cobaltstrike | e38f6d32d166219baa316c2d9f82720bc658f33403c25f571ee6b8d7e8a34ee4

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c4e95da193fd89da2ea38553ddc7f84.exe
Size

5.2MB
MD5

5c4e95da193fd89da2ea38553ddc7f84
SHA1

62ecaf5d68ec34aa42a4300b34b15444b54122df
SHA256

e38f6d32d166219baa316c2d9f82720bc658f33403c25f571ee6b8d7e8a34ee4
SHA512

fe18f469a976e4c777e874ed2dc372b561866b1100e28bf77335bd599c981a734a90aa1b4dcf7c98850f394e51eaf1b613c8ba3179972db6fd0b1124d0fe1df9
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l7:RWWBibf56utgpPFotBER/mQ32lUn

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x00090000000233da-6.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343f-9.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023440-31.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023443-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023442-44.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023444-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023441-29.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002343e-14.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023445-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023448-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023449-79.dat	cobalt_reflective_dll
behavioral2/files/0x000800000002343b-85.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023447-62.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023446-61.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344a-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023450-119.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344c-118.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344f-126.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344e-121.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344b-114.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002344d-110.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/2196-68-0x00007FF72FBA0000-0x00007FF72FEF1000-memory.dmp	xmrig
behavioral2/memory/2568-57-0x00007FF7CF6F0000-0x00007FF7CFA41000-memory.dmp	xmrig
behavioral2/memory/1644-87-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	xmrig
behavioral2/memory/4244-93-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp	xmrig
behavioral2/memory/2988-107-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp	xmrig
behavioral2/memory/4484-124-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp	xmrig
behavioral2/memory/3112-116-0x00007FF637810000-0x00007FF637B61000-memory.dmp	xmrig
behavioral2/memory/4088-128-0x00007FF7636B0000-0x00007FF763A01000-memory.dmp	xmrig
behavioral2/memory/2140-129-0x00007FF7BA2A0000-0x00007FF7BA5F1000-memory.dmp	xmrig
behavioral2/memory/5112-131-0x00007FF6AEB20000-0x00007FF6AEE71000-memory.dmp	xmrig
behavioral2/memory/1028-134-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp	xmrig
behavioral2/memory/1768-133-0x00007FF74E510000-0x00007FF74E861000-memory.dmp	xmrig
behavioral2/memory/2592-132-0x00007FF620240000-0x00007FF620591000-memory.dmp	xmrig
behavioral2/memory/3180-130-0x00007FF67A820000-0x00007FF67AB71000-memory.dmp	xmrig
behavioral2/memory/1644-135-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	xmrig
behavioral2/memory/4656-145-0x00007FF770420000-0x00007FF770771000-memory.dmp	xmrig
behavioral2/memory/1004-144-0x00007FF667FC0000-0x00007FF668311000-memory.dmp	xmrig
behavioral2/memory/4808-148-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp	xmrig
behavioral2/memory/4396-150-0x00007FF615780000-0x00007FF615AD1000-memory.dmp	xmrig
behavioral2/memory/4884-149-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp	xmrig
behavioral2/memory/4924-146-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp	xmrig
behavioral2/memory/1052-151-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp	xmrig
behavioral2/memory/532-152-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp	xmrig
behavioral2/memory/1644-159-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	xmrig
behavioral2/memory/4244-216-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp	xmrig
behavioral2/memory/2988-218-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp	xmrig
behavioral2/memory/3112-220-0x00007FF637810000-0x00007FF637B61000-memory.dmp	xmrig
behavioral2/memory/4484-222-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp	xmrig
behavioral2/memory/1768-224-0x00007FF74E510000-0x00007FF74E861000-memory.dmp	xmrig
behavioral2/memory/1028-226-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp	xmrig
behavioral2/memory/2568-230-0x00007FF7CF6F0000-0x00007FF7CFA41000-memory.dmp	xmrig
behavioral2/memory/4656-229-0x00007FF770420000-0x00007FF770771000-memory.dmp	xmrig
behavioral2/memory/1004-239-0x00007FF667FC0000-0x00007FF668311000-memory.dmp	xmrig
behavioral2/memory/4924-240-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp	xmrig
behavioral2/memory/2196-237-0x00007FF72FBA0000-0x00007FF72FEF1000-memory.dmp	xmrig
behavioral2/memory/4808-242-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp	xmrig
behavioral2/memory/4884-244-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp	xmrig
behavioral2/memory/4396-246-0x00007FF615780000-0x00007FF615AD1000-memory.dmp	xmrig
behavioral2/memory/1052-254-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp	xmrig
behavioral2/memory/2140-256-0x00007FF7BA2A0000-0x00007FF7BA5F1000-memory.dmp	xmrig
behavioral2/memory/4088-258-0x00007FF7636B0000-0x00007FF763A01000-memory.dmp	xmrig
behavioral2/memory/532-260-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp	xmrig
behavioral2/memory/2592-264-0x00007FF620240000-0x00007FF620591000-memory.dmp	xmrig
behavioral2/memory/5112-266-0x00007FF6AEB20000-0x00007FF6AEE71000-memory.dmp	xmrig
behavioral2/memory/3180-263-0x00007FF67A820000-0x00007FF67AB71000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
4244	jNzbMZg.exe
2988	HpeepOL.exe
3112	uTbeZqS.exe
4484	BqMNTFE.exe
1768	cyklaZG.exe
1028	zMsNuLn.exe
4656	WdsLwfE.exe
2568	gmSbdRD.exe
4924	fzRliAp.exe
1004	FEbJHDV.exe
2196	juhhivE.exe
4808	GtGdTGG.exe
4884	wVJAprq.exe
4396	CSkOvgQ.exe
1052	mvFDzfM.exe
4088	SgbpXvi.exe
532	nlRUIsN.exe
2140	hfSwnUY.exe
5112	VSvnNgQ.exe
3180	tYskSzC.exe
2592	PSHrYLo.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1644-0-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	upx
behavioral2/files/0x00090000000233da-6.dat	upx
behavioral2/files/0x000700000002343f-9.dat	upx
behavioral2/memory/4244-7-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp	upx
behavioral2/memory/2988-15-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp	upx
behavioral2/files/0x0007000000023440-31.dat	upx
behavioral2/files/0x0007000000023443-40.dat	upx
behavioral2/files/0x0007000000023442-44.dat	upx
behavioral2/files/0x0007000000023444-41.dat	upx
behavioral2/memory/1768-38-0x00007FF74E510000-0x00007FF74E861000-memory.dmp	upx
behavioral2/files/0x0007000000023441-29.dat	upx
behavioral2/memory/4484-27-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp	upx
behavioral2/memory/3112-26-0x00007FF637810000-0x00007FF637B61000-memory.dmp	upx
behavioral2/files/0x000700000002343e-14.dat	upx
behavioral2/memory/1028-46-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp	upx
behavioral2/memory/4656-55-0x00007FF770420000-0x00007FF770771000-memory.dmp	upx
behavioral2/files/0x0007000000023445-64.dat	upx
behavioral2/memory/4808-72-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp	upx
behavioral2/files/0x0007000000023448-73.dat	upx
behavioral2/files/0x0007000000023449-79.dat	upx
behavioral2/files/0x000800000002343b-85.dat	upx
behavioral2/memory/4396-82-0x00007FF615780000-0x00007FF615AD1000-memory.dmp	upx
behavioral2/memory/4884-81-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp	upx
behavioral2/memory/2196-68-0x00007FF72FBA0000-0x00007FF72FEF1000-memory.dmp	upx
behavioral2/memory/4924-67-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp	upx
behavioral2/files/0x0007000000023447-62.dat	upx
behavioral2/files/0x0007000000023446-61.dat	upx
behavioral2/memory/1004-60-0x00007FF667FC0000-0x00007FF668311000-memory.dmp	upx
behavioral2/memory/2568-57-0x00007FF7CF6F0000-0x00007FF7CFA41000-memory.dmp	upx
behavioral2/memory/1644-87-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	upx
behavioral2/files/0x000700000002344a-90.dat	upx
behavioral2/memory/4244-93-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp	upx
behavioral2/memory/2988-107-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp	upx
behavioral2/files/0x0007000000023450-119.dat	upx
behavioral2/files/0x000700000002344c-118.dat	upx
behavioral2/files/0x000700000002344f-126.dat	upx
behavioral2/memory/4484-124-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp	upx
behavioral2/files/0x000700000002344e-121.dat	upx
behavioral2/memory/3112-116-0x00007FF637810000-0x00007FF637B61000-memory.dmp	upx
behavioral2/files/0x000700000002344b-114.dat	upx
behavioral2/files/0x000700000002344d-110.dat	upx
behavioral2/memory/532-106-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp	upx
behavioral2/memory/1052-102-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp	upx
behavioral2/memory/4088-128-0x00007FF7636B0000-0x00007FF763A01000-memory.dmp	upx
behavioral2/memory/2140-129-0x00007FF7BA2A0000-0x00007FF7BA5F1000-memory.dmp	upx
behavioral2/memory/5112-131-0x00007FF6AEB20000-0x00007FF6AEE71000-memory.dmp	upx
behavioral2/memory/1028-134-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp	upx
behavioral2/memory/1768-133-0x00007FF74E510000-0x00007FF74E861000-memory.dmp	upx
behavioral2/memory/2592-132-0x00007FF620240000-0x00007FF620591000-memory.dmp	upx
behavioral2/memory/3180-130-0x00007FF67A820000-0x00007FF67AB71000-memory.dmp	upx
behavioral2/memory/1644-135-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	upx
behavioral2/memory/4656-145-0x00007FF770420000-0x00007FF770771000-memory.dmp	upx
behavioral2/memory/1004-144-0x00007FF667FC0000-0x00007FF668311000-memory.dmp	upx
behavioral2/memory/4808-148-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp	upx
behavioral2/memory/4396-150-0x00007FF615780000-0x00007FF615AD1000-memory.dmp	upx
behavioral2/memory/4884-149-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp	upx
behavioral2/memory/4924-146-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp	upx
behavioral2/memory/1052-151-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp	upx
behavioral2/memory/532-152-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp	upx
behavioral2/memory/1644-159-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp	upx
behavioral2/memory/4244-216-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp	upx
behavioral2/memory/2988-218-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp	upx
behavioral2/memory/3112-220-0x00007FF637810000-0x00007FF637B61000-memory.dmp	upx
behavioral2/memory/4484-222-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\uTbeZqS.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\cyklaZG.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\WdsLwfE.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\fzRliAp.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\mvFDzfM.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\hfSwnUY.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\jNzbMZg.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\HpeepOL.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\GtGdTGG.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\nlRUIsN.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\VSvnNgQ.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\tYskSzC.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\PSHrYLo.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\BqMNTFE.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\zMsNuLn.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\gmSbdRD.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\FEbJHDV.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\juhhivE.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\wVJAprq.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\CSkOvgQ.exe	5c4e95da193fd89da2ea38553ddc7f84.exe
File created	C:\Windows\System\SgbpXvi.exe	5c4e95da193fd89da2ea38553ddc7f84.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1644	5c4e95da193fd89da2ea38553ddc7f84.exe
Token: SeLockMemoryPrivilege	1644	5c4e95da193fd89da2ea38553ddc7f84.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 4244	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	83
PID 1644 wrote to memory of 4244	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	83
PID 1644 wrote to memory of 2988	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	84
PID 1644 wrote to memory of 2988	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	84
PID 1644 wrote to memory of 3112	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	85
PID 1644 wrote to memory of 3112	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	85
PID 1644 wrote to memory of 4484	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	86
PID 1644 wrote to memory of 4484	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	86
PID 1644 wrote to memory of 1768	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	87
PID 1644 wrote to memory of 1768	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	87
PID 1644 wrote to memory of 1028	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	88
PID 1644 wrote to memory of 1028	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	88
PID 1644 wrote to memory of 4656	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	89
PID 1644 wrote to memory of 4656	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	89
PID 1644 wrote to memory of 2568	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	90
PID 1644 wrote to memory of 2568	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	90
PID 1644 wrote to memory of 1004	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	91
PID 1644 wrote to memory of 1004	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	91
PID 1644 wrote to memory of 4924	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	92
PID 1644 wrote to memory of 4924	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	92
PID 1644 wrote to memory of 2196	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	93
PID 1644 wrote to memory of 2196	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	93
PID 1644 wrote to memory of 4808	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	94
PID 1644 wrote to memory of 4808	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	94
PID 1644 wrote to memory of 4884	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	95
PID 1644 wrote to memory of 4884	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	95
PID 1644 wrote to memory of 4396	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	96
PID 1644 wrote to memory of 4396	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	96
PID 1644 wrote to memory of 1052	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	97
PID 1644 wrote to memory of 1052	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	97
PID 1644 wrote to memory of 4088	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	98
PID 1644 wrote to memory of 4088	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	98
PID 1644 wrote to memory of 532	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	99
PID 1644 wrote to memory of 532	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	99
PID 1644 wrote to memory of 2140	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	100
PID 1644 wrote to memory of 2140	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	100
PID 1644 wrote to memory of 5112	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	101
PID 1644 wrote to memory of 5112	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	101
PID 1644 wrote to memory of 3180	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	102
PID 1644 wrote to memory of 3180	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	102
PID 1644 wrote to memory of 2592	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	103
PID 1644 wrote to memory of 2592	1644	5c4e95da193fd89da2ea38553ddc7f84.exe	103

C:\Users\Admin\AppData\Local\Temp\5c4e95da193fd89da2ea38553ddc7f84.exe
"C:\Users\Admin\AppData\Local\Temp\5c4e95da193fd89da2ea38553ddc7f84.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\System\jNzbMZg.exe
  C:\Windows\System\jNzbMZg.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\HpeepOL.exe
  C:\Windows\System\HpeepOL.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\uTbeZqS.exe
  C:\Windows\System\uTbeZqS.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\BqMNTFE.exe
  C:\Windows\System\BqMNTFE.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\cyklaZG.exe
  C:\Windows\System\cyklaZG.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\zMsNuLn.exe
  C:\Windows\System\zMsNuLn.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\WdsLwfE.exe
  C:\Windows\System\WdsLwfE.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\gmSbdRD.exe
  C:\Windows\System\gmSbdRD.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\FEbJHDV.exe
  C:\Windows\System\FEbJHDV.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\fzRliAp.exe
  C:\Windows\System\fzRliAp.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\juhhivE.exe
  C:\Windows\System\juhhivE.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\GtGdTGG.exe
  C:\Windows\System\GtGdTGG.exe
  2⤵
  - Executes dropped EXE
  PID:4808
- C:\Windows\System\wVJAprq.exe
  C:\Windows\System\wVJAprq.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\CSkOvgQ.exe
  C:\Windows\System\CSkOvgQ.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\mvFDzfM.exe
  C:\Windows\System\mvFDzfM.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\SgbpXvi.exe
  C:\Windows\System\SgbpXvi.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\nlRUIsN.exe
  C:\Windows\System\nlRUIsN.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\hfSwnUY.exe
  C:\Windows\System\hfSwnUY.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\VSvnNgQ.exe
  C:\Windows\System\VSvnNgQ.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\tYskSzC.exe
  C:\Windows\System\tYskSzC.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\PSHrYLo.exe
  C:\Windows\System\PSHrYLo.exe
  2⤵
  - Executes dropped EXE
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BqMNTFE.exe

Filesize
5.2MB

MD5
e1ed788b75b1b3aff56fb278a07a9039

SHA1
e9f6e790ce3193bdd46274334745208147ae908a

SHA256
41c26db1e20941c00051e0da64594ca565daa977bcf83ebaed2c8179fafaa07b

SHA512
662b661b0479f2e3415b56ecd0ed45d216fa36f71327646162e1b4fe3d9bccc994bab670c25f5c2eddde022e48f23d08e283c3904b988bb165e1c9ad4f7a738a

Download Submit
C:\Windows\System\CSkOvgQ.exe

Filesize
5.2MB

MD5
c76d413b8bf731a891e100162112a662

SHA1
7badd795c7ace21ee5845c7fb21cad72ce4459e4

SHA256
c0ca02a351ae34c349baedc642728201f39f3dc15a6fcd10dcd2162a9d08c177

SHA512
f7e3cdc36a866854b7be3c50aceb2c839a437f26be56a640970dea561454f5d7f74ada91527060be8644911e09526950778c687032bcad02a51aa010e60606a2

Download Submit
C:\Windows\System\FEbJHDV.exe

Filesize
5.2MB

MD5
40639ae1f59476ac9ef5caafff562438

SHA1
1f3767c28d5ae9f39041113830c3242bee12b4d1

SHA256
b652aa4655c2130ec2ec4b5703efd798d692640adb40e18eb8c9381cc2f01de1

SHA512
177732e27407e97d81e511ea88b6b3257e7291c51f95cd697d58fb94281725a57375cf71847d7c8b9d62984ca91b401010b9e7326e0ffaa905cbf89a8e10470e

Download Submit
C:\Windows\System\GtGdTGG.exe

Filesize
5.2MB

MD5
adcaea6436cf3e091c8ebff357de7e1b

SHA1
89a14479472137cd0519cc969c7b876a21cb77ac

SHA256
106b4f9c920e842d312636f72bff76af822be6d87d648486351983e9b818d3ac

SHA512
eef59f22aa37b0fb16abca9fda8fb32959382efcea6189de3c8e1b34e4d97c5f21ac5123f6ae266b86abe158b8645b0812bc785e6f4c1d6eaf218fffb69377b0

Download Submit
C:\Windows\System\HpeepOL.exe

Filesize
5.2MB

MD5
a1269267e938fb4f04030a8ff182d42f

SHA1
f31d3cc0af39461e4dadfe417d1487e9fe85144c

SHA256
d9709f96ad758d3625dbc7d84a76fc27c2a3015abe607f25755b1249aca1e9b2

SHA512
2bd63d82221bcccf56893537f9dd7e427c4c14534c1fe8f06c9a6a6cfdcd8d542251f9ecd6e7f5351f52818cc717988776cbe97040e9b92be0d3ea39b657ad5a

Download Submit
C:\Windows\System\PSHrYLo.exe

Filesize
5.2MB

MD5
dd51b0912f73c838041b7e8ff24e5ae5

SHA1
e952c90e9894f50506d81d0ec793bb64119bed99

SHA256
8b9eec629695b24bf920b9f732de3c944dce0718dfc1779b3e39aa3fd7bda637

SHA512
9bace32a4a456bae9b436c1ac5977a7596cf9436d5ee041c9c19acf7b7cf5b5cd25b8d9a04a109f1e52eccb9ce00a68dae09e715c3aa10629216718fb47e9bd6

Download Submit
C:\Windows\System\SgbpXvi.exe

Filesize
5.2MB

MD5
247b2fa199c520491cc1b9a002088bd4

SHA1
7e83a911d312c2e4d9e8d43c58cfe9f74c435261

SHA256
9175e6cb0f42dd3560e292d265292fa43a0aafdfbd1038d9732c71cd662f2a97

SHA512
1aa75bf14046c6726edf00126e77c155ed960cde724b9e6488b22111438eb95f3cb972e6c1662ac12e9e2e4882eb05fdb71fc8418253660bd6f48c02575af269

Download Submit
C:\Windows\System\VSvnNgQ.exe

Filesize
5.2MB

MD5
e6b787218f8e5b0b66c7dc804223b73c

SHA1
ac245e365e2b4b60d0b593e694f073a7719f24e2

SHA256
93126c0e474e0949445c9266568b87894de116e099bba4d21a585f91ef5d22bd

SHA512
b73fdd85afa2697e1840fa2c5a81d76f308c87e511bb4451e0cadc6e9e3d42a711c32a640ba8c09ecd88d3ebe9360fa5a2ccb41976425464f1ba249c9dabf735

Download Submit
C:\Windows\System\WdsLwfE.exe

Filesize
5.2MB

MD5
e48d8f1e581fbee5d3788dbb658422ae

SHA1
57176f715a9b22b7bb31197c12a10997a9f6e775

SHA256
2c72b711f541b977b1a94d5d915c073619a249683d0e90d230e0058b991be037

SHA512
be0bc93a97e4bff7fdebac1f13508e47a1a4c5b5e8b3d01e109c232fcb4f5037d0a2362e60df195adb4ec0c8b4cf1721a89cd188e1d42e12449301be2db40dbb

Download Submit
C:\Windows\System\cyklaZG.exe

Filesize
5.2MB

MD5
e8cddcab6cd7f8c420f1b2e440c22e05

SHA1
8758c35f613fc0d5a9b052ec0741723706971a6a

SHA256
c9d3acf1e3f385a760e4d7da4f617ed6483951f4e690adb9b749fdd1eea32c81

SHA512
b6a967af3fcc4799bc42d984f3a95754ae159c4b13c85368bf9f89b05a436ebc3a984f0bae1c9d18fbc010786fe7d9bf8c5af11aa046db3794aee7327a9a60bb

Download Submit
C:\Windows\System\fzRliAp.exe

Filesize
5.2MB

MD5
7efa953881517887ee6cb8266306fbd1

SHA1
423b388dace3820fc6911ba0fcad2a01c48f9a03

SHA256
57c4c535de16a94a9be25ad3dbe031956da8d70a6488d726665baced147a5b2b

SHA512
f96f2fe5aaa5c863528deefef2bdaf67beeff55b27060a2993060ad30e63fcfe44ae02df3ddce0e9abef04906af2d7cc2bb5476e339649a61b71a1961fa14e25

Download Submit
C:\Windows\System\gmSbdRD.exe

Filesize
5.2MB

MD5
bfa22ecb41317b829d91884770b28577

SHA1
18d9602ff2147503d74b3b96a88f64ac562125ac

SHA256
2b71e3c84cac0b00227470c778b05b2911336aa6a48baa96c7f409513a49a776

SHA512
4fbb45a2e03dbd6ae2bf976f622484252ef8a34b17f3abf581812e0f07b78015f86d461aab76e02d080fc46fd7eaa416199ac29b092ad3e55198c445b939acbb

Download Submit
C:\Windows\System\hfSwnUY.exe

Filesize
5.2MB

MD5
a298bf107cafc81ee9667de854c22880

SHA1
3bd8ca2ac31cedc54b5d5ddcd41c001f15126b4b

SHA256
193f348a4e37d88f806631eb73a524df428d2844c3623ea7984c0d2fc96d890e

SHA512
df8aa8419031dc28aa03a1ef22b509e87d15feb43de85ba0e4180788c77554b129b965b7705bd1ee681de53edb07cb54348eff36f002956bb235d94712b95610

Download Submit
C:\Windows\System\jNzbMZg.exe

Filesize
5.2MB

MD5
58fe694fef096d9aa5431a87afafd277

SHA1
537921bfb8765d89bacac3d07a6068e4ed0ad774

SHA256
1ae601689d08274880420fd7e8c75fd37c85b1632425f946ed7640cc53622761

SHA512
88480438cf1e37a2cb1278942a994be9df6560d10af7ed9c628084630f3ad27639f174b082006317d8310a936aae45eb84395036c9227a726a42904f61401abf

Download Submit
C:\Windows\System\juhhivE.exe

Filesize
5.2MB

MD5
b019bfe3884ed940dbeb8e4a592d29b2

SHA1
9a0bb46afcb117ea5e6e63133cf80c0c28c0cc24

SHA256
c5b7dbd54a9f0cab7c34252749e61f28143241d6a2daf5b426422fd6b944d783

SHA512
b319accb6fb0c0034f637d4d13aa3c38307254321c5a9c36e5f115f0b45c731046130a96e71e03bbfe602bd104d8578bae128990f21cdc3cc1a898231e3b9a94

Download Submit
C:\Windows\System\mvFDzfM.exe

Filesize
5.2MB

MD5
d9753b8acc0c65ea356d56e4a70f4fa7

SHA1
bccc91298478fcae8bd306379033ecd6e93c2f64

SHA256
1163e6903fabefdaf1c6c66810f6d99dfd9575adcff80c1ba8221c66b6fe4038

SHA512
8d9b123074b704cea30f27fea316049cdd6c34ac2a9120f6ef1b977e5a82b99070763a423c22bfe6686264f07688b174eab6a3519fafe652310b04e53b8daabe

Download Submit
C:\Windows\System\nlRUIsN.exe

Filesize
5.2MB

MD5
4c32df46070f29ac2e945c8b385531d9

SHA1
fe250e9037260a54525b1ecf6503fcd681f3fb09

SHA256
59c7860bf5ce5414803875cee1c9282e1a174a8e7c925cab81060bc2f2d25923

SHA512
053caa6c5823364c4158c430e9a2fd19fdc3b3ea8ace28497009ae9dae5ea442a2bbda94419918d7ba567599bc57090da0c57d161af2784ebddb4695b5edf9c1

Download Submit
C:\Windows\System\tYskSzC.exe

Filesize
5.2MB

MD5
b89efa80420e600f03f121356ea34450

SHA1
f70e34a80e24f7bd0c7e896ad7014540b7e8b4d3

SHA256
67a1c577c03c899b12f881baa6598d0a1be5cab71ee17161f7d5c13d8b03aec0

SHA512
e6e880a5106da93af5e5bde2dd08dd4cc2adc2aeb469d4079dbcfb82b179a51c6f6a6d0b405601bad7386231f49c02c20aa211f474bb09e1bfeb09e2460b98bc

Download Submit
C:\Windows\System\uTbeZqS.exe

Filesize
5.2MB

MD5
a1636c99821a9b7b09dfe62b1e56b857

SHA1
ad7260ea18ccef08db269122a3d4fc5f7d421502

SHA256
198af3f698738c76c8fc619315f26fd4cdf3095a9d59a4c6b6f054e9592026bf

SHA512
7679201747c78ef639310cdf2535735c9608248e969556dfda777a25ef508dba4323dfebeb1d6fb38bfbc2f5271229814c6e175ae47c75c56a52c58604968d35

Download Submit
C:\Windows\System\wVJAprq.exe

Filesize
5.2MB

MD5
70d35fbfe457892dbc7e176e829a83a0

SHA1
06d1920e69e751b68b3ff818317b825d3e389a81

SHA256
898743fd9f9f5ffec498e671cf39145d1f64ae7a79b248594b3cb400622b7aed

SHA512
f19fc2602a7803013e1a7303d185f745f515615f0791973acf379550a64aeac2dd70fe55342084fd01e01564c84d5330724311ed128c00cfc201665f654367ec

Download Submit
C:\Windows\System\zMsNuLn.exe

Filesize
5.2MB

MD5
b5ba54528e792e5bec7bf2eed988653b

SHA1
f4e28553db183decc214ac3aedbbbd592b3a0d5c

SHA256
8e8e3764dfab9f32dc5a57cf9e1c93cd3e83bcd4c071c8d9269d0933324011b8

SHA512
046583d5a5e01d3e744f55b8218df57b9e943bc5e42589cb5ef16b908a3fd21a0ade7f2d8bea3079f6802b2372d6762708c55b3dc670dae2e13da5a907988a52

Download Submit
memory/532-152-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp

Filesize
3.3MB

Download
memory/532-260-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp

Filesize
3.3MB

Download
memory/532-106-0x00007FF61DF60000-0x00007FF61E2B1000-memory.dmp

Filesize
3.3MB

Download
memory/1004-144-0x00007FF667FC0000-0x00007FF668311000-memory.dmp

Filesize
3.3MB

Download
memory/1004-60-0x00007FF667FC0000-0x00007FF668311000-memory.dmp

Filesize
3.3MB

Download
memory/1004-239-0x00007FF667FC0000-0x00007FF668311000-memory.dmp

Filesize
3.3MB

Download
memory/1028-226-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp

Filesize
3.3MB

Download
memory/1028-134-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp

Filesize
3.3MB

Download
memory/1028-46-0x00007FF7EE1F0000-0x00007FF7EE541000-memory.dmp

Filesize
3.3MB

Download
memory/1052-254-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp

Filesize
3.3MB

Download
memory/1052-151-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp

Filesize
3.3MB

Download
memory/1052-102-0x00007FF738B90000-0x00007FF738EE1000-memory.dmp

Filesize
3.3MB

Download
memory/1644-135-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp

Filesize
3.3MB

Download
memory/1644-0-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp

Filesize
3.3MB

Download
memory/1644-87-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp

Filesize
3.3MB

Download
memory/1644-159-0x00007FF6F11B0000-0x00007FF6F1501000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1-0x0000019DFB6D0000-0x0000019DFB6E0000-memory.dmp

Filesize
64KB

Download
memory/1768-133-0x00007FF74E510000-0x00007FF74E861000-memory.dmp

Filesize
3.3MB

Download
memory/1768-38-0x00007FF74E510000-0x00007FF74E861000-memory.dmp

Filesize
3.3MB

Download
memory/1768-224-0x00007FF74E510000-0x00007FF74E861000-memory.dmp

Filesize
3.3MB

Download
memory/2140-256-0x00007FF7BA2A0000-0x00007FF7BA5F1000-memory.dmp

Filesize
3.3MB

Download
memory/2140-129-0x00007FF7BA2A0000-0x00007FF7BA5F1000-memory.dmp

Filesize
3.3MB

Download
memory/2196-68-0x00007FF72FBA0000-0x00007FF72FEF1000-memory.dmp

Filesize
3.3MB

Download
memory/2196-237-0x00007FF72FBA0000-0x00007FF72FEF1000-memory.dmp

Filesize
3.3MB

Download
memory/2568-57-0x00007FF7CF6F0000-0x00007FF7CFA41000-memory.dmp

Filesize
3.3MB

Download
memory/2568-230-0x00007FF7CF6F0000-0x00007FF7CFA41000-memory.dmp

Filesize
3.3MB

Download
memory/2592-132-0x00007FF620240000-0x00007FF620591000-memory.dmp

Filesize
3.3MB

Download
memory/2592-264-0x00007FF620240000-0x00007FF620591000-memory.dmp

Filesize
3.3MB

Download
memory/2988-15-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp

Filesize
3.3MB

Download
memory/2988-107-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp

Filesize
3.3MB

Download
memory/2988-218-0x00007FF6F35E0000-0x00007FF6F3931000-memory.dmp

Filesize
3.3MB

Download
memory/3112-116-0x00007FF637810000-0x00007FF637B61000-memory.dmp

Filesize
3.3MB

Download
memory/3112-26-0x00007FF637810000-0x00007FF637B61000-memory.dmp

Filesize
3.3MB

Download
memory/3112-220-0x00007FF637810000-0x00007FF637B61000-memory.dmp

Filesize
3.3MB

Download
memory/3180-130-0x00007FF67A820000-0x00007FF67AB71000-memory.dmp

Filesize
3.3MB

Download
memory/3180-263-0x00007FF67A820000-0x00007FF67AB71000-memory.dmp

Filesize
3.3MB

Download
memory/4088-128-0x00007FF7636B0000-0x00007FF763A01000-memory.dmp

Filesize
3.3MB

Download
memory/4088-258-0x00007FF7636B0000-0x00007FF763A01000-memory.dmp

Filesize
3.3MB

Download
memory/4244-7-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp

Filesize
3.3MB

Download
memory/4244-216-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp

Filesize
3.3MB

Download
memory/4244-93-0x00007FF760AD0000-0x00007FF760E21000-memory.dmp

Filesize
3.3MB

Download
memory/4396-82-0x00007FF615780000-0x00007FF615AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4396-246-0x00007FF615780000-0x00007FF615AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4396-150-0x00007FF615780000-0x00007FF615AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-124-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-27-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp

Filesize
3.3MB

Download
memory/4484-222-0x00007FF6C7C70000-0x00007FF6C7FC1000-memory.dmp

Filesize
3.3MB

Download
memory/4656-55-0x00007FF770420000-0x00007FF770771000-memory.dmp

Filesize
3.3MB

Download
memory/4656-229-0x00007FF770420000-0x00007FF770771000-memory.dmp

Filesize
3.3MB

Download
memory/4656-145-0x00007FF770420000-0x00007FF770771000-memory.dmp

Filesize
3.3MB

Download
memory/4808-242-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp

Filesize
3.3MB

Download
memory/4808-72-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp

Filesize
3.3MB

Download
memory/4808-148-0x00007FF7D02E0000-0x00007FF7D0631000-memory.dmp

Filesize
3.3MB

Download
memory/4884-244-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-81-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp

Filesize
3.3MB

Download
memory/4884-149-0x00007FF70F7A0000-0x00007FF70FAF1000-memory.dmp

Filesize
3.3MB

Download
memory/4924-240-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp

Filesize
3.3MB

Download
memory/4924-146-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp

Filesize
3.3MB

Download
memory/4924-67-0x00007FF6A7BC0000-0x00007FF6A7F11000-memory.dmp

Filesize
3.3MB

Download
memory/5112-131-0x00007FF6AEB20000-0x00007FF6AEE71000-memory.dmp

Filesize
3.3MB

Download
memory/5112-266-0x00007FF6AEB20000-0x00007FF6AEE71000-memory.dmp

Filesize
3.3MB

Download