cobaltstrike | c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
Size

5.9MB
MD5

a469f23efd557fb30a3b092cc200694b
SHA1

feb478fa903bdc7f0a0d03be23927ba8c276fd99
SHA256

c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2
SHA512

10b6228d8b4af92dbe74c324520ce1859176a329772cc07229a9689f57088df9486f8e77b43ea211b4404ddc28837e550d1a966344181055fe2e9f0c11d50a73
SSDEEP

98304:BemTLkNdfE0pZrT56utgpPFotBER/mQ32lUM:Q+u56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00080000000234bb-5.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234bf-10.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c0-11.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000234bc-24.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c1-30.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c3-44.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c4-49.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c2-40.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c5-54.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c7-60.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022b25-65.dat	cobalt_reflective_dll
behavioral2/files/0x000a00000002341e-73.dat	cobalt_reflective_dll
behavioral2/files/0x0003000000022a9e-81.dat	cobalt_reflective_dll
behavioral2/files/0x0002000000022b23-88.dat	cobalt_reflective_dll
behavioral2/files/0x000a00000002341b-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a00000002341c-103.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c8-109.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c9-116.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234ca-122.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cc-126.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cd-137.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4064-0-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp	xmrig
behavioral2/files/0x00080000000234bb-5.dat	xmrig
behavioral2/files/0x00070000000234bf-10.dat	xmrig
behavioral2/memory/1044-7-0x00007FF634540000-0x00007FF634894000-memory.dmp	xmrig
behavioral2/memory/2864-14-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c0-11.dat	xmrig
behavioral2/memory/3600-20-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	xmrig
behavioral2/files/0x00080000000234bc-24.dat	xmrig
behavioral2/files/0x00070000000234c1-30.dat	xmrig
behavioral2/memory/3532-27-0x00007FF780160000-0x00007FF7804B4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c3-44.dat	xmrig
behavioral2/memory/3212-47-0x00007FF646090000-0x00007FF6463E4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c4-49.dat	xmrig
behavioral2/memory/212-48-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c2-40.dat	xmrig
behavioral2/memory/1736-38-0x00007FF706450000-0x00007FF7067A4000-memory.dmp	xmrig
behavioral2/memory/2440-34-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c5-54.dat	xmrig
behavioral2/memory/1180-56-0x00007FF6091F0000-0x00007FF609544000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c7-60.dat	xmrig
behavioral2/memory/4064-62-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp	xmrig
behavioral2/files/0x0002000000022b25-65.dat	xmrig
behavioral2/memory/1044-66-0x00007FF634540000-0x00007FF634894000-memory.dmp	xmrig
behavioral2/memory/4652-67-0x00007FF742680000-0x00007FF7429D4000-memory.dmp	xmrig
behavioral2/memory/3440-63-0x00007FF66A8A0000-0x00007FF66ABF4000-memory.dmp	xmrig
behavioral2/files/0x000a00000002341e-73.dat	xmrig
behavioral2/memory/4768-75-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp	xmrig
behavioral2/memory/2864-74-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	xmrig
behavioral2/memory/3600-78-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	xmrig
behavioral2/files/0x0003000000022a9e-81.dat	xmrig
behavioral2/memory/720-84-0x00007FF67BC80000-0x00007FF67BFD4000-memory.dmp	xmrig
behavioral2/files/0x0002000000022b23-88.dat	xmrig
behavioral2/memory/2068-91-0x00007FF737870000-0x00007FF737BC4000-memory.dmp	xmrig
behavioral2/files/0x000a00000002341b-95.dat	xmrig
behavioral2/memory/4624-101-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	xmrig
behavioral2/files/0x000a00000002341c-103.dat	xmrig
behavioral2/memory/5100-102-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp	xmrig
behavioral2/memory/3212-98-0x00007FF646090000-0x00007FF6463E4000-memory.dmp	xmrig
behavioral2/memory/1736-97-0x00007FF706450000-0x00007FF7067A4000-memory.dmp	xmrig
behavioral2/memory/2440-89-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp	xmrig
behavioral2/memory/212-106-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c8-109.dat	xmrig
behavioral2/memory/4644-111-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp	xmrig
behavioral2/memory/1180-110-0x00007FF6091F0000-0x00007FF609544000-memory.dmp	xmrig
behavioral2/files/0x00070000000234c9-116.dat	xmrig
behavioral2/files/0x00070000000234ca-122.dat	xmrig
behavioral2/files/0x00070000000234cc-126.dat	xmrig
behavioral2/memory/748-127-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	xmrig
behavioral2/files/0x00070000000234cd-137.dat	xmrig
behavioral2/memory/1336-136-0x00007FF759590000-0x00007FF7598E4000-memory.dmp	xmrig
behavioral2/memory/1168-135-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp	xmrig
behavioral2/memory/4768-131-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp	xmrig
behavioral2/memory/4652-123-0x00007FF742680000-0x00007FF7429D4000-memory.dmp	xmrig
behavioral2/memory/3208-117-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp	xmrig
behavioral2/memory/5100-139-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp	xmrig
behavioral2/memory/4644-140-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp	xmrig
behavioral2/memory/748-142-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	xmrig
behavioral2/memory/3208-141-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp	xmrig
behavioral2/memory/1168-143-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp	xmrig
behavioral2/memory/1336-144-0x00007FF759590000-0x00007FF7598E4000-memory.dmp	xmrig
behavioral2/memory/1044-145-0x00007FF634540000-0x00007FF634894000-memory.dmp	xmrig
behavioral2/memory/2864-146-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	xmrig
behavioral2/memory/3600-147-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	xmrig
behavioral2/memory/3532-148-0x00007FF780160000-0x00007FF7804B4000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
1044	tQpmWdx.exe
2864	SndAcDI.exe
3600	pNyrIby.exe
3532	pxmYJPt.exe
2440	wMaZhSB.exe
1736	bYUwdiJ.exe
3212	ZLxCPsi.exe
212	ksnTguy.exe
1180	fFUBvAl.exe
3440	pgqxkBm.exe
4652	CtydqEF.exe
4768	eRNAqMz.exe
720	UJMgQax.exe
2068	xuopfZv.exe
4624	ffFcTiP.exe
5100	zaJEKuT.exe
4644	nYaqcSE.exe
3208	SIfnwmh.exe
748	prCYjur.exe
1168	iziiokN.exe
1336	IzTvxUU.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4064-0-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp	upx
behavioral2/files/0x00080000000234bb-5.dat	upx
behavioral2/files/0x00070000000234bf-10.dat	upx
behavioral2/memory/1044-7-0x00007FF634540000-0x00007FF634894000-memory.dmp	upx
behavioral2/memory/2864-14-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	upx
behavioral2/files/0x00070000000234c0-11.dat	upx
behavioral2/memory/3600-20-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	upx
behavioral2/files/0x00080000000234bc-24.dat	upx
behavioral2/files/0x00070000000234c1-30.dat	upx
behavioral2/memory/3532-27-0x00007FF780160000-0x00007FF7804B4000-memory.dmp	upx
behavioral2/files/0x00070000000234c3-44.dat	upx
behavioral2/memory/3212-47-0x00007FF646090000-0x00007FF6463E4000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-49.dat	upx
behavioral2/memory/212-48-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp	upx
behavioral2/files/0x00070000000234c2-40.dat	upx
behavioral2/memory/1736-38-0x00007FF706450000-0x00007FF7067A4000-memory.dmp	upx
behavioral2/memory/2440-34-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp	upx
behavioral2/files/0x00070000000234c5-54.dat	upx
behavioral2/memory/1180-56-0x00007FF6091F0000-0x00007FF609544000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-60.dat	upx
behavioral2/memory/4064-62-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp	upx
behavioral2/files/0x0002000000022b25-65.dat	upx
behavioral2/memory/1044-66-0x00007FF634540000-0x00007FF634894000-memory.dmp	upx
behavioral2/memory/4652-67-0x00007FF742680000-0x00007FF7429D4000-memory.dmp	upx
behavioral2/memory/3440-63-0x00007FF66A8A0000-0x00007FF66ABF4000-memory.dmp	upx
behavioral2/files/0x000a00000002341e-73.dat	upx
behavioral2/memory/4768-75-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp	upx
behavioral2/memory/2864-74-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	upx
behavioral2/memory/3600-78-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	upx
behavioral2/files/0x0003000000022a9e-81.dat	upx
behavioral2/memory/720-84-0x00007FF67BC80000-0x00007FF67BFD4000-memory.dmp	upx
behavioral2/files/0x0002000000022b23-88.dat	upx
behavioral2/memory/2068-91-0x00007FF737870000-0x00007FF737BC4000-memory.dmp	upx
behavioral2/files/0x000a00000002341b-95.dat	upx
behavioral2/memory/4624-101-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp	upx
behavioral2/files/0x000a00000002341c-103.dat	upx
behavioral2/memory/5100-102-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp	upx
behavioral2/memory/3212-98-0x00007FF646090000-0x00007FF6463E4000-memory.dmp	upx
behavioral2/memory/1736-97-0x00007FF706450000-0x00007FF7067A4000-memory.dmp	upx
behavioral2/memory/2440-89-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp	upx
behavioral2/memory/212-106-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-109.dat	upx
behavioral2/memory/4644-111-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp	upx
behavioral2/memory/1180-110-0x00007FF6091F0000-0x00007FF609544000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-116.dat	upx
behavioral2/files/0x00070000000234ca-122.dat	upx
behavioral2/files/0x00070000000234cc-126.dat	upx
behavioral2/memory/748-127-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	upx
behavioral2/files/0x00070000000234cd-137.dat	upx
behavioral2/memory/1336-136-0x00007FF759590000-0x00007FF7598E4000-memory.dmp	upx
behavioral2/memory/1168-135-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp	upx
behavioral2/memory/4768-131-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp	upx
behavioral2/memory/4652-123-0x00007FF742680000-0x00007FF7429D4000-memory.dmp	upx
behavioral2/memory/3208-117-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp	upx
behavioral2/memory/5100-139-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp	upx
behavioral2/memory/4644-140-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp	upx
behavioral2/memory/748-142-0x00007FF6815D0000-0x00007FF681924000-memory.dmp	upx
behavioral2/memory/3208-141-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp	upx
behavioral2/memory/1168-143-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp	upx
behavioral2/memory/1336-144-0x00007FF759590000-0x00007FF7598E4000-memory.dmp	upx
behavioral2/memory/1044-145-0x00007FF634540000-0x00007FF634894000-memory.dmp	upx
behavioral2/memory/2864-146-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp	upx
behavioral2/memory/3600-147-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp	upx
behavioral2/memory/3532-148-0x00007FF780160000-0x00007FF7804B4000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\pNyrIby.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\ksnTguy.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\eRNAqMz.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\UJMgQax.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\xuopfZv.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\SIfnwmh.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\prCYjur.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\IzTvxUU.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\SndAcDI.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\fFUBvAl.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\pgqxkBm.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\nYaqcSE.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\tQpmWdx.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\pxmYJPt.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\wMaZhSB.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\ZLxCPsi.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\ffFcTiP.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\iziiokN.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\bYUwdiJ.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\CtydqEF.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
File created	C:\Windows\System\zaJEKuT.exe	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
Token: SeLockMemoryPrivilege	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 1044	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	84
PID 4064 wrote to memory of 1044	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	84
PID 4064 wrote to memory of 2864	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	85
PID 4064 wrote to memory of 2864	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	85
PID 4064 wrote to memory of 3600	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	86
PID 4064 wrote to memory of 3600	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	86
PID 4064 wrote to memory of 3532	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	89
PID 4064 wrote to memory of 3532	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	89
PID 4064 wrote to memory of 2440	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	91
PID 4064 wrote to memory of 2440	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	91
PID 4064 wrote to memory of 1736	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	92
PID 4064 wrote to memory of 1736	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	92
PID 4064 wrote to memory of 3212	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	93
PID 4064 wrote to memory of 3212	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	93
PID 4064 wrote to memory of 212	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	94
PID 4064 wrote to memory of 212	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	94
PID 4064 wrote to memory of 1180	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	95
PID 4064 wrote to memory of 1180	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	95
PID 4064 wrote to memory of 3440	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	96
PID 4064 wrote to memory of 3440	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	96
PID 4064 wrote to memory of 4652	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	97
PID 4064 wrote to memory of 4652	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	97
PID 4064 wrote to memory of 4768	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	98
PID 4064 wrote to memory of 4768	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	98
PID 4064 wrote to memory of 720	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	99
PID 4064 wrote to memory of 720	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	99
PID 4064 wrote to memory of 2068	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	102
PID 4064 wrote to memory of 2068	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	102
PID 4064 wrote to memory of 4624	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	103
PID 4064 wrote to memory of 4624	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	103
PID 4064 wrote to memory of 5100	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	104
PID 4064 wrote to memory of 5100	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	104
PID 4064 wrote to memory of 4644	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	105
PID 4064 wrote to memory of 4644	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	105
PID 4064 wrote to memory of 3208	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	106
PID 4064 wrote to memory of 3208	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	106
PID 4064 wrote to memory of 748	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	108
PID 4064 wrote to memory of 748	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	108
PID 4064 wrote to memory of 1168	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	109
PID 4064 wrote to memory of 1168	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	109
PID 4064 wrote to memory of 1336	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	110
PID 4064 wrote to memory of 1336	4064	c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe	110

C:\Users\Admin\AppData\Local\Temp\c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe
"C:\Users\Admin\AppData\Local\Temp\c1355e54fb568c049aa5e0a94651d7a9b74eb2d4b64f252a53b014a8cc493fb2.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Windows\System\tQpmWdx.exe
  C:\Windows\System\tQpmWdx.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\SndAcDI.exe
  C:\Windows\System\SndAcDI.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\pNyrIby.exe
  C:\Windows\System\pNyrIby.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\pxmYJPt.exe
  C:\Windows\System\pxmYJPt.exe
  2⤵
  - Executes dropped EXE
  PID:3532
- C:\Windows\System\wMaZhSB.exe
  C:\Windows\System\wMaZhSB.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\bYUwdiJ.exe
  C:\Windows\System\bYUwdiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\ZLxCPsi.exe
  C:\Windows\System\ZLxCPsi.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\ksnTguy.exe
  C:\Windows\System\ksnTguy.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\fFUBvAl.exe
  C:\Windows\System\fFUBvAl.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\pgqxkBm.exe
  C:\Windows\System\pgqxkBm.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\CtydqEF.exe
  C:\Windows\System\CtydqEF.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\eRNAqMz.exe
  C:\Windows\System\eRNAqMz.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\UJMgQax.exe
  C:\Windows\System\UJMgQax.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\xuopfZv.exe
  C:\Windows\System\xuopfZv.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ffFcTiP.exe
  C:\Windows\System\ffFcTiP.exe
  2⤵
  - Executes dropped EXE
  PID:4624
- C:\Windows\System\zaJEKuT.exe
  C:\Windows\System\zaJEKuT.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\nYaqcSE.exe
  C:\Windows\System\nYaqcSE.exe
  2⤵
  - Executes dropped EXE
  PID:4644
- C:\Windows\System\SIfnwmh.exe
  C:\Windows\System\SIfnwmh.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\prCYjur.exe
  C:\Windows\System\prCYjur.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\iziiokN.exe
  C:\Windows\System\iziiokN.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\IzTvxUU.exe
  C:\Windows\System\IzTvxUU.exe
  2⤵
  - Executes dropped EXE
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CtydqEF.exe

Filesize
5.9MB

MD5
70d2dc7bee7c7ba69f6962423bfe5b74

SHA1
48891216b119a688ea6806fb66629cbc0565641a

SHA256
cc60c18b8235a886827a4031a4617d8f278174762d0894507426759b6c4d6bcb

SHA512
9dcfcb4284b1eeea40e095eb1149f9819bd9736fde73dfdbea1ea86837aa56b2a9e481169c647c0417dc65bc7970558592f4f317192f6a0dd945577c300dfdf1

Download Submit
C:\Windows\System\IzTvxUU.exe

Filesize
5.9MB

MD5
058fcf2692d53f0c838d18a795cb3cb4

SHA1
4d41b0f6e58a882c322125531a68d6daad9d0868

SHA256
584a6efeec6b8be0ad4e647bf164396ee3cf76d38a24fe5646896e3d28239087

SHA512
ff671ab50ea9172cd2488bed40ef82b7c1cf468d4e4f7c4c36a65bd2d90bc3f0a6d0fc87a45c9b5c50cd00ebd42e4c9c28721ad5e26e333576604ad0132e9395

Download Submit
C:\Windows\System\SIfnwmh.exe

Filesize
5.9MB

MD5
57df80d9d686fab7e6d2a5c3e8203ac5

SHA1
ed76282fbe804b6b5885aef1edd11d2f364eb224

SHA256
15c264038cc243bf884dce90c6fbe730b5d2430701adf0b1e90b0276f914d89b

SHA512
97bcd21a7ecbe189ac83ea9c750a1b36ef2a0ec3101bd4af7b1c97f0261253aac0db19617886cc35dbefdbc6a1d0adc51f379fd45e45c80e008c85b9ef38ce66

Download Submit
C:\Windows\System\SndAcDI.exe

Filesize
5.9MB

MD5
d32fa1c2c8df04c72e3c5f81f9b71dab

SHA1
edd7556571c1887a98dacdc16bdd8ab1852ac9ac

SHA256
6edb4bba2cd7a3f3e50c830623f7a1e175d59e57ca871ef60a6c85c528f2fe73

SHA512
f3eddcdd3675cd5cdec8ab969e88babadf83fd8ce853669a6884cdd1093784c3f5ad56fca8fcbc510df54a5b17ab35275e1ab965a597ab40af4f4aeede792ec5

Download Submit
C:\Windows\System\UJMgQax.exe

Filesize
5.9MB

MD5
403f4d2a83d215d695791418c45a8bff

SHA1
96eb6c48f221150830213e082b885d7c96fdf5ef

SHA256
6a4d61258ec710f6096a350749e45508d47d61318e50c8855e373a8ecddc9e4d

SHA512
74e38136662aa8113c6f20054090b5796f001d86d4e6f03f3a09b7857d1619cda9b51ede4275778cb233c9542499496cfb2a6d5883955051f7798b0d2f288785

Download Submit
C:\Windows\System\ZLxCPsi.exe

Filesize
5.9MB

MD5
b2bd19afa07b15809bbd9865bed64f54

SHA1
f21c8d53db12b49c4c79a8b7a08ad63b8c197a73

SHA256
ace21ea28c37be7e92f1e39403030ec2e232af3c7d8988b8a25585bd0c124b08

SHA512
a3f9dc06359e7e7dbf47f66296059c49ce8e117a833a8112dcf966f35aeb7e76ebc6a733281b01a561baa2799c1fcf25c37288b4ee530af30e215595547bd1ce

Download Submit
C:\Windows\System\bYUwdiJ.exe

Filesize
5.9MB

MD5
87969b71424e6ae928f4681f5ad50749

SHA1
2e84045b7091af7f5aee09190ba42064d6d65ab2

SHA256
542ef112f406a360badfc3c520b21f034dba2d79e5dde664f604887ec9283d86

SHA512
3fb8c6500563e87a3643f828530d92ff4546014b3d4e2878aab9741c24db6700ad139fad7d445a2f61ee2de1a4fcbf63ccbe5b4094a540b434193dbcc59d3c91

Download Submit
C:\Windows\System\eRNAqMz.exe

Filesize
5.9MB

MD5
5ca67d1d06d139858b5c56b699de7700

SHA1
de252ef74cc6933d4dcb5327ed7bc95472bc77ed

SHA256
60999aeb9d02b8de104adc695de31258676b0338a999102e8c4bb26193325704

SHA512
0cc48dc000a1e3038cda90128972c143825e6e4c839c807d5837fd625095aa35baea54f2c6fdaf0230ad4a9683fceb1db628145b385e7cfa67b10796e2e8c45f

Download Submit
C:\Windows\System\fFUBvAl.exe

Filesize
5.9MB

MD5
3983d4e14709adfdd6f77c9fa6b0531d

SHA1
c934b2bf3ecdc3e456a61758f5a3173d479759b9

SHA256
9f0f5c08567189b7e0d7484866e007523e176993f2722f47dc4212d75d5d9b42

SHA512
d1bdba26b6bb18310c911cecb5235e21423f505814cea25b342d7d31049f85f726c60aaeb2d0b72d14680cc57e13edb2ea03ce400e13a9d232bf3684ecac902b

Download Submit
C:\Windows\System\ffFcTiP.exe

Filesize
5.9MB

MD5
db86f4344778a3c5b90797b73218416e

SHA1
239b9663f3da1f8b05096a9c5891443893f33a8e

SHA256
3aaa5c9d378595ba6a9a9b785cc13f5c8ea52b94d26b5212f4a31e3c4fc631ee

SHA512
75d21ba6c504e9e4398fba732660ba1ff25eba201894d59c880e1f80600bac48410d145161fe7993f829bed3a1a69259368bf66bed2b6c2d4ea14f29253d0801

Download Submit
C:\Windows\System\iziiokN.exe

Filesize
5.9MB

MD5
56cb283de17043f83dfe7552356cd354

SHA1
9e409b928e61a49990467c8c3acf22e81f993573

SHA256
5de0ae0d1d9a7d9d65d7dd2d9880d06c9374d1b7be4282be475b48ba9f6a88d3

SHA512
23b17b07a2790caa488008869d3d74c86277cf97e0207c3aa80eafa1883fce6fcfc5fd4701639da8aa0607cd39739075374829a01534f487f917a4319a886a9d

Download Submit
C:\Windows\System\ksnTguy.exe

Filesize
5.9MB

MD5
09092eede5fedcb7664e9dccbce43934

SHA1
9fcec8a6bcd2b6d11535b522a7aac44993a04df5

SHA256
1f4c1c16cbf4d867e38b5a405433d47f65648334b2f20a85e52675c4962d4083

SHA512
2e2bf5b6713f3810498b7ca94e3ae57e01982013cf6a7a214ef9d5bd51d6453c09bbb9b1a842dc233ef3d316e4674cadba47490e77e7557035f81e68f3d0d952

Download Submit
C:\Windows\System\nYaqcSE.exe

Filesize
5.9MB

MD5
24ca1427652aa0cec74dd7ba4b8aede7

SHA1
8340afa2623639af2caf60ec3bb3e618cdf3a37d

SHA256
82b0be196de75a9b87c078723826951899a7ef4e30defdeb519903dcefa5af1c

SHA512
1d05c1896a6561e08e0a05c008f1c7225e45aa1acc0fbcf62c1812921dc824a8331d9d6c71b5caa9e2e314b25b6c1b352dd3d9d02d70baaab98bbfe58471b56d

Download Submit
C:\Windows\System\pNyrIby.exe

Filesize
5.9MB

MD5
dc0c47885bd7044f4389a92f4514ee1e

SHA1
9a1b4fd9f381aad59b95427be093a41a919c452e

SHA256
87f0a5c5b2420eb76e6c5096d9dede51e1c176c8949c3a40795ce8b02e89021b

SHA512
66982744d06ca5ca43dc779d806155280dc8380d97a3558317a8a6e56c80e81d64fceb9d749285e460b5aee131e9a9871a8ee1108a5791a7ef1ad908aa5cd7b9

Download Submit
C:\Windows\System\pgqxkBm.exe

Filesize
5.9MB

MD5
0f924f87fea0026462209fd77be8b93d

SHA1
79c3c3829e4f7cac78a0fe99833842cfa189544e

SHA256
ba0dcf821e7d4a81f1be107cea2bf5562ae5af78c457ad0045f90c1bc2dde4b7

SHA512
7885363cab588254bb657005bdf1c3c20ce4dcb7079e1efc0649de7e37fe0bee442eb17af2fed982d01bf5929c076c3c413e54f6fe06cc3088c4da5c4a10f44f

Download Submit
C:\Windows\System\prCYjur.exe

Filesize
5.9MB

MD5
3e6eb8f1fcf86d3de81ae482b38c2dad

SHA1
92cf3b7db73a1629d446746ad0fba2dfd6059382

SHA256
d0cde7c3b8ddcedf420b6c92b2168d594895b0c4c63f158de4253b3728304083

SHA512
efcfb24246d2fc65fd887375f91baef4047c86340cf956d7257dc0e2f7bfcf3e69044b3ff317774cd7b65563e2ae7608a4e8bc4080a3d64e2e4d634b77e1055d

Download Submit
C:\Windows\System\pxmYJPt.exe

Filesize
5.9MB

MD5
13fc5cb3f3373133bb1f98f3a0fe5e8a

SHA1
14b8af7d243388a02c43b9d66559aae01608d9e4

SHA256
1dfabe2c8dd77bd43f1c7f011ee0c25d30d20e86d9c924c7e0d925b3224df454

SHA512
fbe6803525cf6531e4d89655e873e143148642d8bf5c2a02bd5553d86c035e576780f6985e322f67eb9fc0feedf0ac6cc0fd22db5659ce5539a1aa91ad75e011

Download Submit
C:\Windows\System\tQpmWdx.exe

Filesize
5.9MB

MD5
0d9cc908a674e710d0cb306e7392985d

SHA1
d67ecf88fe7d0a280bef8685e8c25f1aeac20ab8

SHA256
4879181456a68f068e7f88adf0ce96f599362627cee7715252ae1649738c467e

SHA512
e1b36cd0c2960961f89d0dbd1e14bd030d23d8f274a4d2c466fe3d3506ec38143f3a7878b4be3cc9724311b646f12826cf1f8ca116ea4aa0ce40bbad4ea9f9f4

Download Submit
C:\Windows\System\wMaZhSB.exe

Filesize
5.9MB

MD5
0cdaf97693577239ba04e673b3164eb6

SHA1
ab19211006aebb81eb61a8d9664850ef0814cb05

SHA256
8ba6ce5eac7a75a643880916109996e3c8446888e708c3fb4ea50c9d2f8740c4

SHA512
3472e2707938b8067bc524ff745c46c50382d90a5aa8722cc6271a37cb39c0ebae607fe2d98a893c43dc5a4a51aa371c342ad03ab77ebf5dafe23978392fa77f

Download Submit
C:\Windows\System\xuopfZv.exe

Filesize
5.9MB

MD5
a5745278d78fec3abafa4a719085ed0b

SHA1
18ffe2f6c941340c93989042a99492035cd447cd

SHA256
9ce8407e48b002b9df7b0e605331351ae401be074329a7f31f6dad3ec901564c

SHA512
24eeb80b03ae9afaff2a579697658b10ade8bd1213d8b4f73884b0f9e802462663d7fbc0cc43136fe267a9ea5490bdea1ba49a52f4e872f85078d0bbe5e47765

Download Submit
C:\Windows\System\zaJEKuT.exe

Filesize
5.9MB

MD5
57d7e9ae64d1d5a87ceb433c966922c0

SHA1
25702475b65c40340aa64f9072d1443251d22d7b

SHA256
4393ecbac31811518492f54797da8735d33961d79fd79d0afe726e59307e92eb

SHA512
47b987375233f8d82df1818c258a40b56ec08c8d80bfc2456f2e69329b05ce1f3b603ebe174af1444f310ad66997f337e8d085f61943fa2d71a849aff9191b4f

Download Submit
memory/212-48-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp

Filesize
3.3MB

Download
memory/212-152-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp

Filesize
3.3MB

Download
memory/212-106-0x00007FF7C1EE0000-0x00007FF7C2234000-memory.dmp

Filesize
3.3MB

Download
memory/720-84-0x00007FF67BC80000-0x00007FF67BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/720-157-0x00007FF67BC80000-0x00007FF67BFD4000-memory.dmp

Filesize
3.3MB

Download
memory/748-127-0x00007FF6815D0000-0x00007FF681924000-memory.dmp

Filesize
3.3MB

Download
memory/748-142-0x00007FF6815D0000-0x00007FF681924000-memory.dmp

Filesize
3.3MB

Download
memory/748-163-0x00007FF6815D0000-0x00007FF681924000-memory.dmp

Filesize
3.3MB

Download
memory/1044-66-0x00007FF634540000-0x00007FF634894000-memory.dmp

Filesize
3.3MB

Download
memory/1044-145-0x00007FF634540000-0x00007FF634894000-memory.dmp

Filesize
3.3MB

Download
memory/1044-7-0x00007FF634540000-0x00007FF634894000-memory.dmp

Filesize
3.3MB

Download
memory/1168-135-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-143-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-164-0x00007FF662B50000-0x00007FF662EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-56-0x00007FF6091F0000-0x00007FF609544000-memory.dmp

Filesize
3.3MB

Download
memory/1180-153-0x00007FF6091F0000-0x00007FF609544000-memory.dmp

Filesize
3.3MB

Download
memory/1180-110-0x00007FF6091F0000-0x00007FF609544000-memory.dmp

Filesize
3.3MB

Download
memory/1336-165-0x00007FF759590000-0x00007FF7598E4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-136-0x00007FF759590000-0x00007FF7598E4000-memory.dmp

Filesize
3.3MB

Download
memory/1336-144-0x00007FF759590000-0x00007FF7598E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-150-0x00007FF706450000-0x00007FF7067A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-38-0x00007FF706450000-0x00007FF7067A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-97-0x00007FF706450000-0x00007FF7067A4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-91-0x00007FF737870000-0x00007FF737BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-158-0x00007FF737870000-0x00007FF737BC4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-89-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-149-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp

Filesize
3.3MB

Download
memory/2440-34-0x00007FF68AAD0000-0x00007FF68AE24000-memory.dmp

Filesize
3.3MB

Download
memory/2864-146-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-74-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-14-0x00007FF78E370000-0x00007FF78E6C4000-memory.dmp

Filesize
3.3MB

Download
memory/3208-141-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp

Filesize
3.3MB

Download
memory/3208-117-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp

Filesize
3.3MB

Download
memory/3208-162-0x00007FF7A2140000-0x00007FF7A2494000-memory.dmp

Filesize
3.3MB

Download
memory/3212-98-0x00007FF646090000-0x00007FF6463E4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-151-0x00007FF646090000-0x00007FF6463E4000-memory.dmp

Filesize
3.3MB

Download
memory/3212-47-0x00007FF646090000-0x00007FF6463E4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-154-0x00007FF66A8A0000-0x00007FF66ABF4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-63-0x00007FF66A8A0000-0x00007FF66ABF4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-148-0x00007FF780160000-0x00007FF7804B4000-memory.dmp

Filesize
3.3MB

Download
memory/3532-27-0x00007FF780160000-0x00007FF7804B4000-memory.dmp

Filesize
3.3MB

Download
memory/3600-78-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp

Filesize
3.3MB

Download
memory/3600-20-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp

Filesize
3.3MB

Download
memory/3600-147-0x00007FF78C4D0000-0x00007FF78C824000-memory.dmp

Filesize
3.3MB

Download
memory/4064-1-0x000002337B8E0000-0x000002337B8F0000-memory.dmp

Filesize
64KB

Download
memory/4064-62-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp

Filesize
3.3MB

Download
memory/4064-0-0x00007FF72F9B0000-0x00007FF72FD04000-memory.dmp

Filesize
3.3MB

Download
memory/4624-159-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

Filesize
3.3MB

Download
memory/4624-101-0x00007FF7E3030000-0x00007FF7E3384000-memory.dmp

Filesize
3.3MB

Download
memory/4644-161-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-111-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4644-140-0x00007FF7AAA80000-0x00007FF7AADD4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-67-0x00007FF742680000-0x00007FF7429D4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-155-0x00007FF742680000-0x00007FF7429D4000-memory.dmp

Filesize
3.3MB

Download
memory/4652-123-0x00007FF742680000-0x00007FF7429D4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-156-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-75-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4768-131-0x00007FF7287A0000-0x00007FF728AF4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-160-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-139-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-102-0x00007FF7B0B60000-0x00007FF7B0EB4000-memory.dmp

Filesize
3.3MB

Download