cobaltstrike | 783161abb0cd5a55fc64cd158073fe5c654804aee5509552bed6e859525bb6a5

Resubmissions

20-10-2024 19:07

241020-xsskxaxakn 10

16-09-2024 21:47

240916-1nhrpa1fpr 10

16-09-2024 21:33

240916-1ejyds1bqk 10

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a6bcbd35708a03a4bd104b84264b8b.exe
Size

5.2MB
MD5

38a6bcbd35708a03a4bd104b84264b8b
SHA1

30777981ea899ab92e5c2a06e378ae3be19ebde7
SHA256

783161abb0cd5a55fc64cd158073fe5c654804aee5509552bed6e859525bb6a5
SHA512

fc1585cd1aa1412ad4525aaf9d6fda9c95e18c7bdc1cdf1e01b4d446fc8677dedb65a982f5d8ffb87b618b229b41850462b4fec8ebe8cde697e6b463a496c536
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lP:RWWBibf56utgpPFotBER/mQ32lUL

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0007000000023434-8.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023437-25.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023439-40.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343c-56.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343e-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023440-86.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023431-89.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343f-82.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343d-67.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343b-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023438-46.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343a-42.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023436-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023435-17.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023427-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023444-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023445-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023447-126.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023446-124.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023443-115.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023441-97.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/4512-37-0x00007FF635900000-0x00007FF635C51000-memory.dmp	xmrig
behavioral2/memory/1052-79-0x00007FF7DC6E0000-0x00007FF7DCA31000-memory.dmp	xmrig
behavioral2/memory/2412-92-0x00007FF60D460000-0x00007FF60D7B1000-memory.dmp	xmrig
behavioral2/memory/220-88-0x00007FF7E8070000-0x00007FF7E83C1000-memory.dmp	xmrig
behavioral2/memory/1564-85-0x00007FF761EA0000-0x00007FF7621F1000-memory.dmp	xmrig
behavioral2/memory/4368-54-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp	xmrig
behavioral2/memory/3928-31-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp	xmrig
behavioral2/memory/4460-119-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp	xmrig
behavioral2/memory/5020-113-0x00007FF716A10000-0x00007FF716D61000-memory.dmp	xmrig
behavioral2/memory/4340-106-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp	xmrig
behavioral2/memory/1076-105-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	xmrig
behavioral2/memory/3984-128-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp	xmrig
behavioral2/memory/1496-129-0x00007FF64A110000-0x00007FF64A461000-memory.dmp	xmrig
behavioral2/memory/3464-130-0x00007FF6DA4F0000-0x00007FF6DA841000-memory.dmp	xmrig
behavioral2/memory/4804-131-0x00007FF70C7B0000-0x00007FF70CB01000-memory.dmp	xmrig
behavioral2/memory/748-132-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp	xmrig
behavioral2/memory/1076-133-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	xmrig
behavioral2/memory/5072-144-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp	xmrig
behavioral2/memory/4832-145-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp	xmrig
behavioral2/memory/5052-142-0x00007FF7093C0000-0x00007FF709711000-memory.dmp	xmrig
behavioral2/memory/2144-149-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp	xmrig
behavioral2/memory/1340-150-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp	xmrig
behavioral2/memory/3980-151-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp	xmrig
behavioral2/memory/1076-157-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	xmrig
behavioral2/memory/4340-219-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp	xmrig
behavioral2/memory/3928-221-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp	xmrig
behavioral2/memory/4512-223-0x00007FF635900000-0x00007FF635C51000-memory.dmp	xmrig
behavioral2/memory/4460-225-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp	xmrig
behavioral2/memory/3984-227-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp	xmrig
behavioral2/memory/4368-229-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp	xmrig
behavioral2/memory/748-231-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp	xmrig
behavioral2/memory/5052-233-0x00007FF7093C0000-0x00007FF709711000-memory.dmp	xmrig
behavioral2/memory/1052-235-0x00007FF7DC6E0000-0x00007FF7DCA31000-memory.dmp	xmrig
behavioral2/memory/5072-238-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp	xmrig
behavioral2/memory/4832-239-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp	xmrig
behavioral2/memory/220-242-0x00007FF7E8070000-0x00007FF7E83C1000-memory.dmp	xmrig
behavioral2/memory/1564-243-0x00007FF761EA0000-0x00007FF7621F1000-memory.dmp	xmrig
behavioral2/memory/2412-245-0x00007FF60D460000-0x00007FF60D7B1000-memory.dmp	xmrig
behavioral2/memory/2144-247-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp	xmrig
behavioral2/memory/1340-254-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp	xmrig
behavioral2/memory/5020-256-0x00007FF716A10000-0x00007FF716D61000-memory.dmp	xmrig
behavioral2/memory/3980-258-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp	xmrig
behavioral2/memory/1496-260-0x00007FF64A110000-0x00007FF64A461000-memory.dmp	xmrig
behavioral2/memory/4804-262-0x00007FF70C7B0000-0x00007FF70CB01000-memory.dmp	xmrig
behavioral2/memory/3464-264-0x00007FF6DA4F0000-0x00007FF6DA841000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
4340	yfdtwqZ.exe
4460	yeGzNsk.exe
3928	fXomIwV.exe
3984	FWENWXe.exe
4512	PfidpNI.exe
748	hbwCZrg.exe
4832	AixhujE.exe
4368	xtWNqgx.exe
5052	LjwIsgg.exe
1052	GgMjYCC.exe
5072	EziQlvn.exe
1564	knGwzUZ.exe
220	tXwaemu.exe
2412	ESQKuCT.exe
2144	UWlnONW.exe
1340	oRRUTun.exe
3980	GwhEBSX.exe
5020	yuvBumI.exe
1496	tbonmrW.exe
3464	qmJRDnt.exe
4804	ulebkGl.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1076-0-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	upx
behavioral2/files/0x0007000000023434-8.dat	upx
behavioral2/files/0x0007000000023437-25.dat	upx
behavioral2/files/0x0007000000023439-40.dat	upx
behavioral2/memory/4512-37-0x00007FF635900000-0x00007FF635C51000-memory.dmp	upx
behavioral2/memory/748-47-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp	upx
behavioral2/files/0x000700000002343c-56.dat	upx
behavioral2/files/0x000700000002343e-71.dat	upx
behavioral2/memory/1052-79-0x00007FF7DC6E0000-0x00007FF7DCA31000-memory.dmp	upx
behavioral2/files/0x0007000000023440-86.dat	upx
behavioral2/memory/2412-92-0x00007FF60D460000-0x00007FF60D7B1000-memory.dmp	upx
behavioral2/memory/2144-91-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp	upx
behavioral2/files/0x0008000000023431-89.dat	upx
behavioral2/memory/220-88-0x00007FF7E8070000-0x00007FF7E83C1000-memory.dmp	upx
behavioral2/memory/1564-85-0x00007FF761EA0000-0x00007FF7621F1000-memory.dmp	upx
behavioral2/files/0x000700000002343f-82.dat	upx
behavioral2/memory/5072-68-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp	upx
behavioral2/files/0x000700000002343d-67.dat	upx
behavioral2/files/0x000700000002343b-62.dat	upx
behavioral2/memory/5052-60-0x00007FF7093C0000-0x00007FF709711000-memory.dmp	upx
behavioral2/memory/4832-55-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp	upx
behavioral2/memory/4368-54-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp	upx
behavioral2/files/0x0007000000023438-46.dat	upx
behavioral2/files/0x000700000002343a-42.dat	upx
behavioral2/files/0x0007000000023436-35.dat	upx
behavioral2/memory/3928-31-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp	upx
behavioral2/memory/4460-23-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp	upx
behavioral2/memory/3984-27-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp	upx
behavioral2/files/0x0007000000023435-17.dat	upx
behavioral2/memory/4340-13-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp	upx
behavioral2/files/0x000a000000023427-9.dat	upx
behavioral2/memory/1340-96-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp	upx
behavioral2/files/0x0007000000023444-109.dat	upx
behavioral2/files/0x0007000000023445-121.dat	upx
behavioral2/files/0x0007000000023447-126.dat	upx
behavioral2/files/0x0007000000023446-124.dat	upx
behavioral2/memory/4460-119-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp	upx
behavioral2/files/0x0007000000023443-115.dat	upx
behavioral2/memory/5020-113-0x00007FF716A10000-0x00007FF716D61000-memory.dmp	upx
behavioral2/memory/3980-112-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp	upx
behavioral2/memory/4340-106-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp	upx
behavioral2/memory/1076-105-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	upx
behavioral2/files/0x0007000000023441-97.dat	upx
behavioral2/memory/3984-128-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp	upx
behavioral2/memory/1496-129-0x00007FF64A110000-0x00007FF64A461000-memory.dmp	upx
behavioral2/memory/3464-130-0x00007FF6DA4F0000-0x00007FF6DA841000-memory.dmp	upx
behavioral2/memory/4804-131-0x00007FF70C7B0000-0x00007FF70CB01000-memory.dmp	upx
behavioral2/memory/748-132-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp	upx
behavioral2/memory/1076-133-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	upx
behavioral2/memory/5072-144-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp	upx
behavioral2/memory/4832-145-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp	upx
behavioral2/memory/5052-142-0x00007FF7093C0000-0x00007FF709711000-memory.dmp	upx
behavioral2/memory/2144-149-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp	upx
behavioral2/memory/1340-150-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp	upx
behavioral2/memory/3980-151-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp	upx
behavioral2/memory/1076-157-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp	upx
behavioral2/memory/4340-219-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp	upx
behavioral2/memory/3928-221-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp	upx
behavioral2/memory/4512-223-0x00007FF635900000-0x00007FF635C51000-memory.dmp	upx
behavioral2/memory/4460-225-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp	upx
behavioral2/memory/3984-227-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp	upx
behavioral2/memory/4368-229-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp	upx
behavioral2/memory/748-231-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp	upx
behavioral2/memory/5052-233-0x00007FF7093C0000-0x00007FF709711000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\tXwaemu.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\oRRUTun.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\GwhEBSX.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\yeGzNsk.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\hbwCZrg.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\GgMjYCC.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\yuvBumI.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\ulebkGl.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\FWENWXe.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\fXomIwV.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\PfidpNI.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\EziQlvn.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\knGwzUZ.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\tbonmrW.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\qmJRDnt.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\yfdtwqZ.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\xtWNqgx.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\LjwIsgg.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\ESQKuCT.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\UWlnONW.exe	38a6bcbd35708a03a4bd104b84264b8b.exe
File created	C:\Windows\System\AixhujE.exe	38a6bcbd35708a03a4bd104b84264b8b.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1076	38a6bcbd35708a03a4bd104b84264b8b.exe
Token: SeLockMemoryPrivilege	1076	38a6bcbd35708a03a4bd104b84264b8b.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 4340	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	83
PID 1076 wrote to memory of 4340	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	83
PID 1076 wrote to memory of 4460	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	84
PID 1076 wrote to memory of 4460	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	84
PID 1076 wrote to memory of 3928	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	85
PID 1076 wrote to memory of 3928	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	85
PID 1076 wrote to memory of 3984	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	86
PID 1076 wrote to memory of 3984	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	86
PID 1076 wrote to memory of 4512	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	87
PID 1076 wrote to memory of 4512	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	87
PID 1076 wrote to memory of 748	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	88
PID 1076 wrote to memory of 748	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	88
PID 1076 wrote to memory of 4832	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	89
PID 1076 wrote to memory of 4832	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	89
PID 1076 wrote to memory of 4368	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	90
PID 1076 wrote to memory of 4368	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	90
PID 1076 wrote to memory of 5052	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	91
PID 1076 wrote to memory of 5052	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	91
PID 1076 wrote to memory of 1052	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	92
PID 1076 wrote to memory of 1052	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	92
PID 1076 wrote to memory of 5072	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	93
PID 1076 wrote to memory of 5072	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	93
PID 1076 wrote to memory of 1564	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	94
PID 1076 wrote to memory of 1564	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	94
PID 1076 wrote to memory of 220	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	95
PID 1076 wrote to memory of 220	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	95
PID 1076 wrote to memory of 2412	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	96
PID 1076 wrote to memory of 2412	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	96
PID 1076 wrote to memory of 2144	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	97
PID 1076 wrote to memory of 2144	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	97
PID 1076 wrote to memory of 1340	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	98
PID 1076 wrote to memory of 1340	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	98
PID 1076 wrote to memory of 3980	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	99
PID 1076 wrote to memory of 3980	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	99
PID 1076 wrote to memory of 5020	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	100
PID 1076 wrote to memory of 5020	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	100
PID 1076 wrote to memory of 1496	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	101
PID 1076 wrote to memory of 1496	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	101
PID 1076 wrote to memory of 3464	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	102
PID 1076 wrote to memory of 3464	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	102
PID 1076 wrote to memory of 4804	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	103
PID 1076 wrote to memory of 4804	1076	38a6bcbd35708a03a4bd104b84264b8b.exe	103

C:\Users\Admin\AppData\Local\Temp\38a6bcbd35708a03a4bd104b84264b8b.exe
"C:\Users\Admin\AppData\Local\Temp\38a6bcbd35708a03a4bd104b84264b8b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\System\yfdtwqZ.exe
  C:\Windows\System\yfdtwqZ.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\yeGzNsk.exe
  C:\Windows\System\yeGzNsk.exe
  2⤵
  - Executes dropped EXE
  PID:4460
- C:\Windows\System\fXomIwV.exe
  C:\Windows\System\fXomIwV.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\FWENWXe.exe
  C:\Windows\System\FWENWXe.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\PfidpNI.exe
  C:\Windows\System\PfidpNI.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\hbwCZrg.exe
  C:\Windows\System\hbwCZrg.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\AixhujE.exe
  C:\Windows\System\AixhujE.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\xtWNqgx.exe
  C:\Windows\System\xtWNqgx.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\LjwIsgg.exe
  C:\Windows\System\LjwIsgg.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\GgMjYCC.exe
  C:\Windows\System\GgMjYCC.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\EziQlvn.exe
  C:\Windows\System\EziQlvn.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\knGwzUZ.exe
  C:\Windows\System\knGwzUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\tXwaemu.exe
  C:\Windows\System\tXwaemu.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\ESQKuCT.exe
  C:\Windows\System\ESQKuCT.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\UWlnONW.exe
  C:\Windows\System\UWlnONW.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\oRRUTun.exe
  C:\Windows\System\oRRUTun.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\GwhEBSX.exe
  C:\Windows\System\GwhEBSX.exe
  2⤵
  - Executes dropped EXE
  PID:3980
- C:\Windows\System\yuvBumI.exe
  C:\Windows\System\yuvBumI.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\tbonmrW.exe
  C:\Windows\System\tbonmrW.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\qmJRDnt.exe
  C:\Windows\System\qmJRDnt.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\ulebkGl.exe
  C:\Windows\System\ulebkGl.exe
  2⤵
  - Executes dropped EXE
  PID:4804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AixhujE.exe

Filesize
5.2MB

MD5
3011dd10525718f88c2a6d557635687d

SHA1
b7818e1d3225063ca239c4f7e22c1194f47d0eba

SHA256
e1a9f79934265c33314123f97a3d623f5cfaea2e23acf9b57a2401d39bbfa1d4

SHA512
0c10b9b0a499e2d16dd6c45d13e8fa16d0e1d4856802abcbeae1be07e564babcd71674e1a96dd737232c4cca4616c98502c55df49e62f71ceaadf8d324016819

Download Submit
C:\Windows\System\ESQKuCT.exe

Filesize
5.2MB

MD5
5cf05486c32681a7893dbe480fd63f98

SHA1
5686ca381b3219003a62a97af7a74bc9e7c2e0c1

SHA256
58158e131d60416948376a3e9fb6d11151d908148fcc39e587003a82659fc42e

SHA512
27a164bdd5c60598bdad775baa51b7723b3731c995929da521d94d7c14f6295e2b06d919edef7b5014b948de2da556ca089ed492c18a2be3eed76822a64f8686

Download Submit
C:\Windows\System\EziQlvn.exe

Filesize
5.2MB

MD5
ba390c04b722fd102fd5812c48764025

SHA1
f957007352a0e5e90a6bd82b399e55932dcc8088

SHA256
51458aefd8f231e28deb3111ba310c00d9169c69771092b812a28baff398eaa8

SHA512
240aa8c3ab4b924a882fc8a9d393c93ca8e334299eeda0698661aba18ba53b0d460ac93497f8358cd0e7ac14110465ff5b6d82fefacbae7cef275d34bebc301a

Download Submit
C:\Windows\System\FWENWXe.exe

Filesize
5.2MB

MD5
800e6304a6625c47e558d6951c0bf8c4

SHA1
10a68ed9453b7361acff56819cfcd2a8bcdbb959

SHA256
f6b3bdbff70ce1fd82ed4bae62f60464c3a15cd89630ac9c0d2c2d454324b6b6

SHA512
96abfa2abdc58018b564be577668eb3b3e0b882f693c27314634c38cd8066ca2e51cc0656485fb73b90a26404fdfeeba1193105a6634eac0128940208045266c

Download Submit
C:\Windows\System\GgMjYCC.exe

Filesize
5.2MB

MD5
aadae18a8c71be6db9f204730e39efba

SHA1
e293e18b147ce0ea46605321fbc0a1c0b30c9c9f

SHA256
e8a860a87e8b87ca3f52a4ac1d03ca8321180c537428a7bbb2edb030cd55717e

SHA512
814dada44f0febd8e925e176f2dd2b42b0363f57724242395245c24c4f2e8d1aa46ddec8a031f3ccf15e31c59602e8ddbdba714fc88e0701cbf517a1839c0e68

Download Submit
C:\Windows\System\GwhEBSX.exe

Filesize
5.2MB

MD5
31b54ed5da0651921012f0d641b59194

SHA1
f59039beb0c403fbf18bc4af92a405b654acc31d

SHA256
ebc4dfc23fef99166efd7f0bacb00ce1b6ca04bb68bbcb28e451c5acf1cedb6b

SHA512
f75bbdf2102163ed5f42113db74703206197035f1e86d96f91f410979566af8bb51ab92a521c229a7621d9c7093124705786a90420c1645c8632f2a8040d9987

Download Submit
C:\Windows\System\LjwIsgg.exe

Filesize
5.2MB

MD5
7eba7ae2bef11ebe61b2bf8a1896be2b

SHA1
985d130d3cf5531f747794a0bcb5e8b6a513b9ba

SHA256
37ae731255267bb87e754259d31d87a19756663bbd85d3963152cf1951c1bc95

SHA512
151cda38d2acd24e358563137b37b360f04aa6ba9b853312aab21a753ece2a7352f43bd66d3ffa31f84240025aeec7974b7de4287b0a060217bb88ac0e81f6f4

Download Submit
C:\Windows\System\PfidpNI.exe

Filesize
5.2MB

MD5
ae396f908a84aac0452b76dbcc7efa4d

SHA1
f9e2e10ca1be78271b7f1f1dea8f864555906de7

SHA256
a915c5e72b2db20f30ba56eb184514056b739b52f0fea1be0cbb6b42d44139a2

SHA512
814cb9573b0e45869b05c0b3ce4e4766daa86b3779159ff299a38bab99854bbe3a1080c659217e1d072f80eaf8241bf27eb03c6f50a7ec02609c972495a8d649

Download Submit
C:\Windows\System\UWlnONW.exe

Filesize
5.2MB

MD5
10818d9d57b2d6fde05710d15144fe8c

SHA1
560b256263c883f8c51c68dc3589ebbbe752b316

SHA256
75a35ec142b8e555f36bbf2fff633f04d60fc1a14a3b77cab2d03d145a9218ce

SHA512
59441dcf80392c4990031cbdbcc0c33173686309cb1babe18bbbbb125cc201b34aa879b14d54f35f11f48279d77d2f86f4e77c273e665aab6a0803ae8da72323

Download Submit
C:\Windows\System\fXomIwV.exe

Filesize
5.2MB

MD5
68cd58d1bcfa987231c922ad493c0762

SHA1
438ddd45c3ab08a03ec318367cefe758247b84df

SHA256
aa70069a6bbc26629c2ccc99d1b9dc295c0dd2e996e5865080ae7a303e8a63e5

SHA512
998efbe7e40b30408463076ce559173f69bc165a6aa80a2d60ba997e4a851f2938a3ee6b4389e89eaaa6a84ddc2b5aab5eb12dce13d922ae862d6cbea8ef7c9c

Download Submit
C:\Windows\System\hbwCZrg.exe

Filesize
5.2MB

MD5
fc04e9a3160f86342fcc66c53db67aaf

SHA1
36af1b455a1a16627be05bb90341a739c8ccf356

SHA256
39fe9b2bf4446866ae86f48676de184efe565a5aa0481e59350d9b0c5942cd7c

SHA512
fc21c9a4461bc3fdf910c9f75861a49ca71e6a190e9f3df2c12fe90e1144d06d8d6d617e0e0981c077c44286b2dbeda60e6e430d46d3401b201e15c4b24c81cd

Download Submit
C:\Windows\System\knGwzUZ.exe

Filesize
5.2MB

MD5
1e639acc9ce2a9b6a0aa28c8284e0660

SHA1
98d871824e4f53992852f6ce95d0841cf6c8b2de

SHA256
85225f8510d234c4315cbc252e3fc413e045316a2fe29eb5d547df73328ff78b

SHA512
3f68cd1677bbc9216161b35c39a80b700fbd4f16a9cd2a8404c6dc6343e536815612ccbbdf9d31069c8ef3219bf9abad18b3866e1c8e368711cfa0ec6834ce74

Download Submit
C:\Windows\System\oRRUTun.exe

Filesize
5.2MB

MD5
32280416e984605a37f124cc972e0197

SHA1
db41813d106c5859df36ec5f36a1ccf5f6c6d113

SHA256
52504e409c433b593b84f9fa5ace3523f45573e7d123b906dd404c62c9839fdf

SHA512
6020d67f222b42a59669bd696999c781ac478ae5f6bb67229bed3ecca41e33e8e688fc5ae653c42690cba962c6fe2b241d0fd2278075b31b03fd076d628e3880

Download Submit
C:\Windows\System\qmJRDnt.exe

Filesize
5.2MB

MD5
d0e35e35a62d6ef07ec41d17724f8d76

SHA1
0b9874645b96cba284de303850e1c3cfad52bfac

SHA256
8f5936f6e579affdb81005b80e599e2ac9a77d0f661c33804568c3a02cc3a002

SHA512
356730c15a315689e412a009e3fcceddf8c129c8e44ec73c22b6015dd0749a41632004ac852800f33c31a78e43f63baf778e28d92c8485264b5237bcf6e0456d

Download Submit
C:\Windows\System\tXwaemu.exe

Filesize
5.2MB

MD5
21321a467a93fc2ba6aeaae7b9a7206e

SHA1
616b057e7e507256e844474f359a26986bbdf21e

SHA256
f71ff001b8167a2f437aeb5dfffeba7402e055d27e834953273c57aa8ee2cd8d

SHA512
d3feaca16ad4fcb7cc9483840c614dca984d439f8df3fd74261babd6f4e860de93ea6f7a5b2f6bdc6e6f5f6db15cf112b9c9854a8278291647b889f0cb070744

Download Submit
C:\Windows\System\tbonmrW.exe

Filesize
5.2MB

MD5
1900daf3fcad89569a7f5afc83c40201

SHA1
aa30d257f629b33b00863ac45a6aecac87c57639

SHA256
1cc6cf7ee6af79861981625f86db16f98348df37196737f5892e61d7c0b7c976

SHA512
9c719fa5b92300296578f3dfad9b5323f2e711ac3af67d2a04ef7f9c7bf35e059f7a4510ef47fb71dc37c008490d1dc585e5b4f544f1a626bd3a1e59363fbfe5

Download Submit
C:\Windows\System\ulebkGl.exe

Filesize
5.2MB

MD5
abdbb8bf5a1cc1ab4139636d96d15448

SHA1
3b18248db0ae851bda2afd47b5ab2420eea2d64b

SHA256
d081b4db538199e470d938495acff7ae6266e7c086e6263878dda5525eefdc12

SHA512
869e26941ec1e2e4210f4dba96683a67f9c179b3bf5df817958e8a4e6eac861b11b2d54afd12f90ae2adc85d9ea0dd8f8ba5ce6bdb9f99800905a91a089f940b

Download Submit
C:\Windows\System\xtWNqgx.exe

Filesize
5.2MB

MD5
0a75c8ac2bb78d6e5572039a1e3037e3

SHA1
bf0404ea8960fde382d99b41c515cd76769d7f84

SHA256
973194e115ab2df37770cf22ee3aa0cc98b366b909ac851acc187cbda621600e

SHA512
2ebc2ca311f051f97dd11c9fbf67c23c20911618a6297b825f6956603fca7d19e267e2adb5f46a3acfbd90a33633e754f876b664bd7d3a04ec5d5a57c009f8ff

Download Submit
C:\Windows\System\yeGzNsk.exe

Filesize
5.2MB

MD5
cc2e1c5bf6221fb73b42d7911a7fdff4

SHA1
3c7d4e7a664bef238d9277311b3c710f26f0daa0

SHA256
9a9fe923f28f9344b753d686392eb03b203d84ad2cdec1f9d5d556496abdb4d5

SHA512
678677e1290cafeb3a65423b12664b63696530ece0c96fc7bf547f7216ac9093edd144a9a57ba0ce852611aa9de450d19e7f1d8e716d010e7d6da5fb37c9f44d

Download Submit
C:\Windows\System\yfdtwqZ.exe

Filesize
5.2MB

MD5
a2de779a20120fb57424c5f850af1002

SHA1
feeeb9a792754d489ae42f2ca15551776a1b6dd4

SHA256
b61e61dfad1472d34c9f46d0c5bef4b61b74c31ea221d3069d0916860e1188dd

SHA512
ba0a73e9c89cba5d41d8fd25852e75b4b80206fc4773404e5e23e114f618fbaf512fd579621d465e477cfdcdb08807d5f54147ad02b0a44d8e74b66434133e88

Download Submit
C:\Windows\System\yuvBumI.exe

Filesize
5.2MB

MD5
505310d2732031ee38c67613fdb1d0b1

SHA1
baa4b83853c793bc0a5cbae5aa770101b66adcb2

SHA256
61fbc2b7f1013a9d0411201ceb79a65567a9c36562a89994caa20c22b99d1b4d

SHA512
5153d3b502c76120ddc56a95220a6ab1235b2a17ffc5a4c4986ad038b53dc4ef30bb4b6f9dfbde96fbcf78d77a571b180febaa01dabb6852bf95be5c87533055

Download Submit
memory/220-88-0x00007FF7E8070000-0x00007FF7E83C1000-memory.dmp

Filesize
3.3MB

Download
memory/220-242-0x00007FF7E8070000-0x00007FF7E83C1000-memory.dmp

Filesize
3.3MB

Download
memory/748-132-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp

Filesize
3.3MB

Download
memory/748-47-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp

Filesize
3.3MB

Download
memory/748-231-0x00007FF7A4D30000-0x00007FF7A5081000-memory.dmp

Filesize
3.3MB

Download
memory/1052-235-0x00007FF7DC6E0000-0x00007FF7DCA31000-memory.dmp

Filesize
3.3MB

Download
memory/1052-79-0x00007FF7DC6E0000-0x00007FF7DCA31000-memory.dmp

Filesize
3.3MB

Download
memory/1076-0-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp

Filesize
3.3MB

Download
memory/1076-133-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp

Filesize
3.3MB

Download
memory/1076-105-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp

Filesize
3.3MB

Download
memory/1076-157-0x00007FF683C70000-0x00007FF683FC1000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1-0x0000022E4CA80000-0x0000022E4CA90000-memory.dmp

Filesize
64KB

Download
memory/1340-96-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp

Filesize
3.3MB

Download
memory/1340-254-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp

Filesize
3.3MB

Download
memory/1340-150-0x00007FF6A6940000-0x00007FF6A6C91000-memory.dmp

Filesize
3.3MB

Download
memory/1496-129-0x00007FF64A110000-0x00007FF64A461000-memory.dmp

Filesize
3.3MB

Download
memory/1496-260-0x00007FF64A110000-0x00007FF64A461000-memory.dmp

Filesize
3.3MB

Download
memory/1564-85-0x00007FF761EA0000-0x00007FF7621F1000-memory.dmp

Filesize
3.3MB

Download
memory/1564-243-0x00007FF761EA0000-0x00007FF7621F1000-memory.dmp

Filesize
3.3MB

Download
memory/2144-247-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp

Filesize
3.3MB

Download
memory/2144-91-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp

Filesize
3.3MB

Download
memory/2144-149-0x00007FF7DF270000-0x00007FF7DF5C1000-memory.dmp

Filesize
3.3MB

Download
memory/2412-92-0x00007FF60D460000-0x00007FF60D7B1000-memory.dmp

Filesize
3.3MB

Download
memory/2412-245-0x00007FF60D460000-0x00007FF60D7B1000-memory.dmp

Filesize
3.3MB

Download
memory/3464-264-0x00007FF6DA4F0000-0x00007FF6DA841000-memory.dmp

Filesize
3.3MB

Download
memory/3464-130-0x00007FF6DA4F0000-0x00007FF6DA841000-memory.dmp

Filesize
3.3MB

Download
memory/3928-221-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp

Filesize
3.3MB

Download
memory/3928-31-0x00007FF60CC70000-0x00007FF60CFC1000-memory.dmp

Filesize
3.3MB

Download
memory/3980-151-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp

Filesize
3.3MB

Download
memory/3980-258-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp

Filesize
3.3MB

Download
memory/3980-112-0x00007FF6187B0000-0x00007FF618B01000-memory.dmp

Filesize
3.3MB

Download
memory/3984-27-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp

Filesize
3.3MB

Download
memory/3984-128-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp

Filesize
3.3MB

Download
memory/3984-227-0x00007FF69D8D0000-0x00007FF69DC21000-memory.dmp

Filesize
3.3MB

Download
memory/4340-106-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp

Filesize
3.3MB

Download
memory/4340-219-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp

Filesize
3.3MB

Download
memory/4340-13-0x00007FF7F77F0000-0x00007FF7F7B41000-memory.dmp

Filesize
3.3MB

Download
memory/4368-54-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp

Filesize
3.3MB

Download
memory/4368-229-0x00007FF7FB0E0000-0x00007FF7FB431000-memory.dmp

Filesize
3.3MB

Download
memory/4460-225-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp

Filesize
3.3MB

Download
memory/4460-119-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp

Filesize
3.3MB

Download
memory/4460-23-0x00007FF6849F0000-0x00007FF684D41000-memory.dmp

Filesize
3.3MB

Download
memory/4512-37-0x00007FF635900000-0x00007FF635C51000-memory.dmp

Filesize
3.3MB

Download
memory/4512-223-0x00007FF635900000-0x00007FF635C51000-memory.dmp

Filesize
3.3MB

Download
memory/4804-262-0x00007FF70C7B0000-0x00007FF70CB01000-memory.dmp

Filesize
3.3MB

Download
memory/4804-131-0x00007FF70C7B0000-0x00007FF70CB01000-memory.dmp

Filesize
3.3MB

Download
memory/4832-145-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-239-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-55-0x00007FF660EA0000-0x00007FF6611F1000-memory.dmp

Filesize
3.3MB

Download
memory/5020-256-0x00007FF716A10000-0x00007FF716D61000-memory.dmp

Filesize
3.3MB

Download
memory/5020-113-0x00007FF716A10000-0x00007FF716D61000-memory.dmp

Filesize
3.3MB

Download
memory/5052-233-0x00007FF7093C0000-0x00007FF709711000-memory.dmp

Filesize
3.3MB

Download
memory/5052-60-0x00007FF7093C0000-0x00007FF709711000-memory.dmp

Filesize
3.3MB

Download
memory/5052-142-0x00007FF7093C0000-0x00007FF709711000-memory.dmp

Filesize
3.3MB

Download
memory/5072-68-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp

Filesize
3.3MB

Download
memory/5072-238-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp

Filesize
3.3MB

Download
memory/5072-144-0x00007FF6B2B30000-0x00007FF6B2E81000-memory.dmp

Filesize
3.3MB

Download