cobaltstrike | a0d8d2b686d577035f48d746834b0358e77181c9ec35c52acf13edfe841d58cb

Analysis

max time kernel
112s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c03dcf354dafce3affbb1fee3f0650a0N.exe
Size

5.2MB
MD5

c03dcf354dafce3affbb1fee3f0650a0
SHA1

bc29f163fe5860de9778866cbe05592222e70bf0
SHA256

a0d8d2b686d577035f48d746834b0358e77181c9ec35c52acf13edfe841d58cb
SHA512

67c66735c18a3e0e65c625f35c3ef49acff3039f407047c77a7a8081aed2e9c621657ca3d298dbff335a2699da66e384003630bff10bb4dc04feadeed53f540b
SSDEEP

49152:ROdWCCi7/rai56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lu:RWWBibd56utgpPFotBER/mQ32lUK

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023490-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023495-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023494-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023497-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023499-38.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349a-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023498-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023496-36.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349b-53.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349d-57.dat	cobalt_reflective_dll
behavioral2/files/0x000a0000000233f0-73.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234a0-88.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349e-91.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002349f-93.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023491-70.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234a1-100.dat	cobalt_reflective_dll
behavioral2/files/0x000d000000023381-126.dat	cobalt_reflective_dll
behavioral2/files/0x00090000000233ed-136.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022d07-127.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002270e-113.dat	cobalt_reflective_dll
behavioral2/files/0x0005000000016985-112.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/64-84-0x00007FF6E98F0000-0x00007FF6E9C41000-memory.dmp	xmrig
behavioral2/memory/4720-89-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp	xmrig
behavioral2/memory/2660-82-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp	xmrig
behavioral2/memory/3524-79-0x00007FF63A0B0000-0x00007FF63A401000-memory.dmp	xmrig
behavioral2/memory/2368-77-0x00007FF696D00000-0x00007FF697051000-memory.dmp	xmrig
behavioral2/memory/4984-62-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	xmrig
behavioral2/memory/4608-98-0x00007FF702FB0000-0x00007FF703301000-memory.dmp	xmrig
behavioral2/memory/4924-97-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp	xmrig
behavioral2/memory/1188-118-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp	xmrig
behavioral2/memory/748-121-0x00007FF65BF70000-0x00007FF65C2C1000-memory.dmp	xmrig
behavioral2/memory/2836-135-0x00007FF629280000-0x00007FF6295D1000-memory.dmp	xmrig
behavioral2/memory/3632-129-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp	xmrig
behavioral2/memory/3204-122-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp	xmrig
behavioral2/memory/2760-119-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp	xmrig
behavioral2/memory/952-107-0x00007FF6ACB30000-0x00007FF6ACE81000-memory.dmp	xmrig
behavioral2/memory/5036-104-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp	xmrig
behavioral2/memory/808-139-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp	xmrig
behavioral2/memory/3356-140-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp	xmrig
behavioral2/memory/4984-141-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	xmrig
behavioral2/memory/3628-142-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp	xmrig
behavioral2/memory/1188-158-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp	xmrig
behavioral2/memory/4552-159-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp	xmrig
behavioral2/memory/1380-160-0x00007FF7170E0000-0x00007FF717431000-memory.dmp	xmrig
behavioral2/memory/768-167-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp	xmrig
behavioral2/memory/4984-168-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	xmrig
behavioral2/memory/2368-219-0x00007FF696D00000-0x00007FF697051000-memory.dmp	xmrig
behavioral2/memory/2660-221-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp	xmrig
behavioral2/memory/4720-227-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp	xmrig
behavioral2/memory/4924-230-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp	xmrig
behavioral2/memory/5036-232-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp	xmrig
behavioral2/memory/2760-235-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp	xmrig
behavioral2/memory/4608-234-0x00007FF702FB0000-0x00007FF703301000-memory.dmp	xmrig
behavioral2/memory/3204-237-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp	xmrig
behavioral2/memory/3632-245-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp	xmrig
behavioral2/memory/2836-247-0x00007FF629280000-0x00007FF6295D1000-memory.dmp	xmrig
behavioral2/memory/3524-250-0x00007FF63A0B0000-0x00007FF63A401000-memory.dmp	xmrig
behavioral2/memory/64-251-0x00007FF6E98F0000-0x00007FF6E9C41000-memory.dmp	xmrig
behavioral2/memory/3356-253-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp	xmrig
behavioral2/memory/808-256-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp	xmrig
behavioral2/memory/3628-257-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp	xmrig
behavioral2/memory/952-265-0x00007FF6ACB30000-0x00007FF6ACE81000-memory.dmp	xmrig
behavioral2/memory/1188-267-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp	xmrig
behavioral2/memory/748-269-0x00007FF65BF70000-0x00007FF65C2C1000-memory.dmp	xmrig
behavioral2/memory/4552-271-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp	xmrig
behavioral2/memory/1380-273-0x00007FF7170E0000-0x00007FF717431000-memory.dmp	xmrig
behavioral2/memory/768-275-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2368	rSYkEQb.exe
2660	bISkCyI.exe
4720	xmLVqwN.exe
4924	boGuLDD.exe
4608	fXfcFGE.exe
5036	DyArllQ.exe
2760	wcasDnH.exe
3204	YuFeKCd.exe
3632	dTjcRkc.exe
2836	VXBWflS.exe
3524	aNQqmhP.exe
64	iIPnBuF.exe
3356	bxdiblw.exe
808	LoDjOVC.exe
3628	tyOVSJN.exe
952	ycfkQsZ.exe
1188	tqMicXc.exe
748	UCSPprm.exe
4552	tOYwgAm.exe
1380	LiuBJCT.exe
768	kwxCcUG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4984-0-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	upx
behavioral2/files/0x0008000000023490-5.dat	upx
behavioral2/files/0x0007000000023495-10.dat	upx
behavioral2/files/0x0007000000023494-11.dat	upx
behavioral2/memory/2660-12-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp	upx
behavioral2/files/0x0007000000023497-25.dat	upx
behavioral2/files/0x0007000000023499-38.dat	upx
behavioral2/memory/5036-41-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp	upx
behavioral2/memory/2760-42-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp	upx
behavioral2/files/0x000700000002349a-47.dat	upx
behavioral2/memory/3204-48-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp	upx
behavioral2/files/0x0007000000023498-39.dat	upx
behavioral2/files/0x0007000000023496-36.dat	upx
behavioral2/memory/4608-30-0x00007FF702FB0000-0x00007FF703301000-memory.dmp	upx
behavioral2/memory/4924-27-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp	upx
behavioral2/memory/4720-18-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp	upx
behavioral2/memory/2368-6-0x00007FF696D00000-0x00007FF697051000-memory.dmp	upx
behavioral2/files/0x000700000002349b-53.dat	upx
behavioral2/memory/3632-56-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp	upx
behavioral2/files/0x000700000002349d-57.dat	upx
behavioral2/memory/2836-67-0x00007FF629280000-0x00007FF6295D1000-memory.dmp	upx
behavioral2/files/0x000a0000000233f0-73.dat	upx
behavioral2/memory/808-83-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp	upx
behavioral2/memory/64-84-0x00007FF6E98F0000-0x00007FF6E9C41000-memory.dmp	upx
behavioral2/files/0x00070000000234a0-88.dat	upx
behavioral2/files/0x000700000002349e-91.dat	upx
behavioral2/files/0x000700000002349f-93.dat	upx
behavioral2/memory/3628-90-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp	upx
behavioral2/memory/4720-89-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp	upx
behavioral2/memory/3356-87-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp	upx
behavioral2/memory/2660-82-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp	upx
behavioral2/memory/3524-79-0x00007FF63A0B0000-0x00007FF63A401000-memory.dmp	upx
behavioral2/memory/2368-77-0x00007FF696D00000-0x00007FF697051000-memory.dmp	upx
behavioral2/files/0x0008000000023491-70.dat	upx
behavioral2/memory/4984-62-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	upx
behavioral2/memory/4608-98-0x00007FF702FB0000-0x00007FF703301000-memory.dmp	upx
behavioral2/memory/4924-97-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp	upx
behavioral2/files/0x00070000000234a1-100.dat	upx
behavioral2/memory/1188-118-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp	upx
behavioral2/memory/748-121-0x00007FF65BF70000-0x00007FF65C2C1000-memory.dmp	upx
behavioral2/files/0x000d000000023381-126.dat	upx
behavioral2/memory/768-137-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp	upx
behavioral2/files/0x00090000000233ed-136.dat	upx
behavioral2/memory/2836-135-0x00007FF629280000-0x00007FF6295D1000-memory.dmp	upx
behavioral2/memory/1380-131-0x00007FF7170E0000-0x00007FF717431000-memory.dmp	upx
behavioral2/memory/3632-129-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp	upx
behavioral2/memory/4552-125-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp	upx
behavioral2/files/0x0003000000022d07-127.dat	upx
behavioral2/memory/3204-122-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp	upx
behavioral2/memory/2760-119-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp	upx
behavioral2/files/0x000700000002270e-113.dat	upx
behavioral2/files/0x0005000000016985-112.dat	upx
behavioral2/memory/952-107-0x00007FF6ACB30000-0x00007FF6ACE81000-memory.dmp	upx
behavioral2/memory/5036-104-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp	upx
behavioral2/memory/808-139-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp	upx
behavioral2/memory/3356-140-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp	upx
behavioral2/memory/4984-141-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	upx
behavioral2/memory/3628-142-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp	upx
behavioral2/memory/1188-158-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp	upx
behavioral2/memory/4552-159-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp	upx
behavioral2/memory/1380-160-0x00007FF7170E0000-0x00007FF717431000-memory.dmp	upx
behavioral2/memory/768-167-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp	upx
behavioral2/memory/4984-168-0x00007FF6855F0000-0x00007FF685941000-memory.dmp	upx
behavioral2/memory/2368-219-0x00007FF696D00000-0x00007FF697051000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\LiuBJCT.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\fXfcFGE.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\wcasDnH.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\iIPnBuF.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\tqMicXc.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\UCSPprm.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\rSYkEQb.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\DyArllQ.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\tyOVSJN.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\bISkCyI.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\YuFeKCd.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\dTjcRkc.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\aNQqmhP.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\bxdiblw.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\LoDjOVC.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\ycfkQsZ.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\tOYwgAm.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\xmLVqwN.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\boGuLDD.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\VXBWflS.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe
File created	C:\Windows\System\kwxCcUG.exe	c03dcf354dafce3affbb1fee3f0650a0N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe
Token: SeLockMemoryPrivilege	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 2368	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	85
PID 4984 wrote to memory of 2368	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	85
PID 4984 wrote to memory of 2660	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	86
PID 4984 wrote to memory of 2660	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	86
PID 4984 wrote to memory of 4720	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	87
PID 4984 wrote to memory of 4720	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	87
PID 4984 wrote to memory of 4924	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	88
PID 4984 wrote to memory of 4924	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	88
PID 4984 wrote to memory of 4608	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	89
PID 4984 wrote to memory of 4608	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	89
PID 4984 wrote to memory of 5036	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	90
PID 4984 wrote to memory of 5036	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	90
PID 4984 wrote to memory of 2760	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	91
PID 4984 wrote to memory of 2760	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	91
PID 4984 wrote to memory of 3204	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	93
PID 4984 wrote to memory of 3204	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	93
PID 4984 wrote to memory of 3632	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	94
PID 4984 wrote to memory of 3632	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	94
PID 4984 wrote to memory of 2836	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	97
PID 4984 wrote to memory of 2836	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	97
PID 4984 wrote to memory of 3524	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	98
PID 4984 wrote to memory of 3524	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	98
PID 4984 wrote to memory of 64	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	99
PID 4984 wrote to memory of 64	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	99
PID 4984 wrote to memory of 3356	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	100
PID 4984 wrote to memory of 3356	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	100
PID 4984 wrote to memory of 808	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	101
PID 4984 wrote to memory of 808	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	101
PID 4984 wrote to memory of 3628	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	102
PID 4984 wrote to memory of 3628	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	102
PID 4984 wrote to memory of 952	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	103
PID 4984 wrote to memory of 952	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	103
PID 4984 wrote to memory of 1188	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	104
PID 4984 wrote to memory of 1188	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	104
PID 4984 wrote to memory of 748	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	105
PID 4984 wrote to memory of 748	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	105
PID 4984 wrote to memory of 4552	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	106
PID 4984 wrote to memory of 4552	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	106
PID 4984 wrote to memory of 1380	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	107
PID 4984 wrote to memory of 1380	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	107
PID 4984 wrote to memory of 768	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	108
PID 4984 wrote to memory of 768	4984	c03dcf354dafce3affbb1fee3f0650a0N.exe	108

C:\Users\Admin\AppData\Local\Temp\c03dcf354dafce3affbb1fee3f0650a0N.exe
"C:\Users\Admin\AppData\Local\Temp\c03dcf354dafce3affbb1fee3f0650a0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\System\rSYkEQb.exe
  C:\Windows\System\rSYkEQb.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\bISkCyI.exe
  C:\Windows\System\bISkCyI.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\xmLVqwN.exe
  C:\Windows\System\xmLVqwN.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\boGuLDD.exe
  C:\Windows\System\boGuLDD.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\fXfcFGE.exe
  C:\Windows\System\fXfcFGE.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\DyArllQ.exe
  C:\Windows\System\DyArllQ.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\wcasDnH.exe
  C:\Windows\System\wcasDnH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\YuFeKCd.exe
  C:\Windows\System\YuFeKCd.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\dTjcRkc.exe
  C:\Windows\System\dTjcRkc.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\VXBWflS.exe
  C:\Windows\System\VXBWflS.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\aNQqmhP.exe
  C:\Windows\System\aNQqmhP.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\iIPnBuF.exe
  C:\Windows\System\iIPnBuF.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\bxdiblw.exe
  C:\Windows\System\bxdiblw.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\LoDjOVC.exe
  C:\Windows\System\LoDjOVC.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\tyOVSJN.exe
  C:\Windows\System\tyOVSJN.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\ycfkQsZ.exe
  C:\Windows\System\ycfkQsZ.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\tqMicXc.exe
  C:\Windows\System\tqMicXc.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\UCSPprm.exe
  C:\Windows\System\UCSPprm.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\tOYwgAm.exe
  C:\Windows\System\tOYwgAm.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\LiuBJCT.exe
  C:\Windows\System\LiuBJCT.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\kwxCcUG.exe
  C:\Windows\System\kwxCcUG.exe
  2⤵
  - Executes dropped EXE
  PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DyArllQ.exe

Filesize
5.2MB

MD5
ceeff8f3379a91031d49ff7de4e04a9e

SHA1
63e8997096e0c12b3b13aeca538a0323eac47532

SHA256
400ea1f8cc5bb48e822b24d439d95094de245b251256a8c7520b5fb07a585ffa

SHA512
798c852e9b2c1e7545872af1ceabedb2c7513e6dddf670fb2108544058d1b55fbe269c3301592160888f771a256ca6b092b7c54b5e5c8f3cc8356565e3f7fcdb

Download Submit
C:\Windows\System\LiuBJCT.exe

Filesize
5.2MB

MD5
bda8b73c759218b281aa22513e8bb065

SHA1
ae5aa54b4b3181fa5df45f7e2888be24b928985e

SHA256
5f380eecd712ce19705011497e9a8035db27ba6ddf84da63f7d7b5dbd2fdeada

SHA512
593f8ddbcd12e38babd66374f702db28baa9604b177d01bb1fb6ad93081b1b145e5d387662cde672b4467da53166a5a4eb27ddaeb6af9d85efc82c3c80efe68f

Download Submit
C:\Windows\System\LoDjOVC.exe

Filesize
5.2MB

MD5
a6490ab06c9f632ec29e5963feb98f87

SHA1
401574e07e5bedfc4acb8a6a3ed50d32e369f0ca

SHA256
0bc95a0ea6dff2e824ca6bdfb063101c00ffdd8bd4041451a936d4c937e9813c

SHA512
6fe2522f793a6260c8d35f90407872d3eee180118c3311dbe9ecc9c8823feeaaf93b21246958c5f668785c472b9e381c791e61af63ea99df1cf6d57c46af7d84

Download Submit
C:\Windows\System\UCSPprm.exe

Filesize
5.2MB

MD5
5b05c88211a5977e584b1a9db8b8515e

SHA1
de7086055d2332fb300474cc868e937bd1cbfbff

SHA256
85efa26cf36281a21943152348fb3ba9c238d72ae057d0c27dd3e8dc6b7a9082

SHA512
615480d34853ac818e7e5d5272870a479395b593f422c81c61f79fe96b186cf5bfc36e656f2d05c990b04bb61b76eea132cda480562d3c350c818f16e96dec36

Download Submit
C:\Windows\System\VXBWflS.exe

Filesize
5.2MB

MD5
2a14b9fa76ca30c2e4c5d75e5f1d24b0

SHA1
42e1283e8e938b2109e81f94bc0d6532cd6bee13

SHA256
4f8e4e099d4dc407a4cdc0e06603734ac14385a1df4bb0a396ea356e4b937eba

SHA512
81cdab73d2078b8d21f719975fd5e62c0be2c5b6345ec144fec4a795c7b9a087a8dc1739e7ff7e3327fe7b7016f556a5271adaec7fc5b2e50bf1cf37b0161da8

Download Submit
C:\Windows\System\YuFeKCd.exe

Filesize
5.2MB

MD5
5f3fe4634858d3d4736993babc377bf4

SHA1
248fe2a2ceb4f4468d1719d4f8038c018ad46846

SHA256
f52f1622e8d14782e01bb0541c77a125f1ba8a00995a3022b6d4104e395f6cfb

SHA512
7b5f3f022f09a6d83f0fa54685c46af7a29c6dd7ef6cb51956fb5e80db744f37cfdbd2645250d5161af8b6f4039771a17190fab08f1c08248118d634ea690b85

Download Submit
C:\Windows\System\aNQqmhP.exe

Filesize
5.2MB

MD5
1fd439d00198b0c9343e5bb37995b501

SHA1
7965da3788ad336d5f257116a11c4883eeca3585

SHA256
80f1ba2ca02468b2b4f30b8fb6974e8134c09176e90ca79d3690d2909b5bf75f

SHA512
95aa3b78e3d313a0cf964474b2d56dd24f893eb6bfef2b23bfeba0896e18e5322bcdcee01903906a5cacd8ad52014215c7d56ffd5502dd53e0d5029f3caf9678

Download Submit
C:\Windows\System\bISkCyI.exe

Filesize
5.2MB

MD5
c0526dd2b8f460999f2c028dfcb365eb

SHA1
bb4dec600471a5d2a2a3515edd6e1196a70af70e

SHA256
b551acfd76c37e38e4c3e80d3366f68e2e9b82f0dc4e7831f21b6cba24ec5593

SHA512
110e86ffd0febba47745774fab36a84db4ea9c2e3e899871d7d0dd7c4324b9e41f956a389b8abb64a03cc860aac6f2be26e029037811084e4dfb54f0d6b31781

Download Submit
C:\Windows\System\boGuLDD.exe

Filesize
5.2MB

MD5
09e38b14943a5e3172927e0a6715baf1

SHA1
c56990ba2d664314e56f56a12dc13925ea9a22ec

SHA256
7b3cc5135bc439cf131d0ed88a91ba29b47c8e5d7bdc273bda972829f7fbfa09

SHA512
d394901269f3273102b63520476588804cf2e23d41508102d20599ec9167de25e12c7463a6c368175637dbfb2f0256901c163debbb96ab656a962a6a69e98345

Download Submit
C:\Windows\System\bxdiblw.exe

Filesize
5.2MB

MD5
5294eecf251a4772461b9e8021efa3ac

SHA1
17fc11242f48cff45de5046a5e24d1456d4409b0

SHA256
7b77e81002f12e777dfb64a2fa4e41318f481868f18a244baa0ae683882da8a4

SHA512
dc58ab93bbb731db2cc38b271f7350d537376f6e9bfc4af898cb804e4d7584c91660ade844b684147b0d738621f5f1d24239746098c478ab48f9cc23ea1b5ded

Download Submit
C:\Windows\System\dTjcRkc.exe

Filesize
5.2MB

MD5
44a34fc4bff36f3bfb3692b3ed7b4cd9

SHA1
ec43c80cd4d0011c04d1bed9da74fb442f1f0c98

SHA256
bfb7c7deb4e4a48a4508c996349874ecc924419972e2a2aa0bf005e9460b9cea

SHA512
3181ec5180ceeb7b6befbc96eb91194d95a5f22857d24514a59bc1a35528d82acfafb9e63ecb95f96652e60d89ed922ca9ae89e76529b67eda886f2e772d14ea

Download Submit
C:\Windows\System\fXfcFGE.exe

Filesize
5.2MB

MD5
fa6fed9e7d8a335d51439479443ae57d

SHA1
2f8121637fa637d614a100f28cbf113aa65c7495

SHA256
e2483a6fed2882b9ebedfeb75ac0f46d5a3f6b3530c8fac14d4129a4e2e38652

SHA512
fee887fa7247621a49bb442f2c341e2b9a23ae04e4482be0f4088013c22025660bb51566f3cc18db66b9ca8b2c708bc812c77d67641c0f068823867fadb631a6

Download Submit
C:\Windows\System\iIPnBuF.exe

Filesize
5.2MB

MD5
84aa1a0cbbb0a82cbbabd0aa9bee7075

SHA1
f4ee3ad6874894a0b6bad3d3619a8f209e90c126

SHA256
b4f11f915c44d08d16222b54d1aecdb5d6d2694f2f7600aaf3bdae8b73d7a8b2

SHA512
8d6c1b76d55182d863d204d9cef87a4dbbca5d713b4addbdd9b52541fe68c5b370f51e268a269dee4c40e43b9e0118f311611ea467b21d73dd6033de6377b238

Download Submit
C:\Windows\System\kwxCcUG.exe

Filesize
5.2MB

MD5
3b2018c5635e162fd5f723d26d2be151

SHA1
f07116f1f7a49bc985bf73b661cd6c8f9eed9c07

SHA256
7006dff72b0452c9cc505d72b149cadc5569ed1c96f160b239fffd3531d444ee

SHA512
e02ef5308ada3a8c8c218e52a2f1533c7821fe73cbefc925cccc6c913f5d0568fb77dfa7a0957c54f354fb6452128f89cb92981e8da54e89acec3f0666cc8877

Download Submit
C:\Windows\System\rSYkEQb.exe

Filesize
5.2MB

MD5
61810c2b9e6c0f2a6a0e1e5ecc78a77d

SHA1
3aec51a04a2fcae197a4172ca5a7d602c8fee403

SHA256
0d59126f8299687b8280a5119629e24253d5aefda0b7dd5f2e53b00d83cff9fc

SHA512
84067b64e52f831f860f3b203b41b161dc24e4337a066a406b905cdf5f102738f6185c2cbb57e779ce9b2f20c595ae646086722b09ff080180825ac257b5bcfd

Download Submit
C:\Windows\System\tOYwgAm.exe

Filesize
5.2MB

MD5
09fb7a3c7992a4e6072b5737f67dae86

SHA1
9fe2204deb84944af2cb247c9dd8bf606b1b8829

SHA256
3f7a8871ba6ae36fedc903d113b59a0aac403af5489d8fdee4bae7b1262ddb4c

SHA512
f41dfa161e1bfc0653860c8f6afb19d1bc9e4e18b9f6658e7c8f1033262b7f4ed0692187413030ece4ccea85ebdb815457226f9b5b7016ca8057d67e481aedcd

Download Submit
C:\Windows\System\tqMicXc.exe

Filesize
5.2MB

MD5
e51ac7c2d1bc2665b9633881a8903ce9

SHA1
65f8f83de4237f02f61b59cc3a054e0b07f1926f

SHA256
d6f43ba5368d2f8b7e4bce45b9352f9ae94c83b663b4ce812a24fa9091383e16

SHA512
f5bb608abad7986f6ba100b9a16fc983907fb8462cd315308cfa540eeee59e4b11a28cb4aa562da33beaeab9048a5325f4ae584b821e0bbda91788efad390bde

Download Submit
C:\Windows\System\tyOVSJN.exe

Filesize
5.2MB

MD5
3074e903d61c9fb27a523eb3cf543f77

SHA1
e4cfb4e2cf82643229e837b5175fdd89b4c438db

SHA256
fafcb349c277d8e10e918ca6bff55023cfd49a6dc07daa2a6d2aaaecb39362ac

SHA512
efe1333f712bcc3e8e6df9b11864f4becb6bf02835823f5896a4e5344a7e8a468d19172f96f740bb720bce28251236c28afdfbf1bbb19bb7cf506dcd225e7f24

Download Submit
C:\Windows\System\wcasDnH.exe

Filesize
5.2MB

MD5
a9ec7e82295de647e9a908ee15d49f5a

SHA1
f2f52fa4658d18c29747e34c6b9ad6c45f3d5c30

SHA256
1b243c3477e44cb8d34b99d69d8f9f4bdc1be7e77c2a2662d1a7add8922074a2

SHA512
3f9ed6abe886de1d9b59ae3e3c752d143d252cdd8ed5a1cd761f301d9bed7b98ea5435c6c1e1e00c7835f4587961d42fe6c2b23c782c4724ea1787cea57f4f4b

Download Submit
C:\Windows\System\xmLVqwN.exe

Filesize
5.2MB

MD5
363fb743f79971548bb24cff80ba8983

SHA1
27dbde5b0a1883f4180b96ae82250aedf0e19c38

SHA256
244ad2d0dc2a36c53ffb82c6ba9947c369ba12ce0ec1180f1779965312b659e2

SHA512
c2acfd85532f7b9a8924561ce4f7d2b07f23b739a9d3ad9d3e628aeb8b635683dd3ca3dd9a17519ef2220a6e0b564984b7db511e3a61dc1d2ed07850ed0cb94a

Download Submit
C:\Windows\System\ycfkQsZ.exe

Filesize
5.2MB

MD5
2baffc646ada46d53bcbddd60ade859f

SHA1
5e9cd4630564d505ca2702640cb0ef2305948683

SHA256
92cf68ff093265430d1323ed8d5aae40dc6ca2f46bd7c8c826b8f6f281665485

SHA512
2bb31e0dafa239f11d292bbef79b33b56209746f9f8c21eca844cfc8c10a0e95d6398685d051398952d922b66b519786e50e3320287cae0ec8665174472cceb6

Download Submit
memory/64-251-0x00007FF6E98F0000-0x00007FF6E9C41000-memory.dmp

Filesize
3.3MB

Download
memory/64-84-0x00007FF6E98F0000-0x00007FF6E9C41000-memory.dmp

Filesize
3.3MB

Download
memory/748-121-0x00007FF65BF70000-0x00007FF65C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/748-269-0x00007FF65BF70000-0x00007FF65C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/768-167-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp

Filesize
3.3MB

Download
memory/768-137-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp

Filesize
3.3MB

Download
memory/768-275-0x00007FF66F700000-0x00007FF66FA51000-memory.dmp

Filesize
3.3MB

Download
memory/808-83-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp

Filesize
3.3MB

Download
memory/808-256-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp

Filesize
3.3MB

Download
memory/808-139-0x00007FF7F2B20000-0x00007FF7F2E71000-memory.dmp

Filesize
3.3MB

Download
memory/952-107-0x00007FF6ACB30000-0x00007FF6ACE81000-memory.dmp

Filesize
3.3MB

Download
memory/952-265-0x00007FF6ACB30000-0x00007FF6ACE81000-memory.dmp

Filesize
3.3MB

Download
memory/1188-158-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp

Filesize
3.3MB

Download
memory/1188-118-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp

Filesize
3.3MB

Download
memory/1188-267-0x00007FF732DA0000-0x00007FF7330F1000-memory.dmp

Filesize
3.3MB

Download
memory/1380-273-0x00007FF7170E0000-0x00007FF717431000-memory.dmp

Filesize
3.3MB

Download
memory/1380-131-0x00007FF7170E0000-0x00007FF717431000-memory.dmp

Filesize
3.3MB

Download
memory/1380-160-0x00007FF7170E0000-0x00007FF717431000-memory.dmp

Filesize
3.3MB

Download
memory/2368-77-0x00007FF696D00000-0x00007FF697051000-memory.dmp

Filesize
3.3MB

Download
memory/2368-6-0x00007FF696D00000-0x00007FF697051000-memory.dmp

Filesize
3.3MB

Download
memory/2368-219-0x00007FF696D00000-0x00007FF697051000-memory.dmp

Filesize
3.3MB

Download
memory/2660-12-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp

Filesize
3.3MB

Download
memory/2660-221-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp

Filesize
3.3MB

Download
memory/2660-82-0x00007FF603BE0000-0x00007FF603F31000-memory.dmp

Filesize
3.3MB

Download
memory/2760-42-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp

Filesize
3.3MB

Download
memory/2760-235-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp

Filesize
3.3MB

Download
memory/2760-119-0x00007FF638E80000-0x00007FF6391D1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-135-0x00007FF629280000-0x00007FF6295D1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-67-0x00007FF629280000-0x00007FF6295D1000-memory.dmp

Filesize
3.3MB

Download
memory/2836-247-0x00007FF629280000-0x00007FF6295D1000-memory.dmp

Filesize
3.3MB

Download
memory/3204-122-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp

Filesize
3.3MB

Download
memory/3204-48-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp

Filesize
3.3MB

Download
memory/3204-237-0x00007FF721BB0000-0x00007FF721F01000-memory.dmp

Filesize
3.3MB

Download
memory/3356-253-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp

Filesize
3.3MB

Download
memory/3356-140-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp

Filesize
3.3MB

Download
memory/3356-87-0x00007FF6DAFD0000-0x00007FF6DB321000-memory.dmp

Filesize
3.3MB

Download
memory/3524-79-0x00007FF63A0B0000-0x00007FF63A401000-memory.dmp

Filesize
3.3MB

Download
memory/3524-250-0x00007FF63A0B0000-0x00007FF63A401000-memory.dmp

Filesize
3.3MB

Download
memory/3628-257-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp

Filesize
3.3MB

Download
memory/3628-142-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp

Filesize
3.3MB

Download
memory/3628-90-0x00007FF7F1100000-0x00007FF7F1451000-memory.dmp

Filesize
3.3MB

Download
memory/3632-129-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp

Filesize
3.3MB

Download
memory/3632-245-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp

Filesize
3.3MB

Download
memory/3632-56-0x00007FF793AD0000-0x00007FF793E21000-memory.dmp

Filesize
3.3MB

Download
memory/4552-159-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp

Filesize
3.3MB

Download
memory/4552-125-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp

Filesize
3.3MB

Download
memory/4552-271-0x00007FF6A7E00000-0x00007FF6A8151000-memory.dmp

Filesize
3.3MB

Download
memory/4608-234-0x00007FF702FB0000-0x00007FF703301000-memory.dmp

Filesize
3.3MB

Download
memory/4608-98-0x00007FF702FB0000-0x00007FF703301000-memory.dmp

Filesize
3.3MB

Download
memory/4608-30-0x00007FF702FB0000-0x00007FF703301000-memory.dmp

Filesize
3.3MB

Download
memory/4720-89-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp

Filesize
3.3MB

Download
memory/4720-227-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp

Filesize
3.3MB

Download
memory/4720-18-0x00007FF753AB0000-0x00007FF753E01000-memory.dmp

Filesize
3.3MB

Download
memory/4924-97-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/4924-230-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/4924-27-0x00007FF68B490000-0x00007FF68B7E1000-memory.dmp

Filesize
3.3MB

Download
memory/4984-0-0x00007FF6855F0000-0x00007FF685941000-memory.dmp

Filesize
3.3MB

Download
memory/4984-1-0x000002EF03820000-0x000002EF03830000-memory.dmp

Filesize
64KB

Download
memory/4984-141-0x00007FF6855F0000-0x00007FF685941000-memory.dmp

Filesize
3.3MB

Download
memory/4984-62-0x00007FF6855F0000-0x00007FF685941000-memory.dmp

Filesize
3.3MB

Download
memory/4984-168-0x00007FF6855F0000-0x00007FF685941000-memory.dmp

Filesize
3.3MB

Download
memory/5036-232-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp

Filesize
3.3MB

Download
memory/5036-41-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp

Filesize
3.3MB

Download
memory/5036-104-0x00007FF77C5C0000-0x00007FF77C911000-memory.dmp

Filesize
3.3MB

Download