d6f791498818f261c6610N.exe	97
PID 184 wrote to memory of 4964	184	2670489bd08d6f791498818f261c6610N.exe	97
PID 184 wrote to memory of 2996	184	2670489bd08d6f791498818f261c6610N.exe	98
PID 184 wrote to memory of 2996	184	2670489bd08d6f791498818f261c6610N.exe	98
PID 184 wrote to memory of 4084	184	2670489bd08d6f791498818f261c6610N.exe	99
PID 184 wrote to memory of 4084	184	2670489bd08d6f791498818f261c6610N.exe	99
PID 184 wrote to memory of 3808	184	2670489bd08d6f791498818f261c6610N.exe	101
PID 184 wrote to memory of 3808	184	2670489bd08d6f791498818f261c6610N.exe	101
PID 184 wrote to memory of 2604	184	2670489bd08d6f791498818f261c6610N.exe	102
PID 184 wrote to memory of 2604	184	2670489bd08d6f791498818f261c6610N.exe	102
PID 184 wrote to memory of 4680	184	2670489bd08d6f791498818f261c6610N.exe	103
PID 184 wrote to memory of 4680	184	2670489bd08d6f791498818f261c6610N.exe	103
PID 184 wrote to memory of 4484	184	2670489bd08d6f791498818f261c6610N.exe	104
PID 184 wrote to memory of 4484	184	2670489bd08d6f791498818f261c6610N.exe	104
PID 184 wrote to memory of 1464	184	2670489bd08d6f791498818f261c6610N.exe	105
PID 184 wrote to memory of 1464	184	2670489bd08d6f791498818f261c6610N.exe	105
PID 184 wrote to memory of 2952	184	2670489bd08d6f791498818f261c6610N.exe	106
PID 184 wrote to memory of 2952	184	2670489bd08d6f791498818f261c6610N.exe	106
PID 184 wrote to memory of 1976	184	2670489bd08d6f791498818f261c6610N.exe	107
PID 184 wrote to memory of 1976	184	2670489bd08d6f791498818f261c6610N.exe	107
PID 184 wrote to memory of 2968	184	2670489bd08d6f791498818f261c6610N.exe	108
PID 184 wrote to memory of 2968	184	2670489bd08d6f791498818f261c6610N.exe	108
PID 184 wrote to memory of 2424	184	2670489bd08d6f791498818f261c6610N.exe	109
PID 184 wrote to memory of 2424	184	2670489bd08d6f791498818f261c6610N.exe	109

C:\Users\Admin\AppData\Local\Temp\2670489bd08d6f791498818f261c6610N.exe
"C:\Users\Admin\AppData\Local\Temp\2670489bd08d6f791498818f261c6610N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:184
- C:\Windows\System\ocyNTAu.exe
  C:\Windows\System\ocyNTAu.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\oDfdJeP.exe
  C:\Windows\System\oDfdJeP.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\lQRPSni.exe
  C:\Windows\System\lQRPSni.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\BkRwtuR.exe
  C:\Windows\System\BkRwtuR.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\NHzHdms.exe
  C:\Windows\System\NHzHdms.exe
  2⤵
  - Executes dropped EXE
  PID:4860
- C:\Windows\System\CUMbGPW.exe
  C:\Windows\System\CUMbGPW.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\yIwbNuj.exe
  C:\Windows\System\yIwbNuj.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\IGZRSpz.exe
  C:\Windows\System\IGZRSpz.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\lGSNgVD.exe
  C:\Windows\System\lGSNgVD.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\nngAyZG.exe
  C:\Windows\System\nngAyZG.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\GkvMaSr.exe
  C:\Windows\System\GkvMaSr.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\SfETWMU.exe
  C:\Windows\System\SfETWMU.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\nZbmnwr.exe
  C:\Windows\System\nZbmnwr.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\ggncWpB.exe
  C:\Windows\System\ggncWpB.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ChyUldm.exe
  C:\Windows\System\ChyUldm.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\CjtPvIi.exe
  C:\Windows\System\CjtPvIi.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\VeaxYSE.exe
  C:\Windows\System\VeaxYSE.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\bbeklow.exe
  C:\Windows\System\bbeklow.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\icsPpPj.exe
  C:\Windows\System\icsPpPj.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\iSSfxHG.exe
  C:\Windows\System\iSSfxHG.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\IAvDBCr.exe
  C:\Windows\System\IAvDBCr.exe
  2⤵
  - Executes dropped EXE
  PID:2424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BkRwtuR.exe

Filesize
5.2MB

MD5
91b293a571e75db2ecac9f89923c776e

SHA1
536e7192be49bfe4214bcb151e7476cb70436eb8

SHA256
d9f7038b09ffe57d7b72e7dcf9d6a371feaf8c8636a438f938e79f726673bba9

SHA512
8c36078bd192af9dc84e1346c1eb74fb82e959b07b3ce26e412f4c633628e4594445996f221631e2ae3cf46fe8b27dfea81d9cf45bc46bcf6aaabdba8a8abe05

Download Submit
C:\Windows\System\CUMbGPW.exe

Filesize
5.2MB

MD5
4a46bd95d2dae7759880a33b776e4f17

SHA1
3db1cbda42a11ac4f6f89de77b87c7ad693f0505

SHA256
f34c6ea11c336fdaeac5a8410f23eed7a9a50a4fcc6709756a2d9e13ac36a32e

SHA512
19cfd24f60297f795562d46c1562f1d8941488b0dcb50ed38a4bab97c510638d6aac41cfe450c425896b877d3a6dd7a2bf2364da28fd0127f899cf19e779fad2

Download Submit
C:\Windows\System\ChyUldm.exe

Filesize
5.2MB

MD5
5989035540f2b878048034b6862214cd

SHA1
9f64999325e6b97b7e081eff206ae39b08c19006

SHA256
41581846bf675ad17b0e17ff838edefd78374abbd4ea2f46ea394190e4dda551

SHA512
f1c75e2f460be239853c2e12e2c83bb188bf7777b72393ffcff9da77d5ae7757d88e3222ad6ea5bca62a4a6f9446faacd2d099d9ecdee7bfc8e44a47e302812d

Download Submit
C:\Windows\System\CjtPvIi.exe

Filesize
5.2MB

MD5
dc6eb26874e3b2f4e654e0c1e2679461

SHA1
7bc6a6bd0ca15d6ccb95cf080e40522ca51b5b6d

SHA256
b14b24f354ab30868c89de349351f73ccfb684e709e120e40c622ae6cc74f2b5

SHA512
a93283ab65486b17838dd6451b4285987d9e468e08b019d9ab420be4cf3c6bcabaef8fa1e9eaf0106036757db87a303452bf724d0965d086f0b0539192120e6d

Download Submit
C:\Windows\System\GkvMaSr.exe

Filesize
5.2MB

MD5
c41e16a36d51a0f4232200540fd37221

SHA1
0147a2bd80e1aaa7377c1cf8879551b230568b9c

SHA256
30c1f004dd3fc1a05a73b4ccbfdf20e18de85e2e02d235b5339315a0a6dfe7ec

SHA512
eb82d6be4e8055a0752ebd8268f2ab089c0f64b56c54615119cfc44f6001da205059ec9dca56eedf5c225d981fa0300f6677f73b9c6c6f08a08d89743ac2a690

Download Submit
C:\Windows\System\IAvDBCr.exe

Filesize
5.2MB

MD5
1a5a9cad6d3d98c24c8133c0f03bfa62

SHA1
dc114fc803f34832d61ee24c67d561fa761d0810

SHA256
85c44e1f0526c175d9321f6e154af673f04acfa3e4f35a65767d940415cb0ea9

SHA512
c8c8c269f756661ead287bfe7edb5242ab061849cedcb44d0074e40ed13b585d3db8e034131345c248b954aca93a5429ca251fd6063dbf706e1d2db170b7afa7

Download Submit
C:\Windows\System\IGZRSpz.exe

Filesize
5.2MB

MD5
6ef7868cc678b0cbdc220684ee34da09

SHA1
ea5e19f4ae0cd793328f208f139e38cca741eb5d

SHA256
9e5056b3f038063fc02ffdf7ced8836842f00d75c138237640a1e81af1b65b05

SHA512
0767b40bbe5f88fcae995a1aee6a96db53239c630bf5b1996b238e2152f10030ea78da9ecc9c213af2d65c0e47220730d09ed40d848c278cede173001e9a9aa3

Download Submit
C:\Windows\System\NHzHdms.exe

Filesize
5.2MB

MD5
9c43d9a6bbf86e8b086e467cede9d1b0

SHA1
a5e0318eb921920f913d2dce72d048ee9e5f569f

SHA256
d080bf009487d516bcd4dd18fc64efffb5823dc0f9d38dec138bf25d18347f27

SHA512
a7651a628d02bfee02e5841c7fdb2418da7828079d3d6affe3beca3587bc12eee16c675292241d1f9ddea9129bab6e3ce18a194e7f814103c61cdbec55b92f57

Download Submit
C:\Windows\System\SfETWMU.exe

Filesize
5.2MB

MD5
ef416a4dcd4a0d44ca7fef4dec127f2b

SHA1
1cdef57349ce466e7ef3e115ebdce72c42f21b1e

SHA256
bf8c58724c50ffe3dbb27dbf2d2467a6f635c54157f3963570c1fe279792d77a

SHA512
e8e8dc4e444374968a49c5d1896b7f2cfbe3dc79abe3b2280c4d5b012485c7b7da2d85d3f8563b728150f27cabee2b3adc26c5b207dddcf73ceb1ba183bee1a4

Download Submit
C:\Windows\System\VeaxYSE.exe

Filesize
5.2MB

MD5
98d27eb80712d0aa6dfbc50017d8ada1

SHA1
17319a90ca194fb6be3ebb251f9fbae23ff23db6

SHA256
ed9b96881a4d90ec834990f1ffdfe908489509160c02940d41f154a98a6be299

SHA512
4d968f72762915856ad50fc6c353d1b94fd9bef84501989dc1a3beff5dc1874e7574162fba16d16f05da97dfc4594c5bf9ca0295131630afb743fcb9988084dc

Download Submit
C:\Windows\System\bbeklow.exe

Filesize
5.2MB

MD5
e495e49d5fbb91db043b32fde61c1d71

SHA1
7caae58dff9461442107a47bf810ef476c96b167

SHA256
774c6d67e06039d6ad618df6431a2cc71ee3531830aa31cf943ae4559fdd9106

SHA512
eaf1443c9b29e6b47854f59bab08f03088b2f62b92ec51542e24f2a59c4ff704c221941ad52bb8f2f906b50e93888f48ac4a801d026224b603905732081d47e1

Download Submit
C:\Windows\System\ggncWpB.exe

Filesize
5.2MB

MD5
478a61d9f6e8c7484cd826b876d4af5c

SHA1
dcbd780a88ea7e3c4fda2885ae433f4ca066cd2d

SHA256
5ecad01bea9a4b8b8f426d8c6eaccf8c2770c3db55ca979a29346745477d8e6c

SHA512
5da1262ed77eaff6eb8a8b35133ac67053092d74dd9a5c179733b46fa39574fb4edc898b8009f18a3f78b2e3f5b9d4eebd715e9e0d67acd6557990a041d513ec

Download Submit
C:\Windows\System\iSSfxHG.exe

Filesize
5.2MB

MD5
e5d4e9d1ba8c58bd0430d911724b2e68

SHA1
cffb3bedc6e210e3e8c79414a9be2706719678d6

SHA256
c8d2533284edd7349fab96ec0ff0dce2245e74be42483792239316f3de32713c

SHA512
1f40d80ed18e56298251d1b59bc3a4283e051a940853b68bcb2a324aba3910fa1638cdae3fef3a7dd92185ed446bd4eef0016f3eb66ff84795f6df1590a218ab

Download Submit
C:\Windows\System\icsPpPj.exe

Filesize
5.2MB

MD5
4bda77beb671d7a611a7a812f4f79ce5

SHA1
aa05923489182d13a87658a0fd4379475270ddf2

SHA256
0f80284b950a590762780f2fd68b450dccae9b69299590c42376eb052a447882

SHA512
8ccfd172cf1432a440e93b316909ad5396fc4bd0a1ae1624324f629cc26eeea7f1cee434f1b92b389cd623088b62eb595523eb98d5b8638cfc1ba3355836a6f0

Download Submit
C:\Windows\System\lGSNgVD.exe

Filesize
5.2MB

MD5
a0351390ef4e5300f795546192507160

SHA1
02f209c774f94ad908fdab6f7e8f88856966b07e

SHA256
83973d3e1a9774fb56f5c1d82f04149e87537a1ef47a1de1118232667c0a4775

SHA512
3692b0b7809b426fba3a0f787199ad2f70e6adb3f0a9a4d7f5cfd96ad2db36639e550996978176ba72f6600ebb63e49034b39e0694c310551f87a2b714c0816f

Download Submit
C:\Windows\System\lQRPSni.exe

Filesize
5.2MB

MD5
b4e7d0bb17dfe3ccfd9a2de9c92be1ac

SHA1
e6593507dc25a6376abaf7d8040b02f127a13e3a

SHA256
5c0b354c481da5972d4460dd8108eb0075a964f43e538acbfd7221745db9e2be

SHA512
9b716abf57946e091b8d21cf66cd2bc36d131bf4ebefe108c81237552e2c0046b91c81e835ead3828b7c28a6a40e084bfc508c857ef87cff0155a1e97d36d2a6

Download Submit
C:\Windows\System\nZbmnwr.exe

Filesize
5.2MB

MD5
0c13cb2e11d2d6a6dcaa31729b6fae67

SHA1
0d25b2cf0aff91bb11e3bfcc6d7abd88de25f2a9

SHA256
d827d6f09b2d537ad786a6408eae70b40abcc465b02da2632fc8f54a4f271346

SHA512
91db3e9d10076557e8f15b6bde3316f72d64e48cf77693b6949d6198b16c16d05e45b295128ab7e1f54f062b3173a0336234e637259bddc854c0eafb4e87dde6

Download Submit
C:\Windows\System\nngAyZG.exe

Filesize
5.2MB

MD5
311b9ffc01f865d081717f811cd3416e

SHA1
1d994bda24a5bdcfaf53e492b4d045cdaeb80f02

SHA256
3f5bee12dbf91515dacc55b4cd620c09e079af56bafaeb8c293bc45e50e94793

SHA512
dae362897f7e25460eeb68a893fa4fcc9329d63005ca5f0f2f2dd12784362e3a81cc0e4708a164167a31775b82a34b20ab8bb58a20eaf874dfd0f76f51f9a6c7

Download Submit
C:\Windows\System\oDfdJeP.exe

Filesize
5.2MB

MD5
3329058b887205c42c4491c0fc881e70

SHA1
8105998169beb0c81867ab38f1e6ce20cc7565a7

SHA256
76530939ff123431543173d5a39557f6a60032067d17e49fa9a532165e374f57

SHA512
edf780d015a6b213c982dccc51854cf62c6a1716ff462e9fc76b54747c1b848af847c72438cb00384520fa947965262285f1fb46429b9a18adbbe5808878a3ac

Download Submit
C:\Windows\System\ocyNTAu.exe

Filesize
5.2MB

MD5
8c7519b77318655a1a61e60e1de2810b

SHA1
72c850c4c431103b2b5fa460d99a17218c1066b4

SHA256
ac4895c52d878637d3441896c4dc9f005fd4c5c3206ed949caf57a4678ce3abe

SHA512
b35c080a8389bf8c4c2d0c5da979e6cdbe21e277136350d0b3ddcbb114459e931e804f9caad864d7956259f9c225f7299c3d9520198a320e3ca60117c4652367

Download Submit
C:\Windows\System\yIwbNuj.exe

Filesize
5.2MB

MD5
31affeb6b5e48115d78711c022508063

SHA1
f54229539867c5cc472c8b8425946e93e9271456

SHA256
3803191d8bc8df8eeee52a184ce04175093ee9f44c639d04405b3ba358791cee

SHA512
1d73b728bc62daad48c639dcba1c4e0c42a673d65fcb9c1ac653f94522282db42aea1449b153f92835c4c4a09b72e4995231ee8b2e1bc75aacf0ba00813ad0b6

Download Submit
memory/184-77-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp

Filesize
3.3MB

Download
memory/184-157-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp

Filesize
3.3MB

Download
memory/184-0-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp

Filesize
3.3MB

Download
memory/184-134-0x00007FF69EFF0000-0x00007FF69F341000-memory.dmp

Filesize
3.3MB

Download
memory/184-1-0x000001D259C50000-0x000001D259C60000-memory.dmp

Filesize
64KB

Download
memory/1464-256-0x00007FF738890000-0x00007FF738BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1464-152-0x00007FF738890000-0x00007FF738BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1464-106-0x00007FF738890000-0x00007FF738BE1000-memory.dmp

Filesize
3.3MB

Download
memory/1976-124-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1976-154-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1976-258-0x00007FF700C90000-0x00007FF700FE1000-memory.dmp

Filesize
3.3MB

Download
memory/2200-83-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp

Filesize
3.3MB

Download
memory/2200-208-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp

Filesize
3.3MB

Download
memory/2200-7-0x00007FF7EC330000-0x00007FF7EC681000-memory.dmp

Filesize
3.3MB

Download
memory/2316-227-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp

Filesize
3.3MB

Download
memory/2316-34-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp

Filesize
3.3MB

Download
memory/2316-144-0x00007FF75F880000-0x00007FF75FBD1000-memory.dmp

Filesize
3.3MB

Download
memory/2424-132-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp

Filesize
3.3MB

Download
memory/2424-265-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp

Filesize
3.3MB

Download
memory/2424-156-0x00007FF7DD910000-0x00007FF7DDC61000-memory.dmp

Filesize
3.3MB

Download
memory/2604-86-0x00007FF68C320000-0x00007FF68C671000-memory.dmp

Filesize
3.3MB

Download
memory/2604-149-0x00007FF68C320000-0x00007FF68C671000-memory.dmp

Filesize
3.3MB

Download
memory/2604-249-0x00007FF68C320000-0x00007FF68C671000-memory.dmp

Filesize
3.3MB

Download
memory/2820-87-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp

Filesize
3.3MB

Download
memory/2820-14-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp

Filesize
3.3MB

Download
memory/2820-210-0x00007FF70F0F0000-0x00007FF70F441000-memory.dmp

Filesize
3.3MB

Download
memory/2952-153-0x00007FF690500000-0x00007FF690851000-memory.dmp

Filesize
3.3MB

Download
memory/2952-262-0x00007FF690500000-0x00007FF690851000-memory.dmp

Filesize
3.3MB

Download
memory/2952-120-0x00007FF690500000-0x00007FF690851000-memory.dmp

Filesize
3.3MB

Download
memory/2968-260-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp

Filesize
3.3MB

Download
memory/2968-155-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp

Filesize
3.3MB

Download
memory/2968-129-0x00007FF7218E0000-0x00007FF721C31000-memory.dmp

Filesize
3.3MB

Download
memory/2996-246-0x00007FF647EE0000-0x00007FF648231000-memory.dmp

Filesize
3.3MB

Download
memory/2996-146-0x00007FF647EE0000-0x00007FF648231000-memory.dmp

Filesize
3.3MB

Download
memory/2996-72-0x00007FF647EE0000-0x00007FF648231000-memory.dmp

Filesize
3.3MB

Download
memory/3032-66-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp

Filesize
3.3MB

Download
memory/3032-237-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp

Filesize
3.3MB

Download
memory/3032-143-0x00007FF75AE60000-0x00007FF75B1B1000-memory.dmp

Filesize
3.3MB

Download
memory/3416-119-0x00007FF718610000-0x00007FF718961000-memory.dmp

Filesize
3.3MB

Download
memory/3416-24-0x00007FF718610000-0x00007FF718961000-memory.dmp

Filesize
3.3MB

Download
memory/3416-213-0x00007FF718610000-0x00007FF718961000-memory.dmp

Filesize
3.3MB

Download
memory/3464-46-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp

Filesize
3.3MB

Download
memory/3464-141-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp

Filesize
3.3MB

Download
memory/3464-229-0x00007FF6199D0000-0x00007FF619D21000-memory.dmp

Filesize
3.3MB

Download
memory/3808-82-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp

Filesize
3.3MB

Download
memory/3808-148-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp

Filesize
3.3MB

Download
memory/3808-250-0x00007FF773D80000-0x00007FF7740D1000-memory.dmp

Filesize
3.3MB

Download
memory/4084-235-0x00007FF6F5190000-0x00007FF6F54E1000-memory.dmp

Filesize
3.3MB

Download
memory/4084-78-0x00007FF6F5190000-0x00007FF6F54E1000-memory.dmp

Filesize
3.3MB

Download
memory/4352-102-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp

Filesize
3.3MB

Download
memory/4352-214-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp

Filesize
3.3MB

Download
memory/4352-20-0x00007FF6B6840000-0x00007FF6B6B91000-memory.dmp

Filesize
3.3MB

Download
memory/4464-231-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp

Filesize
3.3MB

Download
memory/4464-51-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp

Filesize
3.3MB

Download
memory/4464-142-0x00007FF7A9360000-0x00007FF7A96B1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-115-0x00007FF6F29A0000-0x00007FF6F2CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-254-0x00007FF6F29A0000-0x00007FF6F2CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4680-252-0x00007FF6AC720000-0x00007FF6ACA71000-memory.dmp

Filesize
3.3MB

Download
memory/4680-105-0x00007FF6AC720000-0x00007FF6ACA71000-memory.dmp

Filesize
3.3MB

Download
memory/4860-225-0x00007FF671950000-0x00007FF671CA1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-31-0x00007FF671950000-0x00007FF671CA1000-memory.dmp

Filesize
3.3MB

Download
memory/4860-130-0x00007FF671950000-0x00007FF671CA1000-memory.dmp

Filesize
3.3MB

Download
memory/4964-233-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp

Filesize
3.3MB

Download
memory/4964-59-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp

Filesize
3.3MB

Download
memory/4964-145-0x00007FF714F50000-0x00007FF7152A1000-memory.dmp

Filesize
3.3MB

Download