cobaltstrike | 9896b3a2d7393ea7c53def66661b5045f1067ebf63c2e15843717e0ea2dbfcb2

Analysis

max time kernel
114s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12-09-2024 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22a78eabde98f942f0513bda3391a1d0N.exe
Size

5.9MB
MD5

22a78eabde98f942f0513bda3391a1d0
SHA1

1f38e94429c0aa20dba296540cd4e7921fb76cd6
SHA256

9896b3a2d7393ea7c53def66661b5045f1067ebf63c2e15843717e0ea2dbfcb2
SHA512

34edf4039016d79ba00b00a8e2bf896db02965a1e4e51b143f21ca104c7a33e0e94e797023cb790529ffbf77421daacd04708336214f806a892800a20cf2618e
SSDEEP

98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lUS:T+856utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00080000000234bc-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c1-14.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c2-22.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c6-37.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c5-36.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c4-40.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c3-38.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c0-15.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c8-74.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cc-89.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cb-86.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cd-80.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234ca-79.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c9-76.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c7-66.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234ce-95.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000234bd-100.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d1-119.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d0-118.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d2-128.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cf-111.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4572-0-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp	xmrig
behavioral2/files/0x00080000000234bc-5.dat	xmrig
behavioral2/memory/3044-6-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c1-14.dat	xmrig
behavioral2/files/0x00070000000234c2-22.dat	xmrig
behavioral2/memory/3388-18-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c6-37.dat	xmrig
behavioral2/files/0x00070000000234c5-36.dat	xmrig
behavioral2/memory/1388-43-0x00007FF686560000-0x00007FF6868B4000-memory.dmp	xmrig
behavioral2/memory/636-42-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c4-40.dat	xmrig
behavioral2/memory/3132-30-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c3-38.dat	xmrig
behavioral2/files/0x00070000000234c0-15.dat	xmrig
behavioral2/memory/1268-54-0x00007FF78F410000-0x00007FF78F764000-memory.dmp	xmrig
behavioral2/memory/4536-61-0x00007FF7154D0000-0x00007FF715824000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c8-74.dat	xmrig
behavioral2/memory/3996-85-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cc-89.dat	xmrig
behavioral2/memory/4540-92-0x00007FF76D8A0000-0x00007FF76DBF4000-memory.dmp	xmrig
behavioral2/memory/4468-91-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	xmrig
behavioral2/memory/2740-88-0x00007FF6ADBF0000-0x00007FF6ADF44000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cb-86.dat	xmrig
behavioral2/memory/1792-84-0x00007FF601E20000-0x00007FF602174000-memory.dmp	xmrig
behavioral2/memory/1048-83-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cd-80.dat	xmrig
behavioral2/files/0x00070000000234ca-79.dat	xmrig
behavioral2/files/0x00070000000234c9-76.dat	xmrig
behavioral2/memory/3184-73-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp	xmrig
behavioral2/memory/980-72-0x00007FF7863C0000-0x00007FF786714000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c7-66.dat	xmrig
behavioral2/files/0x00070000000234ce-95.dat	xmrig
behavioral2/files/0x00080000000234bd-100.dat	xmrig
behavioral2/files/0x00070000000234d1-119.dat	xmrig
behavioral2/files/0x00070000000234d0-118.dat	xmrig
behavioral2/files/0x00070000000234d2-128.dat	xmrig
behavioral2/memory/636-131-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	xmrig
behavioral2/memory/3132-130-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	xmrig
behavioral2/memory/4496-127-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp	xmrig
behavioral2/memory/4308-126-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp	xmrig
behavioral2/memory/3388-124-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	xmrig
behavioral2/memory/3044-123-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	xmrig
behavioral2/memory/2476-115-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp	xmrig
behavioral2/memory/4572-114-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp	xmrig
behavioral2/memory/1108-113-0x00007FF634EF0000-0x00007FF635244000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cf-111.dat	xmrig
behavioral2/memory/5104-105-0x00007FF768100000-0x00007FF768454000-memory.dmp	xmrig
behavioral2/memory/4020-96-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp	xmrig
behavioral2/memory/1268-133-0x00007FF78F410000-0x00007FF78F764000-memory.dmp	xmrig
behavioral2/memory/1048-134-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp	xmrig
behavioral2/memory/1792-135-0x00007FF601E20000-0x00007FF602174000-memory.dmp	xmrig
behavioral2/memory/3996-136-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp	xmrig
behavioral2/memory/4020-137-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp	xmrig
behavioral2/memory/5104-138-0x00007FF768100000-0x00007FF768454000-memory.dmp	xmrig
behavioral2/memory/1108-139-0x00007FF634EF0000-0x00007FF635244000-memory.dmp	xmrig
behavioral2/memory/2476-140-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp	xmrig
behavioral2/memory/4308-141-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp	xmrig
behavioral2/memory/4496-142-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp	xmrig
behavioral2/memory/3044-143-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	xmrig
behavioral2/memory/3388-144-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	xmrig
behavioral2/memory/3132-146-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	xmrig
behavioral2/memory/4536-145-0x00007FF7154D0000-0x00007FF715824000-memory.dmp	xmrig
behavioral2/memory/636-147-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	xmrig
behavioral2/memory/1388-148-0x00007FF686560000-0x00007FF6868B4000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
3044	jAkMcyK.exe
3388	YbLPUzY.exe
3132	EXlKIou.exe
4536	kNIpqLW.exe
636	tVakbRl.exe
1388	rCnNIbu.exe
980	hIKVGQS.exe
1268	YIVOWHs.exe
3184	hyGCIMa.exe
2740	GwBlxYG.exe
1048	bGPMqhz.exe
4468	coUfmoI.exe
1792	EXtquoI.exe
3996	KAiOpOP.exe
4540	xRLQqTz.exe
4020	fLFKTLa.exe
5104	oBrPYoZ.exe
1108	eEnbewX.exe
2476	mPgzEDs.exe
4308	PEekOSm.exe
4496	fczJtiT.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4572-0-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp	upx
behavioral2/files/0x00080000000234bc-5.dat	upx
behavioral2/memory/3044-6-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	upx
behavioral2/files/0x00070000000234c1-14.dat	upx
behavioral2/files/0x00070000000234c2-22.dat	upx
behavioral2/memory/3388-18-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-37.dat	upx
behavioral2/files/0x00070000000234c5-36.dat	upx
behavioral2/memory/1388-43-0x00007FF686560000-0x00007FF6868B4000-memory.dmp	upx
behavioral2/memory/636-42-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-40.dat	upx
behavioral2/memory/3132-30-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-38.dat	upx
behavioral2/files/0x00070000000234c0-15.dat	upx
behavioral2/memory/1268-54-0x00007FF78F410000-0x00007FF78F764000-memory.dmp	upx
behavioral2/memory/4536-61-0x00007FF7154D0000-0x00007FF715824000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-74.dat	upx
behavioral2/memory/3996-85-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-89.dat	upx
behavioral2/memory/4540-92-0x00007FF76D8A0000-0x00007FF76DBF4000-memory.dmp	upx
behavioral2/memory/4468-91-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp	upx
behavioral2/memory/2740-88-0x00007FF6ADBF0000-0x00007FF6ADF44000-memory.dmp	upx
behavioral2/files/0x00070000000234cb-86.dat	upx
behavioral2/memory/1792-84-0x00007FF601E20000-0x00007FF602174000-memory.dmp	upx
behavioral2/memory/1048-83-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-80.dat	upx
behavioral2/files/0x00070000000234ca-79.dat	upx
behavioral2/files/0x00070000000234c9-76.dat	upx
behavioral2/memory/3184-73-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp	upx
behavioral2/memory/980-72-0x00007FF7863C0000-0x00007FF786714000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-66.dat	upx
behavioral2/files/0x00070000000234ce-95.dat	upx
behavioral2/files/0x00080000000234bd-100.dat	upx
behavioral2/files/0x00070000000234d1-119.dat	upx
behavioral2/files/0x00070000000234d0-118.dat	upx
behavioral2/files/0x00070000000234d2-128.dat	upx
behavioral2/memory/636-131-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	upx
behavioral2/memory/3132-130-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	upx
behavioral2/memory/4496-127-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp	upx
behavioral2/memory/4308-126-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp	upx
behavioral2/memory/3388-124-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	upx
behavioral2/memory/3044-123-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	upx
behavioral2/memory/2476-115-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp	upx
behavioral2/memory/4572-114-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp	upx
behavioral2/memory/1108-113-0x00007FF634EF0000-0x00007FF635244000-memory.dmp	upx
behavioral2/files/0x00070000000234cf-111.dat	upx
behavioral2/memory/5104-105-0x00007FF768100000-0x00007FF768454000-memory.dmp	upx
behavioral2/memory/4020-96-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp	upx
behavioral2/memory/1268-133-0x00007FF78F410000-0x00007FF78F764000-memory.dmp	upx
behavioral2/memory/1048-134-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp	upx
behavioral2/memory/1792-135-0x00007FF601E20000-0x00007FF602174000-memory.dmp	upx
behavioral2/memory/3996-136-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp	upx
behavioral2/memory/4020-137-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp	upx
behavioral2/memory/5104-138-0x00007FF768100000-0x00007FF768454000-memory.dmp	upx
behavioral2/memory/1108-139-0x00007FF634EF0000-0x00007FF635244000-memory.dmp	upx
behavioral2/memory/2476-140-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp	upx
behavioral2/memory/4308-141-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp	upx
behavioral2/memory/4496-142-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp	upx
behavioral2/memory/3044-143-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp	upx
behavioral2/memory/3388-144-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp	upx
behavioral2/memory/3132-146-0x00007FF68C510000-0x00007FF68C864000-memory.dmp	upx
behavioral2/memory/4536-145-0x00007FF7154D0000-0x00007FF715824000-memory.dmp	upx
behavioral2/memory/636-147-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp	upx
behavioral2/memory/1388-148-0x00007FF686560000-0x00007FF6868B4000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\YbLPUzY.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\rCnNIbu.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\coUfmoI.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\jAkMcyK.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\EXlKIou.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\tVakbRl.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\hIKVGQS.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\xRLQqTz.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\fczJtiT.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\YIVOWHs.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\GwBlxYG.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\EXtquoI.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\KAiOpOP.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\fLFKTLa.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\mPgzEDs.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\PEekOSm.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\kNIpqLW.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\hyGCIMa.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\bGPMqhz.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\oBrPYoZ.exe	22a78eabde98f942f0513bda3391a1d0N.exe
File created	C:\Windows\System\eEnbewX.exe	22a78eabde98f942f0513bda3391a1d0N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4572	22a78eabde98f942f0513bda3391a1d0N.exe
Token: SeLockMemoryPrivilege	4572	22a78eabde98f942f0513bda3391a1d0N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3044	4572	22a78eabde98f942f0513bda3391a1d0N.exe	84
PID 4572 wrote to memory of 3044	4572	22a78eabde98f942f0513bda3391a1d0N.exe	84
PID 4572 wrote to memory of 3388	4572	22a78eabde98f942f0513bda3391a1d0N.exe	85
PID 4572 wrote to memory of 3388	4572	22a78eabde98f942f0513bda3391a1d0N.exe	85
PID 4572 wrote to memory of 3132	4572	22a78eabde98f942f0513bda3391a1d0N.exe	86
PID 4572 wrote to memory of 3132	4572	22a78eabde98f942f0513bda3391a1d0N.exe	86
PID 4572 wrote to memory of 4536	4572	22a78eabde98f942f0513bda3391a1d0N.exe	87
PID 4572 wrote to memory of 4536	4572	22a78eabde98f942f0513bda3391a1d0N.exe	87
PID 4572 wrote to memory of 636	4572	22a78eabde98f942f0513bda3391a1d0N.exe	88
PID 4572 wrote to memory of 636	4572	22a78eabde98f942f0513bda3391a1d0N.exe	88
PID 4572 wrote to memory of 1388	4572	22a78eabde98f942f0513bda3391a1d0N.exe	89
PID 4572 wrote to memory of 1388	4572	22a78eabde98f942f0513bda3391a1d0N.exe	89
PID 4572 wrote to memory of 980	4572	22a78eabde98f942f0513bda3391a1d0N.exe	90
PID 4572 wrote to memory of 980	4572	22a78eabde98f942f0513bda3391a1d0N.exe	90
PID 4572 wrote to memory of 1268	4572	22a78eabde98f942f0513bda3391a1d0N.exe	91
PID 4572 wrote to memory of 1268	4572	22a78eabde98f942f0513bda3391a1d0N.exe	91
PID 4572 wrote to memory of 3184	4572	22a78eabde98f942f0513bda3391a1d0N.exe	92
PID 4572 wrote to memory of 3184	4572	22a78eabde98f942f0513bda3391a1d0N.exe	92
PID 4572 wrote to memory of 4468	4572	22a78eabde98f942f0513bda3391a1d0N.exe	93
PID 4572 wrote to memory of 4468	4572	22a78eabde98f942f0513bda3391a1d0N.exe	93
PID 4572 wrote to memory of 2740	4572	22a78eabde98f942f0513bda3391a1d0N.exe	94
PID 4572 wrote to memory of 2740	4572	22a78eabde98f942f0513bda3391a1d0N.exe	94
PID 4572 wrote to memory of 1048	4572	22a78eabde98f942f0513bda3391a1d0N.exe	95
PID 4572 wrote to memory of 1048	4572	22a78eabde98f942f0513bda3391a1d0N.exe	95
PID 4572 wrote to memory of 1792	4572	22a78eabde98f942f0513bda3391a1d0N.exe	96
PID 4572 wrote to memory of 1792	4572	22a78eabde98f942f0513bda3391a1d0N.exe	96
PID 4572 wrote to memory of 3996	4572	22a78eabde98f942f0513bda3391a1d0N.exe	97
PID 4572 wrote to memory of 3996	4572	22a78eabde98f942f0513bda3391a1d0N.exe	97
PID 4572 wrote to memory of 4540	4572	22a78eabde98f942f0513bda3391a1d0N.exe	98
PID 4572 wrote to memory of 4540	4572	22a78eabde98f942f0513bda3391a1d0N.exe	98
PID 4572 wrote to memory of 4020	4572	22a78eabde98f942f0513bda3391a1d0N.exe	99
PID 4572 wrote to memory of 4020	4572	22a78eabde98f942f0513bda3391a1d0N.exe	99
PID 4572 wrote to memory of 5104	4572	22a78eabde98f942f0513bda3391a1d0N.exe	100
PID 4572 wrote to memory of 5104	4572	22a78eabde98f942f0513bda3391a1d0N.exe	100
PID 4572 wrote to memory of 1108	4572	22a78eabde98f942f0513bda3391a1d0N.exe	101
PID 4572 wrote to memory of 1108	4572	22a78eabde98f942f0513bda3391a1d0N.exe	101
PID 4572 wrote to memory of 2476	4572	22a78eabde98f942f0513bda3391a1d0N.exe	102
PID 4572 wrote to memory of 2476	4572	22a78eabde98f942f0513bda3391a1d0N.exe	102
PID 4572 wrote to memory of 4308	4572	22a78eabde98f942f0513bda3391a1d0N.exe	103
PID 4572 wrote to memory of 4308	4572	22a78eabde98f942f0513bda3391a1d0N.exe	103
PID 4572 wrote to memory of 4496	4572	22a78eabde98f942f0513bda3391a1d0N.exe	105
PID 4572 wrote to memory of 4496	4572	22a78eabde98f942f0513bda3391a1d0N.exe	105

C:\Users\Admin\AppData\Local\Temp\22a78eabde98f942f0513bda3391a1d0N.exe
"C:\Users\Admin\AppData\Local\Temp\22a78eabde98f942f0513bda3391a1d0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\System\jAkMcyK.exe
  C:\Windows\System\jAkMcyK.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\YbLPUzY.exe
  C:\Windows\System\YbLPUzY.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\EXlKIou.exe
  C:\Windows\System\EXlKIou.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\kNIpqLW.exe
  C:\Windows\System\kNIpqLW.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\tVakbRl.exe
  C:\Windows\System\tVakbRl.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\rCnNIbu.exe
  C:\Windows\System\rCnNIbu.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\hIKVGQS.exe
  C:\Windows\System\hIKVGQS.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\YIVOWHs.exe
  C:\Windows\System\YIVOWHs.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\hyGCIMa.exe
  C:\Windows\System\hyGCIMa.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\coUfmoI.exe
  C:\Windows\System\coUfmoI.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\GwBlxYG.exe
  C:\Windows\System\GwBlxYG.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\bGPMqhz.exe
  C:\Windows\System\bGPMqhz.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\EXtquoI.exe
  C:\Windows\System\EXtquoI.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\KAiOpOP.exe
  C:\Windows\System\KAiOpOP.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\xRLQqTz.exe
  C:\Windows\System\xRLQqTz.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\fLFKTLa.exe
  C:\Windows\System\fLFKTLa.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\oBrPYoZ.exe
  C:\Windows\System\oBrPYoZ.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\eEnbewX.exe
  C:\Windows\System\eEnbewX.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\mPgzEDs.exe
  C:\Windows\System\mPgzEDs.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\PEekOSm.exe
  C:\Windows\System\PEekOSm.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\fczJtiT.exe
  C:\Windows\System\fczJtiT.exe
  2⤵
  - Executes dropped EXE
  PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\EXlKIou.exe

Filesize
5.9MB

MD5
391a63843b3b4d1e7d8b595eefa5b110

SHA1
bd425ccd57cfefd9612ca049f422c8ff059a947b

SHA256
9b8794ee0e58f29e2ef3934e3dcac25038f7f1fef6c46cd700bcb2f2dfc0a9c7

SHA512
588bfe0fee4d0a8a160caed37bfb93b7a2955c6680466bcd892dac40d7c07ad4248cd53caf7ddfdc86502345a3dd85642e88b9b40ab3610932e1d6d97f6fb490

Download Submit
C:\Windows\System\EXtquoI.exe

Filesize
5.9MB

MD5
b66d6722ee6bcda6fe893a8fe3768912

SHA1
508feeefd401683fab43f7cb257adb30a13ebadc

SHA256
7acc12dd9801b02e519501a6839730296c2f1e30a723b2741cbddccd11492f32

SHA512
b38e27c8ad1437276114ef38cb4e4455ba6585289740660a040376b4209685d525056a0528c3853b878c6daa6b5f073a05c6317b6a06b4a9f5b2a70e2cfec2fa

Download Submit
C:\Windows\System\GwBlxYG.exe

Filesize
5.9MB

MD5
34a3bd0d4a4b916027d565332c947f69

SHA1
01bad40b71f778651da259d7871c845421fff3d6

SHA256
86f531ec050285a84173f6a13a8499f89652855ee0685491ca24c8063063d5eb

SHA512
8742a83168b24f5d0bc8b0b824feb3f252553656d5bab8dd583ea9d7ea6fa5b031b3088cffdcd89752a6bd6588a2c2ba716c33c1994617e20fef3a44e8c8cae8

Download Submit
C:\Windows\System\KAiOpOP.exe

Filesize
5.9MB

MD5
15747a429d5fb3bb7552aeab1889c8b4

SHA1
5e16183189779968fc790d6f35d733c6717f2fb9

SHA256
5db20d510ad41bc6cf2bcfa18b1aebb88b746a2138ed3a5b5377807645c097bf

SHA512
87797209b6c778b20ecc134f8bd8c99f31799a77321276f0f306943595249d83fe6081614f274f70c1fdb0334690fdaa63f43f8f80b18231506072ed36c28024

Download Submit
C:\Windows\System\PEekOSm.exe

Filesize
5.9MB

MD5
91b6973f62a7d4237a7b1b2ab09ef937

SHA1
9910241343c43374f5063fdc3bfd66a4ca23f6cc

SHA256
d0f012f4e9a3b3732c1f26fc634af21cc85f42a8690a9b4bbc7a9455b930624c

SHA512
f907804a3832ee1d9c1cedb3052f41fbdec89af052fc21c02310b2eab2429b0f7e56bc85c60b81ce8ba4f35ff047702e38c5724b8ec4f71d5849ad44ae73cc82

Download Submit
C:\Windows\System\YIVOWHs.exe

Filesize
5.9MB

MD5
b12f6fab22d2df8a2b7a159e4f8415f8

SHA1
df0bbc089a815640851f387f82f8d3308f771217

SHA256
cb55f3963a2ca8c9da67beb67bc4d229df0d7af7f3a97436907e2d2b41b6f0c3

SHA512
6f0edd72db995d9adcbf982a1cbf1707176178f67bb6e08162d33d2ff6c09f556ab7935c0f038194fc6b12822eeef370b6c7085d6a707c77e987e547927af3a4

Download Submit
C:\Windows\System\YbLPUzY.exe

Filesize
5.9MB

MD5
4995e7d42193755a60e8c635991d0a2f

SHA1
8434b5ff1eebbf03e93c46951842846e1323d746

SHA256
1cf7c1ec26514559341dcbea105553ed2eeec39a23cdee6b1d6dc55beb337c57

SHA512
b2480dec680ff41a08b27af99320aef958f618cf7d3af0a862a346658fa2292d17d68693750c4a5e1baaa3bad3eaa22b22da9bc6d3278989a2688134bf0e03f9

Download Submit
C:\Windows\System\bGPMqhz.exe

Filesize
5.9MB

MD5
438a4f858af2337a2770aece679e265c

SHA1
aef2df1717b94cdba8d5718a2af1eab78bc74eec

SHA256
2d4ef92a981800e6b9673e3c9f9b201cebf5950707c0451cc789aa44958f97c5

SHA512
3c5726dd1167af2eb68c9254fb7e1691d347626c5e12fdd197549b4a24599c6afea918d2b58865e7cd09cd4874927e3154b20a75f08e155655ebc6565b485e59

Download Submit
C:\Windows\System\coUfmoI.exe

Filesize
5.9MB

MD5
94a80b53e3608d49a23f81cea1c9010e

SHA1
85ded52fbb1cbf353868eab5b55b9e22537c955b

SHA256
d082ad8ac102331c8359d0c168e1cf35833d073b1d193a3ed34129c3901e3031

SHA512
8a89c11c32f099c7282f86b12687d020eaa79219302ef671c22789792aa5b508cd5ac71c1e5d5821e719ebf4ba4dd87ec0c5a3c27feb9a74e1f71b53e3bd71b9

Download Submit
C:\Windows\System\eEnbewX.exe

Filesize
5.9MB

MD5
f6248693268edfb21624a92cf86a11de

SHA1
8ec200b421ac34bc9e9d485c2f0b04da53e53517

SHA256
54ab97bed996c0bfe254842877bbd93250d250b01d9c43510e5b6ccacddcca9a

SHA512
25b9a42238975d15198b729a6c1113bf47725ddc0d6a6120932ff4a61c92c864b366ac37014d06bde153af7da324b93f6f960c88798ed6c917ed6cebbc524dc7

Download Submit
C:\Windows\System\fLFKTLa.exe

Filesize
5.9MB

MD5
bd35c422c1067e28b49968ebd6f0f363

SHA1
f78bccd96e623933c9474265e0fb49d76a9f837a

SHA256
d79bc3ae69d62fc559568b0ab45ae45aedf18306cd2293601be16385ee222101

SHA512
bd5dfa839d196d87d3e152d7b290e9262ff3a8d355416ad695c239e8d3e8d0fd4d42a27248b7092c2ed64612a7884d40520e3f2623547f94dad5483e30d6a4ca

Download Submit
C:\Windows\System\fczJtiT.exe

Filesize
5.9MB

MD5
3992d49170469f7864f5062d5753c4bd

SHA1
6cd61798b7af888c6a856d57637a0900b68fc599

SHA256
e54ca05334f7bcc3b08f1cf16b6e1d34beb0f55a15af3bb5d8e50c3b310573c1

SHA512
d6f15e35668b8b4203b407b6767fac716f68ce23ed2472b12679bd91266aba9e621f52fabcadc596c7945a496cb0621f34f0a02532c2d303255ee53beeb99570

Download Submit
C:\Windows\System\hIKVGQS.exe

Filesize
5.9MB

MD5
d541a9820be5eef4a0135f5e1ba0437e

SHA1
61b244a231500683cdb062e4868d4d8679f58750

SHA256
3a00e463275ea473f990f6dca3423244880ed1019241b1db0acbb9dc20b862fe

SHA512
de53d43c8e2f44b856e672983a130f10a250922094174668b94e156c8f9f781d4dd4a81eb021c09ad24bbe1f60269be858ce9d6eae722e9b86979c10aac3f1d5

Download Submit
C:\Windows\System\hyGCIMa.exe

Filesize
5.9MB

MD5
b925fbc0248a716056f748b4b7ad540e

SHA1
3fc5c18dc16fbdd32a317983b8154f03da96d558

SHA256
0b6abc70e465e3f1df2ec91255e3ad8e69c45eeb968636a173135ca1128de2b6

SHA512
265d2bd407d2d3031e58a62ab901a80609d8a86de77ef6801604597be16fcb0c36d248c5e36d223c4fdadcb859d8d387c11f2a11395aa4c1b44aa1363e07d685

Download Submit
C:\Windows\System\jAkMcyK.exe

Filesize
5.9MB

MD5
c8b9ae0def5f9cc1c6161eb189b9105d

SHA1
91c61dc43c44e5fa8068fd05baabf708b7eef811

SHA256
104e630403d364c702166777cc38022b0da7b913a951b13af82e4b6e9e46b69c

SHA512
ec6bcd43f64532eef34953877253889df96e30f4ff3f920cfdebfeec0d5636455e4600b7e146d6c9761daa1f4db26440433be99a96e384862d7be751112ce0e9

Download Submit
C:\Windows\System\kNIpqLW.exe

Filesize
5.9MB

MD5
98eef6245d2ef5c7f0a82525f50864dc

SHA1
f42a9201ffa50a0a373534f1203b682d33482a19

SHA256
1650bb548ff2b30f6530f51285e3fe143e066de4667b469070fa9e16a82a92a7

SHA512
85e3e910059c2d8e05b3718b75d1f7138c22f96d27cd91acae1cbcaddb165d08d0e2aec91f0ad314fdcd57124981427ea58e5ab4df4f0d22e596756e4d119e7e

Download Submit
C:\Windows\System\mPgzEDs.exe

Filesize
5.9MB

MD5
b33f603dde5021c7d94bcb9ce69b42ec

SHA1
a3c03bab88eda7c1c0517588f42c27cf57e96751

SHA256
01fea5bbcf09293630ddb7d3fb18633207aaea7e88939a97a38e80f6bc5dda8c

SHA512
7dc51ab49585c62c710de96094a0a90abf574220e2ce229348e995ae358d03a05c837bdd963d7cc2c27e4bc70094baae1b2fb317c6cd7a07ac1b381c21b0e7a8

Download Submit
C:\Windows\System\oBrPYoZ.exe

Filesize
5.9MB

MD5
2b466e22f8ec4200b25c58097ec4df1e

SHA1
f5e1dda79d6a9eea8a0118b84e61778ddb61949f

SHA256
9c5828b0c189b470e48415e74756138fafbbbaa7634d5f2cbeb53aac1d5bd122

SHA512
56317cf5c11af8d6e0fa1e096eed56e895c8e74952a92868a656f4105080f366f551dc5d446366aa2b85e107641388326636ffd352ecf4f33b1108d70b513c8f

Download Submit
C:\Windows\System\rCnNIbu.exe

Filesize
5.9MB

MD5
979f36961fc21e4acd1ddab414720212

SHA1
191875d0a54f46766f609fba1c436a547edbec46

SHA256
c1a89d399074cfc3f7176c25f1adeaa8c1736a127f56babd3eb456ccac096046

SHA512
71fd0fe8944127c9ca7d747e6033488212a1c0e38b7435b30b89ccec0836135e49bb087c331d872e75ad1c77b508f7a1261dfa65b643b889eb1737c3b636b2c9

Download Submit
C:\Windows\System\tVakbRl.exe

Filesize
5.9MB

MD5
139c6b01d527e6c617d511e0c0febf77

SHA1
1d84a7be7526c9a1af81d84b6618c841892bcd07

SHA256
1f4ba42c23af531a81cf56dd8eb85d8b64ac8f458cf6a2fea49cb727959c8475

SHA512
dec1e68b9fdf67241f2d929b441a7e5338c7bfd0c3910db4503a6a45bf983a369ce4ba1b8d7902ffa5ebdcd1f0fc69a68b84fe90bb523c081267aed261e48182

Download Submit
C:\Windows\System\xRLQqTz.exe

Filesize
5.9MB

MD5
e64dc04a55ad2f38a8ce4f1dcf877c5f

SHA1
3dbe3fa0902d16de17411748d9afc8fa795a8286

SHA256
944ae2d7146cef43797f1712a7a7e78662351a2a8ad9e441ed1c64e8345cb302

SHA512
4c1e1520be3b690715ecd6b0618cae1548af5dd7c49ea203a9e3d51e7b42b5ca12123306633fdfae73a9a5df64434899b1b92421ab188e0f65f3251c8972e0db

Download Submit
memory/636-42-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp

Filesize
3.3MB

Download
memory/636-147-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp

Filesize
3.3MB

Download
memory/636-131-0x00007FF7BD260000-0x00007FF7BD5B4000-memory.dmp

Filesize
3.3MB

Download
memory/980-150-0x00007FF7863C0000-0x00007FF786714000-memory.dmp

Filesize
3.3MB

Download
memory/980-72-0x00007FF7863C0000-0x00007FF786714000-memory.dmp

Filesize
3.3MB

Download
memory/1048-154-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-83-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-134-0x00007FF6F3960000-0x00007FF6F3CB4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-160-0x00007FF634EF0000-0x00007FF635244000-memory.dmp

Filesize
3.3MB

Download
memory/1108-113-0x00007FF634EF0000-0x00007FF635244000-memory.dmp

Filesize
3.3MB

Download
memory/1108-139-0x00007FF634EF0000-0x00007FF635244000-memory.dmp

Filesize
3.3MB

Download
memory/1268-54-0x00007FF78F410000-0x00007FF78F764000-memory.dmp

Filesize
3.3MB

Download
memory/1268-149-0x00007FF78F410000-0x00007FF78F764000-memory.dmp

Filesize
3.3MB

Download
memory/1268-133-0x00007FF78F410000-0x00007FF78F764000-memory.dmp

Filesize
3.3MB

Download
memory/1388-148-0x00007FF686560000-0x00007FF6868B4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-43-0x00007FF686560000-0x00007FF6868B4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-155-0x00007FF601E20000-0x00007FF602174000-memory.dmp

Filesize
3.3MB

Download
memory/1792-84-0x00007FF601E20000-0x00007FF602174000-memory.dmp

Filesize
3.3MB

Download
memory/1792-135-0x00007FF601E20000-0x00007FF602174000-memory.dmp

Filesize
3.3MB

Download
memory/2476-115-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-161-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-140-0x00007FF70F5A0000-0x00007FF70F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-88-0x00007FF6ADBF0000-0x00007FF6ADF44000-memory.dmp

Filesize
3.3MB

Download
memory/2740-157-0x00007FF6ADBF0000-0x00007FF6ADF44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-123-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-6-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-143-0x00007FF7F3480000-0x00007FF7F37D4000-memory.dmp

Filesize
3.3MB

Download
memory/3132-30-0x00007FF68C510000-0x00007FF68C864000-memory.dmp

Filesize
3.3MB

Download
memory/3132-146-0x00007FF68C510000-0x00007FF68C864000-memory.dmp

Filesize
3.3MB

Download
memory/3132-130-0x00007FF68C510000-0x00007FF68C864000-memory.dmp

Filesize
3.3MB

Download
memory/3184-151-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp

Filesize
3.3MB

Download
memory/3184-73-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp

Filesize
3.3MB

Download
memory/3388-18-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp

Filesize
3.3MB

Download
memory/3388-124-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp

Filesize
3.3MB

Download
memory/3388-144-0x00007FF694AB0000-0x00007FF694E04000-memory.dmp

Filesize
3.3MB

Download
memory/3996-136-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-152-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp

Filesize
3.3MB

Download
memory/3996-85-0x00007FF72FF60000-0x00007FF7302B4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-137-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-96-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4020-158-0x00007FF72A780000-0x00007FF72AAD4000-memory.dmp

Filesize
3.3MB

Download
memory/4308-126-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp

Filesize
3.3MB

Download
memory/4308-162-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp

Filesize
3.3MB

Download
memory/4308-141-0x00007FF71D9C0000-0x00007FF71DD14000-memory.dmp

Filesize
3.3MB

Download
memory/4468-156-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4468-91-0x00007FF7FDA80000-0x00007FF7FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-127-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-163-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp

Filesize
3.3MB

Download
memory/4496-142-0x00007FF7C6F90000-0x00007FF7C72E4000-memory.dmp

Filesize
3.3MB

Download
memory/4536-145-0x00007FF7154D0000-0x00007FF715824000-memory.dmp

Filesize
3.3MB

Download
memory/4536-61-0x00007FF7154D0000-0x00007FF715824000-memory.dmp

Filesize
3.3MB

Download
memory/4540-153-0x00007FF76D8A0000-0x00007FF76DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4540-92-0x00007FF76D8A0000-0x00007FF76DBF4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-114-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-0-0x00007FF6C37A0000-0x00007FF6C3AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-1-0x0000022ADF5D0000-0x0000022ADF5E0000-memory.dmp

Filesize
64KB

Download
memory/5104-105-0x00007FF768100000-0x00007FF768454000-memory.dmp

Filesize
3.3MB

Download
memory/5104-159-0x00007FF768100000-0x00007FF768454000-memory.dmp

Filesize
3.3MB

Download
memory/5104-138-0x00007FF768100000-0x00007FF768454000-memory.dmp

Filesize
3.3MB

Download