cobaltstrike | 3475258ed81e0c42b32aa6025a2cf7b67eb489c6403ecc80bc9eacd4ae87bd26

Analysis

max time kernel
119s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

532d44121238b63e34a05981b7108d20N.exe
Size

5.2MB
MD5

532d44121238b63e34a05981b7108d20
SHA1

b969c686dbd0cb039eebbfc50fcb77b4dd02a7b1
SHA256

3475258ed81e0c42b32aa6025a2cf7b67eb489c6403ecc80bc9eacd4ae87bd26
SHA512

ec1c29232421cd7eda2b347f0a1591a095ef09180e1e09d1ddd294d4b9f7062c3607d07d762a8b7a706f8c981ef35c782561499696341a1d74f3ff1c153cc74d
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lo:RWWBibf56utgpPFotBER/mQ32lU0

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000800000002347c-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023481-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023480-13.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023482-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023483-31.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001e745-35.dat	cobalt_reflective_dll
behavioral2/files/0x000e00000002339b-41.dat	cobalt_reflective_dll
behavioral2/files/0x000e00000002347d-46.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023484-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023485-68.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023488-79.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023487-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023486-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023489-88.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348a-95.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348c-108.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348e-116.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348f-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023491-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023490-139.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002348d-120.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/1540-63-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp	xmrig
behavioral2/memory/4648-75-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp	xmrig
behavioral2/memory/1192-80-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp	xmrig
behavioral2/memory/4636-67-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp	xmrig
behavioral2/memory/552-60-0x00007FF7C8990000-0x00007FF7C8CE1000-memory.dmp	xmrig
behavioral2/memory/808-57-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	xmrig
behavioral2/memory/1252-85-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp	xmrig
behavioral2/memory/4840-92-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp	xmrig
behavioral2/memory/4432-107-0x00007FF6C7510000-0x00007FF6C7861000-memory.dmp	xmrig
behavioral2/memory/4868-103-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp	xmrig
behavioral2/memory/5052-141-0x00007FF7272A0000-0x00007FF7275F1000-memory.dmp	xmrig
behavioral2/memory/3060-138-0x00007FF6970D0000-0x00007FF697421000-memory.dmp	xmrig
behavioral2/memory/1692-137-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp	xmrig
behavioral2/memory/2408-118-0x00007FF793690000-0x00007FF7939E1000-memory.dmp	xmrig
behavioral2/memory/4704-109-0x00007FF77D000000-0x00007FF77D351000-memory.dmp	xmrig
behavioral2/memory/1400-153-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp	xmrig
behavioral2/memory/4332-152-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp	xmrig
behavioral2/memory/4840-154-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp	xmrig
behavioral2/memory/4552-169-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp	xmrig
behavioral2/memory/3340-168-0x00007FF63A630000-0x00007FF63A981000-memory.dmp	xmrig
behavioral2/memory/5064-167-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp	xmrig
behavioral2/memory/2908-165-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp	xmrig
behavioral2/memory/400-164-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp	xmrig
behavioral2/memory/808-155-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	xmrig
behavioral2/memory/808-181-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	xmrig
behavioral2/memory/1540-216-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp	xmrig
behavioral2/memory/4636-218-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp	xmrig
behavioral2/memory/4648-220-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp	xmrig
behavioral2/memory/1192-222-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp	xmrig
behavioral2/memory/1252-225-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp	xmrig
behavioral2/memory/4868-234-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp	xmrig
behavioral2/memory/4704-236-0x00007FF77D000000-0x00007FF77D351000-memory.dmp	xmrig
behavioral2/memory/2408-238-0x00007FF793690000-0x00007FF7939E1000-memory.dmp	xmrig
behavioral2/memory/552-240-0x00007FF7C8990000-0x00007FF7C8CE1000-memory.dmp	xmrig
behavioral2/memory/1692-244-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp	xmrig
behavioral2/memory/3060-243-0x00007FF6970D0000-0x00007FF697421000-memory.dmp	xmrig
behavioral2/memory/1400-248-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp	xmrig
behavioral2/memory/4332-247-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp	xmrig
behavioral2/memory/4840-253-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp	xmrig
behavioral2/memory/4432-261-0x00007FF6C7510000-0x00007FF6C7861000-memory.dmp	xmrig
behavioral2/memory/5064-263-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp	xmrig
behavioral2/memory/4552-265-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp	xmrig
behavioral2/memory/400-267-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp	xmrig
behavioral2/memory/2908-269-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp	xmrig
behavioral2/memory/5052-271-0x00007FF7272A0000-0x00007FF7275F1000-memory.dmp	xmrig
behavioral2/memory/3340-273-0x00007FF63A630000-0x00007FF63A981000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
1540	eKoRMQv.exe
4636	GTzJiSm.exe
4648	WlOCcsk.exe
1192	mMwnuLd.exe
1252	Rtiojzl.exe
4868	KkCcNvd.exe
4704	fOszInP.exe
2408	kLrmOGl.exe
552	iAByZEm.exe
1692	aBRzcSr.exe
3060	aYsOTCA.exe
1400	xEucEve.exe
4332	TxYfszk.exe
4840	ngQyjsq.exe
4432	WfVlPPG.exe
5064	eAqmTTT.exe
4552	cvbmdmz.exe
400	cDpEJOc.exe
2908	vWqVZlF.exe
5052	fwTePnC.exe
3340	khZmwCH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/808-0-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	upx
behavioral2/files/0x000800000002347c-4.dat	upx
behavioral2/memory/1540-8-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp	upx
behavioral2/files/0x0007000000023481-10.dat	upx
behavioral2/files/0x0007000000023480-13.dat	upx
behavioral2/memory/4648-18-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp	upx
behavioral2/memory/4636-12-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp	upx
behavioral2/files/0x0007000000023482-23.dat	upx
behavioral2/memory/1192-24-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp	upx
behavioral2/memory/1252-30-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp	upx
behavioral2/files/0x0007000000023483-31.dat	upx
behavioral2/files/0x000500000001e745-35.dat	upx
behavioral2/memory/4868-36-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp	upx
behavioral2/files/0x000e00000002339b-41.dat	upx
behavioral2/memory/4704-42-0x00007FF77D000000-0x00007FF77D351000-memory.dmp	upx
behavioral2/files/0x000e00000002347d-46.dat	upx
behavioral2/files/0x0007000000023484-52.dat	upx
behavioral2/memory/1540-63-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp	upx
behavioral2/memory/3060-65-0x00007FF6970D0000-0x00007FF697421000-memory.dmp	upx
behavioral2/files/0x0007000000023485-68.dat	upx
behavioral2/memory/4648-75-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp	upx
behavioral2/files/0x0007000000023488-79.dat	upx
behavioral2/memory/4332-81-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp	upx
behavioral2/memory/1192-80-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp	upx
behavioral2/files/0x0007000000023487-78.dat	upx
behavioral2/memory/1400-77-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp	upx
behavioral2/files/0x0007000000023486-70.dat	upx
behavioral2/memory/4636-67-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp	upx
behavioral2/memory/1692-64-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp	upx
behavioral2/memory/552-60-0x00007FF7C8990000-0x00007FF7C8CE1000-memory.dmp	upx
behavioral2/memory/808-57-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	upx
behavioral2/memory/2408-50-0x00007FF793690000-0x00007FF7939E1000-memory.dmp	upx
behavioral2/memory/1252-85-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp	upx
behavioral2/files/0x0007000000023489-88.dat	upx
behavioral2/memory/4840-92-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp	upx
behavioral2/files/0x000700000002348a-95.dat	upx
behavioral2/files/0x000700000002348c-108.dat	upx
behavioral2/memory/4432-107-0x00007FF6C7510000-0x00007FF6C7861000-memory.dmp	upx
behavioral2/memory/4868-103-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp	upx
behavioral2/memory/5064-110-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp	upx
behavioral2/files/0x000700000002348e-116.dat	upx
behavioral2/files/0x000700000002348f-131.dat	upx
behavioral2/files/0x0007000000023491-135.dat	upx
behavioral2/files/0x0007000000023490-139.dat	upx
behavioral2/memory/3340-142-0x00007FF63A630000-0x00007FF63A981000-memory.dmp	upx
behavioral2/memory/5052-141-0x00007FF7272A0000-0x00007FF7275F1000-memory.dmp	upx
behavioral2/memory/3060-138-0x00007FF6970D0000-0x00007FF697421000-memory.dmp	upx
behavioral2/memory/1692-137-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp	upx
behavioral2/memory/2908-130-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp	upx
behavioral2/memory/400-125-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp	upx
behavioral2/memory/4552-124-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp	upx
behavioral2/files/0x000700000002348d-120.dat	upx
behavioral2/memory/2408-118-0x00007FF793690000-0x00007FF7939E1000-memory.dmp	upx
behavioral2/memory/4704-109-0x00007FF77D000000-0x00007FF77D351000-memory.dmp	upx
behavioral2/memory/1400-153-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp	upx
behavioral2/memory/4332-152-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp	upx
behavioral2/memory/4840-154-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp	upx
behavioral2/memory/4552-169-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp	upx
behavioral2/memory/3340-168-0x00007FF63A630000-0x00007FF63A981000-memory.dmp	upx
behavioral2/memory/5064-167-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp	upx
behavioral2/memory/2908-165-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp	upx
behavioral2/memory/400-164-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp	upx
behavioral2/memory/808-155-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	upx
behavioral2/memory/808-181-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\GTzJiSm.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\kLrmOGl.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\cvbmdmz.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\vWqVZlF.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\xEucEve.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\TxYfszk.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\fwTePnC.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\aYsOTCA.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\WfVlPPG.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\khZmwCH.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\WlOCcsk.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\Rtiojzl.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\iAByZEm.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\aBRzcSr.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\ngQyjsq.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\eAqmTTT.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\cDpEJOc.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\eKoRMQv.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\mMwnuLd.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\KkCcNvd.exe	532d44121238b63e34a05981b7108d20N.exe
File created	C:\Windows\System\fOszInP.exe	532d44121238b63e34a05981b7108d20N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	808	532d44121238b63e34a05981b7108d20N.exe
Token: SeLockMemoryPrivilege	808	532d44121238b63e34a05981b7108d20N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 1540	808	532d44121238b63e34a05981b7108d20N.exe	85
PID 808 wrote to memory of 1540	808	532d44121238b63e34a05981b7108d20N.exe	85
PID 808 wrote to memory of 4636	808	532d44121238b63e34a05981b7108d20N.exe	86
PID 808 wrote to memory of 4636	808	532d44121238b63e34a05981b7108d20N.exe	86
PID 808 wrote to memory of 4648	808	532d44121238b63e34a05981b7108d20N.exe	89
PID 808 wrote to memory of 4648	808	532d44121238b63e34a05981b7108d20N.exe	89
PID 808 wrote to memory of 1192	808	532d44121238b63e34a05981b7108d20N.exe	90
PID 808 wrote to memory of 1192	808	532d44121238b63e34a05981b7108d20N.exe	90
PID 808 wrote to memory of 1252	808	532d44121238b63e34a05981b7108d20N.exe	92
PID 808 wrote to memory of 1252	808	532d44121238b63e34a05981b7108d20N.exe	92
PID 808 wrote to memory of 4868	808	532d44121238b63e34a05981b7108d20N.exe	93
PID 808 wrote to memory of 4868	808	532d44121238b63e34a05981b7108d20N.exe	93
PID 808 wrote to memory of 4704	808	532d44121238b63e34a05981b7108d20N.exe	94
PID 808 wrote to memory of 4704	808	532d44121238b63e34a05981b7108d20N.exe	94
PID 808 wrote to memory of 2408	808	532d44121238b63e34a05981b7108d20N.exe	95
PID 808 wrote to memory of 2408	808	532d44121238b63e34a05981b7108d20N.exe	95
PID 808 wrote to memory of 552	808	532d44121238b63e34a05981b7108d20N.exe	96
PID 808 wrote to memory of 552	808	532d44121238b63e34a05981b7108d20N.exe	96
PID 808 wrote to memory of 1692	808	532d44121238b63e34a05981b7108d20N.exe	97
PID 808 wrote to memory of 1692	808	532d44121238b63e34a05981b7108d20N.exe	97
PID 808 wrote to memory of 3060	808	532d44121238b63e34a05981b7108d20N.exe	98
PID 808 wrote to memory of 3060	808	532d44121238b63e34a05981b7108d20N.exe	98
PID 808 wrote to memory of 1400	808	532d44121238b63e34a05981b7108d20N.exe	101
PID 808 wrote to memory of 1400	808	532d44121238b63e34a05981b7108d20N.exe	101
PID 808 wrote to memory of 4332	808	532d44121238b63e34a05981b7108d20N.exe	102
PID 808 wrote to memory of 4332	808	532d44121238b63e34a05981b7108d20N.exe	102
PID 808 wrote to memory of 4840	808	532d44121238b63e34a05981b7108d20N.exe	103
PID 808 wrote to memory of 4840	808	532d44121238b63e34a05981b7108d20N.exe	103
PID 808 wrote to memory of 4432	808	532d44121238b63e34a05981b7108d20N.exe	105
PID 808 wrote to memory of 4432	808	532d44121238b63e34a05981b7108d20N.exe	105
PID 808 wrote to memory of 5064	808	532d44121238b63e34a05981b7108d20N.exe	106
PID 808 wrote to memory of 5064	808	532d44121238b63e34a05981b7108d20N.exe	106
PID 808 wrote to memory of 4552	808	532d44121238b63e34a05981b7108d20N.exe	107
PID 808 wrote to memory of 4552	808	532d44121238b63e34a05981b7108d20N.exe	107
PID 808 wrote to memory of 400	808	532d44121238b63e34a05981b7108d20N.exe	108
PID 808 wrote to memory of 400	808	532d44121238b63e34a05981b7108d20N.exe	108
PID 808 wrote to memory of 2908	808	532d44121238b63e34a05981b7108d20N.exe	109
PID 808 wrote to memory of 2908	808	532d44121238b63e34a05981b7108d20N.exe	109
PID 808 wrote to memory of 5052	808	532d44121238b63e34a05981b7108d20N.exe	110
PID 808 wrote to memory of 5052	808	532d44121238b63e34a05981b7108d20N.exe	110
PID 808 wrote to memory of 3340	808	532d44121238b63e34a05981b7108d20N.exe	111
PID 808 wrote to memory of 3340	808	532d44121238b63e34a05981b7108d20N.exe	111

C:\Users\Admin\AppData\Local\Temp\532d44121238b63e34a05981b7108d20N.exe
"C:\Users\Admin\AppData\Local\Temp\532d44121238b63e34a05981b7108d20N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\System\eKoRMQv.exe
  C:\Windows\System\eKoRMQv.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\GTzJiSm.exe
  C:\Windows\System\GTzJiSm.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\WlOCcsk.exe
  C:\Windows\System\WlOCcsk.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\mMwnuLd.exe
  C:\Windows\System\mMwnuLd.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\Rtiojzl.exe
  C:\Windows\System\Rtiojzl.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\KkCcNvd.exe
  C:\Windows\System\KkCcNvd.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\fOszInP.exe
  C:\Windows\System\fOszInP.exe
  2⤵
  - Executes dropped EXE
  PID:4704
- C:\Windows\System\kLrmOGl.exe
  C:\Windows\System\kLrmOGl.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\iAByZEm.exe
  C:\Windows\System\iAByZEm.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\aBRzcSr.exe
  C:\Windows\System\aBRzcSr.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\aYsOTCA.exe
  C:\Windows\System\aYsOTCA.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\xEucEve.exe
  C:\Windows\System\xEucEve.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\TxYfszk.exe
  C:\Windows\System\TxYfszk.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\ngQyjsq.exe
  C:\Windows\System\ngQyjsq.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\WfVlPPG.exe
  C:\Windows\System\WfVlPPG.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\eAqmTTT.exe
  C:\Windows\System\eAqmTTT.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\cvbmdmz.exe
  C:\Windows\System\cvbmdmz.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\cDpEJOc.exe
  C:\Windows\System\cDpEJOc.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\vWqVZlF.exe
  C:\Windows\System\vWqVZlF.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\fwTePnC.exe
  C:\Windows\System\fwTePnC.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\khZmwCH.exe
  C:\Windows\System\khZmwCH.exe
  2⤵
  - Executes dropped EXE
  PID:3340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GTzJiSm.exe

Filesize
5.2MB

MD5
9247ae5477e410d41339012f54ed2218

SHA1
3220e64ce3ef9c9f1fc5b54983ceea049402d07d

SHA256
490381b5dd08db595702a8a59431aa9f2010a2cba87ef7fb0a7ace0f34a8295b

SHA512
1722c6e311b1811f544f992e523c31c1b89f471b667246797bf9b78eabbf89bc871c160d32904fbafed0c6d2d5324eb252e2c53fb5d438cb3e72d852869b3a29

Download Submit
C:\Windows\System\KkCcNvd.exe

Filesize
5.2MB

MD5
62aef2b4a2df32f5b2f6486ac45fe89c

SHA1
656177d2a933b4fa318510a6b04666d890f2f915

SHA256
87354fd1bbdf62b6c4bb507be5007ac0bf135996d5460b150558b8d43f499837

SHA512
a1015761c2cf93c0833ed4962e1b74a2cd07fe71797a1731cae5b5c58f4d66d85df5050f6c6de2eccb2d31085633797a81cc74a0e114f77adb0c42cba9638f08

Download Submit
C:\Windows\System\Rtiojzl.exe

Filesize
5.2MB

MD5
4bdeec39cab1483fe4400e264f2f0dc6

SHA1
15928b3e72f9668ed71a6d456b01393c20df38f1

SHA256
505f12304d1d07435df2bc14700b1af8f4c331dce5f34302261e427abc12fc2c

SHA512
d0bd3c77be747cc17252cfdd626abc10cc9989948267970b825e2f23caf7dee151b03c51693d18d757d0f5deb90f2316dcf04f445dc02047d9ce117f4a5845f2

Download Submit
C:\Windows\System\TxYfszk.exe

Filesize
5.2MB

MD5
b9087f07fc6a42a5cbabdd9bfe260982

SHA1
b0cbdfb45899030aa5dcb207ca113f42e68c92b3

SHA256
dffb104e856fa1c99904368270d4a7d0cb1a67708d6ed7a0b9fe58107bb3b0e5

SHA512
3ea45969a05ed2ab147136aaf3d1222c1f472e9796d532709d92dfa902402a72b63c7a319634dd7c03ce651dd8b5101954508d7680488ce3ccd94b5c934dfd13

Download Submit
C:\Windows\System\WfVlPPG.exe

Filesize
5.2MB

MD5
41c70d9e302d2fec68a054f1ae09f457

SHA1
d169ba210c70fe12f23b14f134422e57a3633fda

SHA256
1b974a05bd4088bb9e348fb35cff6af374f4bc0480edbf45c8d7fff410a62a5b

SHA512
fa4446f45367895609472ce1b8f727c324d361f458a421a301663bdfd93a2f7923197d345597b3b70fd8f87769f0d9ccff8380ff73f4d3ac0297052ceac4c941

Download Submit
C:\Windows\System\WlOCcsk.exe

Filesize
5.2MB

MD5
42d3607ee7de6ad8b394f39e1b713484

SHA1
d2cc00cbb11e0be5ec73357ff01279ae340a1a84

SHA256
00415065cb1fbf1e94d2cd28e5e6cbc6817b77f4c70ff0dc6ef9952466eb46e8

SHA512
8180f9b60737961567e626e80948d889614f43d100f824b54634898a603fda8666197feca0e5800393cf91b0fa85a41439e39599eada9b15b5728fa86895d578

Download Submit
C:\Windows\System\aBRzcSr.exe

Filesize
5.2MB

MD5
e2b5ee2c1a7234a066d9aca1d56037db

SHA1
940290d60a5334c51d47adde8f00fe1f62eccf5c

SHA256
c6b649b6170d4b0738b431c8260a2bd30d9432252ac5ffc9b8fd57ce367d854a

SHA512
cd35dd3637479a91b1302454e344e37bba84652cda80143ca41594c2830b3723dd5b6a54c6419984e8a028fdd940e7c13ed07c67a3f286a4ca082622899476ee

Download Submit
C:\Windows\System\aYsOTCA.exe

Filesize
5.2MB

MD5
3ce5c238603eabd407bfacb270fb381f

SHA1
a606595aed917756d1edb4688d7da699fb560b67

SHA256
8051f622507de58674a8f84284eec67795d4a515bd8287294dfc08cc59dab9e0

SHA512
cf8dab1f9f9d8d786754e87bd5c64a7f5fcb77b4772ff302dd7a912946fd481afbecd42fbe429ac36256b295ae39d3cedb6fb1b33b9866bfd5ffa90bd48554c7

Download Submit
C:\Windows\System\cDpEJOc.exe

Filesize
5.2MB

MD5
cd003b24cc903ab363b54777ef3db4c0

SHA1
94e149d7043af22448aea9868c478c5c4a1c2b55

SHA256
6b7dfb2be387a9c6bac44a36a54f0d64cb4d8fffe531041d2f130ad5ce5f9a5d

SHA512
7fec1735f872044f2418bf8bcbd0803393cbd854cc1742054d0e14d5159c47a37a42873e24dc395d79f9556f10b5d0d40f5d36dad8db8a27e6b952cd5cea36ea

Download Submit
C:\Windows\System\cvbmdmz.exe

Filesize
5.2MB

MD5
290ea0648618a76fa8aa0fb1087049c2

SHA1
8684f5a02e63b08942ff10c5a1270eb0441fb230

SHA256
97d011285ff7ad0e694dd146ed73d697ccbccdaf29392921a271f772934e98b3

SHA512
e7674ed2dd46f970f56cd4289a40c69af2d817d1a9e2cf9aa3357bd783d4e8c3e7b6941b5439c89e23470d6911fc5de23e64944ecc16cc16a32ab9ee3736987b

Download Submit
C:\Windows\System\eAqmTTT.exe

Filesize
5.2MB

MD5
01e7d2fbe95d99a0a83ef1ccf3743c82

SHA1
487b8f3ffad48e18d84df20546e2e88edfe00abe

SHA256
154f19ee4d5867ec1a9e6a1ff8e7c6825592e2fe39b41d99de021e1ac3beba69

SHA512
a4ab1fb7c4c06e4113347b07a6c80205a12f3acad306914ed0ffb41efef9874361ad143cb2b047e7e67e1d95550c9f764e09eeb0e7ba8dc7249e1588fa6822da

Download Submit
C:\Windows\System\eKoRMQv.exe

Filesize
5.2MB

MD5
7cc89da27c9bed0aeb62a5a5588b5df9

SHA1
6889e227d8ec641f14ee0a29b61105c7b974ef7a

SHA256
6eb058edf89ee039c74e429b04a5f807e98dbdbb66bd2529fc7f1cb807c31adc

SHA512
0397bade710bc198976a9bdbd05eef9c898cfe868e084a3482054808c66e40b3eadd928125f167fb5db6856aef7b2c0b79d53b63582bdd6d0a4fe2d2d214c297

Download Submit
C:\Windows\System\fOszInP.exe

Filesize
5.2MB

MD5
fa95ec89c64bc67384b8d99b7271180e

SHA1
b5ce26510661f02be1c3edc97f59c378207be1fd

SHA256
4f9b886dac52571aadc2dd474d21c52787d3fab8bb07c837dc6c4d18edc1371c

SHA512
fb997b4486bfc5eb040c265d1565e429f2cd51b126d44c791a4bd7a902a441bb62530f6cb6df81973a695e673c3ab1e01460fdf5b1eed165eea863a31203637a

Download Submit
C:\Windows\System\fwTePnC.exe

Filesize
5.2MB

MD5
52349ecf8ff420b352663bb2f95f32e3

SHA1
e6b717142d5399342a9e14891c50573d47a4b537

SHA256
78491c854e31c74c690da6b39c28f90c8d8cd3feb8a7b0bc94948b61f957ba3a

SHA512
42ece4700f2d900ac4a57200512613b160094e676df98ae41c008d3ab8089d5985d86d3d82b678e8a4eed9c0b9bb85433c0f35ae3e1ad2b5bdabaed49ac3005d

Download Submit
C:\Windows\System\iAByZEm.exe

Filesize
5.2MB

MD5
4cd47243911583bf4d3e57b8731f2b24

SHA1
05b71ee620684a452671c59af7f8f536f79182c7

SHA256
f22d3e08c3de5d96fc50eeb75588aa7bbe6a604fa031324b67bdf7f4263b87ac

SHA512
09bfbc0aca66345d89610ab1b9d917d0e2ef2222e434ea6e948f83b40ab93bc5bdbe420ae135030961b500f59a4143f9e77628aa8556f5154934fd508450a363

Download Submit
C:\Windows\System\kLrmOGl.exe

Filesize
5.2MB

MD5
3b7867c78abf1aabce01d89f71c905e4

SHA1
1d7023c54b1f25d5f6096b38e95e1b3bb417ccd5

SHA256
7e439321656ce2967ae9121b4711fd56549e8c73ea1a7d8dc7df4fc8b12c45ff

SHA512
90c94d40ab2899486271dd2ac5b9af0fb60c35c0baabc4c8a92061f6dcdb56152c09940e7e10a8558ff63db120e2343fe016a0c075308d04b1ab61f45d996a24

Download Submit
C:\Windows\System\khZmwCH.exe

Filesize
5.2MB

MD5
32ed98aa4a0f59aab776ff4d42ea1479

SHA1
17c0349e0075ce307481d463f9818adb03cfb9ec

SHA256
706033688940a40ed50b58baa7c8b754f206627e4765257a82e7f95f2549ced0

SHA512
be06b62dedb754a7c0a41980461a8a5221d1a155ba0806fbb6d7cfb523d2cdb92e020db2060dfbe033c242fde60eef3e1e9058ffcdb24686b7bade26a6ecb96e

Download Submit
C:\Windows\System\mMwnuLd.exe

Filesize
5.2MB

MD5
7e36ab841002c0b05901a620e40e484c

SHA1
41ef14afc2c973c16751eee0d8f61605c7773f29

SHA256
99d5d299aba928862670da0b2b9337b979e01c2a3a626a5ab0be801903b0029d

SHA512
96df163ae46d76596182c2f79f45c7b1782d99a5d8e58bbfc474ab112a14b296e6891e6075f261c4f4d65c7f3ddf2728f4b0db1c6031f655b7e7b2c5f17f39da

Download Submit
C:\Windows\System\ngQyjsq.exe

Filesize
5.2MB

MD5
95b2ccfb814a91825bfdf3d621b41cee

SHA1
474e29fd8826b0f496527d3e0f1ece6294de71c0

SHA256
d371c9052352e6d71550a3bc11f640682050a1a2462dd36cc2f5a6d57e160129

SHA512
e5bae1c996640d6e0600e085405180dacea3bdf87ed8073b9315f9596dce45f2d56b9570eedb4e653a2cdad2bdee247d9637f7557fc086b3d89cb919ccaa2865

Download Submit
C:\Windows\System\vWqVZlF.exe

Filesize
5.2MB

MD5
72b8acb8df6cb3f9c81bceceddc5977a

SHA1
1ef484df5103cc173fb01b9abd168b0753fc0257

SHA256
d81183d74097e95d99767bd0fce8b88ff2d0ea27433e9b682827be208fdf66ac

SHA512
e0c37ef6e2b151311faf6c4b484e0b780d309bdc437d649475de98bb36d2e320158ffd99f6461fcc072393342caa72af025cf926333b5d69d6d9031103a4a46f

Download Submit
C:\Windows\System\xEucEve.exe

Filesize
5.2MB

MD5
fc948f56cfce1e8cf2edecd879ba8970

SHA1
7c5cd149d756059f8a578075e41c4a5c0b5839b8

SHA256
f2532ad7e1c220552c13bc8fcb52454dc561131726eaf1fd75fc5089b374e7f7

SHA512
05be5640b8d08ea9a39d05443f8072d652dd25bec35893f5e5a22e44b5a3662d6e91a028310cf7c86a0050427eb127b31d40271c7d1461fe8f8146756c3d8b34

Download Submit
memory/400-125-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp

Filesize
3.3MB

Download
memory/400-267-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp

Filesize
3.3MB

Download
memory/400-164-0x00007FF7B6310000-0x00007FF7B6661000-memory.dmp

Filesize
3.3MB

Download
memory/552-240-0x00007FF7C8990000-0x00007FF7C8CE1000-memory.dmp

Filesize
3.3MB

Download
memory/552-60-0x00007FF7C8990000-0x00007FF7C8CE1000-memory.dmp

Filesize
3.3MB

Download
memory/808-181-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp

Filesize
3.3MB

Download
memory/808-1-0x0000020A327E0000-0x0000020A327F0000-memory.dmp

Filesize
64KB

Download
memory/808-0-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp

Filesize
3.3MB

Download
memory/808-57-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp

Filesize
3.3MB

Download
memory/808-155-0x00007FF7CAB40000-0x00007FF7CAE91000-memory.dmp

Filesize
3.3MB

Download
memory/1192-24-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp

Filesize
3.3MB

Download
memory/1192-80-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp

Filesize
3.3MB

Download
memory/1192-222-0x00007FF6ED0B0000-0x00007FF6ED401000-memory.dmp

Filesize
3.3MB

Download
memory/1252-85-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp

Filesize
3.3MB

Download
memory/1252-225-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp

Filesize
3.3MB

Download
memory/1252-30-0x00007FF7F89E0000-0x00007FF7F8D31000-memory.dmp

Filesize
3.3MB

Download
memory/1400-248-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp

Filesize
3.3MB

Download
memory/1400-153-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp

Filesize
3.3MB

Download
memory/1400-77-0x00007FF75B4F0000-0x00007FF75B841000-memory.dmp

Filesize
3.3MB

Download
memory/1540-216-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp

Filesize
3.3MB

Download
memory/1540-63-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp

Filesize
3.3MB

Download
memory/1540-8-0x00007FF731AB0000-0x00007FF731E01000-memory.dmp

Filesize
3.3MB

Download
memory/1692-137-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp

Filesize
3.3MB

Download
memory/1692-244-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp

Filesize
3.3MB

Download
memory/1692-64-0x00007FF77D7D0000-0x00007FF77DB21000-memory.dmp

Filesize
3.3MB

Download
memory/2408-238-0x00007FF793690000-0x00007FF7939E1000-memory.dmp

Filesize
3.3MB

Download
memory/2408-50-0x00007FF793690000-0x00007FF7939E1000-memory.dmp

Filesize
3.3MB

Download
memory/2408-118-0x00007FF793690000-0x00007FF7939E1000-memory.dmp

Filesize
3.3MB

Download
memory/2908-130-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp

Filesize
3.3MB

Download
memory/2908-269-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp

Filesize
3.3MB

Download
memory/2908-165-0x00007FF6EB2D0000-0x00007FF6EB621000-memory.dmp

Filesize
3.3MB

Download
memory/3060-138-0x00007FF6970D0000-0x00007FF697421000-memory.dmp

Filesize
3.3MB

Download
memory/3060-243-0x00007FF6970D0000-0x00007FF697421000-memory.dmp

Filesize
3.3MB

Download
memory/3060-65-0x00007FF6970D0000-0x00007FF697421000-memory.dmp

Filesize
3.3MB

Download
memory/3340-142-0x00007FF63A630000-0x00007FF63A981000-memory.dmp

Filesize
3.3MB

Download
memory/3340-273-0x00007FF63A630000-0x00007FF63A981000-memory.dmp

Filesize
3.3MB

Download
memory/3340-168-0x00007FF63A630000-0x00007FF63A981000-memory.dmp

Filesize
3.3MB

Download
memory/4332-247-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp

Filesize
3.3MB

Download
memory/4332-152-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp

Filesize
3.3MB

Download
memory/4332-81-0x00007FF69B770000-0x00007FF69BAC1000-memory.dmp

Filesize
3.3MB

Download
memory/4432-107-0x00007FF6C7510000-0x00007FF6C7861000-memory.dmp

Filesize
3.3MB

Download
memory/4432-261-0x00007FF6C7510000-0x00007FF6C7861000-memory.dmp

Filesize
3.3MB

Download
memory/4552-169-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp

Filesize
3.3MB

Download
memory/4552-265-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp

Filesize
3.3MB

Download
memory/4552-124-0x00007FF77ACF0000-0x00007FF77B041000-memory.dmp

Filesize
3.3MB

Download
memory/4636-67-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp

Filesize
3.3MB

Download
memory/4636-218-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp

Filesize
3.3MB

Download
memory/4636-12-0x00007FF7BBE30000-0x00007FF7BC181000-memory.dmp

Filesize
3.3MB

Download
memory/4648-220-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp

Filesize
3.3MB

Download
memory/4648-75-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp

Filesize
3.3MB

Download
memory/4648-18-0x00007FF75AAD0000-0x00007FF75AE21000-memory.dmp

Filesize
3.3MB

Download
memory/4704-42-0x00007FF77D000000-0x00007FF77D351000-memory.dmp

Filesize
3.3MB

Download
memory/4704-236-0x00007FF77D000000-0x00007FF77D351000-memory.dmp

Filesize
3.3MB

Download
memory/4704-109-0x00007FF77D000000-0x00007FF77D351000-memory.dmp

Filesize
3.3MB

Download
memory/4840-92-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4840-154-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4840-253-0x00007FF6BE470000-0x00007FF6BE7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4868-234-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp

Filesize
3.3MB

Download
memory/4868-103-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp

Filesize
3.3MB

Download
memory/4868-36-0x00007FF7BD890000-0x00007FF7BDBE1000-memory.dmp

Filesize
3.3MB

Download
memory/5052-141-0x00007FF7272A0000-0x00007FF7275F1000-memory.dmp

Filesize
3.3MB

Download
memory/5052-271-0x00007FF7272A0000-0x00007FF7275F1000-memory.dmp

Filesize
3.3MB

Download
memory/5064-110-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp

Filesize
3.3MB

Download
memory/5064-263-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp

Filesize
3.3MB

Download
memory/5064-167-0x00007FF6E4A20000-0x00007FF6E4D71000-memory.dmp

Filesize
3.3MB

Download