cobaltstrike | 1a7acde47443a7ed4e01b81a28c665eb579ae10298a839107361c9ee4eff0515

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76d9468f87d80dd608bc30360a246ce9.exe
Size

5.2MB
MD5

76d9468f87d80dd608bc30360a246ce9
SHA1

77c55a94464f78263ed8c9a602e73ea3befde2b6
SHA256

1a7acde47443a7ed4e01b81a28c665eb579ae10298a839107361c9ee4eff0515
SHA512

2f73ab2629764540745ee842f6e04d066d0347d39141bc4aea63c1951b1a8d55ebfa3de15a05b66c7fc3bd1a57ef37b6263a725178436bd7d0ce0c0a4027cc00
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lq:RWWBibf56utgpPFotBER/mQ32lUu

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000900000002346a-4.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c4-11.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c5-21.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c8-35.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234ca-53.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c9-56.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cb-65.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cd-74.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cf-83.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d0-95.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d4-102.dat	cobalt_reflective_dll
behavioral2/files/0x00080000000234c1-113.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d3-111.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d2-105.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d1-99.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234ce-81.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234cc-67.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c7-39.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234c6-27.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d5-119.dat	cobalt_reflective_dll
behavioral2/files/0x00070000000234d7-124.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 45 IoCs

miner

resource	yara_rule
behavioral2/memory/4252-108-0x00007FF78A390000-0x00007FF78A6E1000-memory.dmp	xmrig
behavioral2/memory/3592-109-0x00007FF65E9F0000-0x00007FF65ED41000-memory.dmp	xmrig
behavioral2/memory/1016-103-0x00007FF716840000-0x00007FF716B91000-memory.dmp	xmrig
behavioral2/memory/4320-90-0x00007FF6B3170000-0x00007FF6B34C1000-memory.dmp	xmrig
behavioral2/memory/1452-80-0x00007FF784520000-0x00007FF784871000-memory.dmp	xmrig
behavioral2/memory/756-71-0x00007FF6A0660000-0x00007FF6A09B1000-memory.dmp	xmrig
behavioral2/memory/4868-62-0x00007FF7990D0000-0x00007FF799421000-memory.dmp	xmrig
behavioral2/memory/3416-61-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp	xmrig
behavioral2/memory/4452-125-0x00007FF635930000-0x00007FF635C81000-memory.dmp	xmrig
behavioral2/memory/4372-128-0x00007FF6D05D0000-0x00007FF6D0921000-memory.dmp	xmrig
behavioral2/memory/396-127-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	xmrig
behavioral2/memory/4988-129-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp	xmrig
behavioral2/memory/396-130-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	xmrig
behavioral2/memory/1320-140-0x00007FF643C20000-0x00007FF643F71000-memory.dmp	xmrig
behavioral2/memory/1496-143-0x00007FF706F10000-0x00007FF707261000-memory.dmp	xmrig
behavioral2/memory/3420-134-0x00007FF612640000-0x00007FF612991000-memory.dmp	xmrig
behavioral2/memory/4820-138-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp	xmrig
behavioral2/memory/1172-135-0x00007FF695410000-0x00007FF695761000-memory.dmp	xmrig
behavioral2/memory/4680-133-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	xmrig
behavioral2/memory/3124-132-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp	xmrig
behavioral2/memory/4400-149-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp	xmrig
behavioral2/memory/2696-148-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp	xmrig
behavioral2/memory/3168-147-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp	xmrig
behavioral2/memory/396-152-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	xmrig
behavioral2/memory/4988-202-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp	xmrig
behavioral2/memory/3124-220-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp	xmrig
behavioral2/memory/4680-222-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	xmrig
behavioral2/memory/3420-224-0x00007FF612640000-0x00007FF612991000-memory.dmp	xmrig
behavioral2/memory/3416-226-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp	xmrig
behavioral2/memory/1172-229-0x00007FF695410000-0x00007FF695761000-memory.dmp	xmrig
behavioral2/memory/4820-232-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp	xmrig
behavioral2/memory/1320-235-0x00007FF643C20000-0x00007FF643F71000-memory.dmp	xmrig
behavioral2/memory/756-236-0x00007FF6A0660000-0x00007FF6A09B1000-memory.dmp	xmrig
behavioral2/memory/4868-231-0x00007FF7990D0000-0x00007FF799421000-memory.dmp	xmrig
behavioral2/memory/3168-243-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp	xmrig
behavioral2/memory/4252-254-0x00007FF78A390000-0x00007FF78A6E1000-memory.dmp	xmrig
behavioral2/memory/2696-253-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp	xmrig
behavioral2/memory/1016-249-0x00007FF716840000-0x00007FF716B91000-memory.dmp	xmrig
behavioral2/memory/4400-246-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp	xmrig
behavioral2/memory/3592-251-0x00007FF65E9F0000-0x00007FF65ED41000-memory.dmp	xmrig
behavioral2/memory/1496-241-0x00007FF706F10000-0x00007FF707261000-memory.dmp	xmrig
behavioral2/memory/1452-240-0x00007FF784520000-0x00007FF784871000-memory.dmp	xmrig
behavioral2/memory/4320-245-0x00007FF6B3170000-0x00007FF6B34C1000-memory.dmp	xmrig
behavioral2/memory/4452-257-0x00007FF635930000-0x00007FF635C81000-memory.dmp	xmrig
behavioral2/memory/4372-259-0x00007FF6D05D0000-0x00007FF6D0921000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
4988	Lgmbtbv.exe
3124	jrwYzFN.exe
4680	hEWmVzY.exe
3420	nOjLvpR.exe
3416	yRiinUW.exe
1172	fJuHtWq.exe
4868	zIhprEH.exe
4820	TGmmEzg.exe
756	IJEiPXG.exe
1320	MBxEtxi.exe
1452	RfsLWnK.exe
4320	HaShjDx.exe
1496	RmgVmla.exe
1016	rVLyIPn.exe
4252	ZbvThBf.exe
3592	bjixYwd.exe
3168	kbABmWu.exe
2696	TeiBOti.exe
4400	rHjyOoM.exe
4452	ItnPwwq.exe
4372	yGGUpFO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/396-0-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	upx
behavioral2/files/0x000900000002346a-4.dat	upx
behavioral2/memory/4988-7-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp	upx
behavioral2/files/0x00070000000234c4-11.dat	upx
behavioral2/files/0x00070000000234c5-21.dat	upx
behavioral2/memory/4680-24-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-35.dat	upx
behavioral2/files/0x00070000000234ca-53.dat	upx
behavioral2/files/0x00070000000234c9-56.dat	upx
behavioral2/files/0x00070000000234cb-65.dat	upx
behavioral2/files/0x00070000000234cd-74.dat	upx
behavioral2/files/0x00070000000234cf-83.dat	upx
behavioral2/files/0x00070000000234d0-95.dat	upx
behavioral2/files/0x00070000000234d4-102.dat	upx
behavioral2/memory/4252-108-0x00007FF78A390000-0x00007FF78A6E1000-memory.dmp	upx
behavioral2/files/0x00080000000234c1-113.dat	upx
behavioral2/files/0x00070000000234d3-111.dat	upx
behavioral2/memory/2696-110-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp	upx
behavioral2/memory/3592-109-0x00007FF65E9F0000-0x00007FF65ED41000-memory.dmp	upx
behavioral2/memory/4400-107-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp	upx
behavioral2/files/0x00070000000234d2-105.dat	upx
behavioral2/memory/3168-104-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp	upx
behavioral2/memory/1016-103-0x00007FF716840000-0x00007FF716B91000-memory.dmp	upx
behavioral2/files/0x00070000000234d1-99.dat	upx
behavioral2/memory/4320-90-0x00007FF6B3170000-0x00007FF6B34C1000-memory.dmp	upx
behavioral2/files/0x00070000000234ce-81.dat	upx
behavioral2/memory/1452-80-0x00007FF784520000-0x00007FF784871000-memory.dmp	upx
behavioral2/memory/1496-79-0x00007FF706F10000-0x00007FF707261000-memory.dmp	upx
behavioral2/memory/756-71-0x00007FF6A0660000-0x00007FF6A09B1000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-67.dat	upx
behavioral2/memory/4868-62-0x00007FF7990D0000-0x00007FF799421000-memory.dmp	upx
behavioral2/memory/3416-61-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp	upx
behavioral2/memory/1320-52-0x00007FF643C20000-0x00007FF643F71000-memory.dmp	upx
behavioral2/memory/4820-50-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp	upx
behavioral2/memory/1172-44-0x00007FF695410000-0x00007FF695761000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-39.dat	upx
behavioral2/memory/3420-32-0x00007FF612640000-0x00007FF612991000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-27.dat	upx
behavioral2/memory/3124-14-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp	upx
behavioral2/files/0x00070000000234d5-119.dat	upx
behavioral2/files/0x00070000000234d7-124.dat	upx
behavioral2/memory/4452-125-0x00007FF635930000-0x00007FF635C81000-memory.dmp	upx
behavioral2/memory/4372-128-0x00007FF6D05D0000-0x00007FF6D0921000-memory.dmp	upx
behavioral2/memory/396-127-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	upx
behavioral2/memory/4988-129-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp	upx
behavioral2/memory/396-130-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	upx
behavioral2/memory/1320-140-0x00007FF643C20000-0x00007FF643F71000-memory.dmp	upx
behavioral2/memory/1496-143-0x00007FF706F10000-0x00007FF707261000-memory.dmp	upx
behavioral2/memory/3420-134-0x00007FF612640000-0x00007FF612991000-memory.dmp	upx
behavioral2/memory/4820-138-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp	upx
behavioral2/memory/1172-135-0x00007FF695410000-0x00007FF695761000-memory.dmp	upx
behavioral2/memory/4680-133-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	upx
behavioral2/memory/3124-132-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp	upx
behavioral2/memory/4400-149-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp	upx
behavioral2/memory/2696-148-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp	upx
behavioral2/memory/3168-147-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp	upx
behavioral2/memory/396-152-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp	upx
behavioral2/memory/4988-202-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp	upx
behavioral2/memory/3124-220-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp	upx
behavioral2/memory/4680-222-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	upx
behavioral2/memory/3420-224-0x00007FF612640000-0x00007FF612991000-memory.dmp	upx
behavioral2/memory/3416-226-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp	upx
behavioral2/memory/1172-229-0x00007FF695410000-0x00007FF695761000-memory.dmp	upx
behavioral2/memory/4820-232-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\RfsLWnK.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\RmgVmla.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\Lgmbtbv.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\yRiinUW.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\TGmmEzg.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\rHjyOoM.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\ItnPwwq.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\IJEiPXG.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\rVLyIPn.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\TeiBOti.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\yGGUpFO.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\hEWmVzY.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\ZbvThBf.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\kbABmWu.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\zIhprEH.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\MBxEtxi.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\HaShjDx.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\bjixYwd.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\jrwYzFN.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\nOjLvpR.exe	76d9468f87d80dd608bc30360a246ce9.exe
File created	C:\Windows\System\fJuHtWq.exe	76d9468f87d80dd608bc30360a246ce9.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	396	76d9468f87d80dd608bc30360a246ce9.exe
Token: SeLockMemoryPrivilege	396	76d9468f87d80dd608bc30360a246ce9.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4988	396	76d9468f87d80dd608bc30360a246ce9.exe	83
PID 396 wrote to memory of 4988	396	76d9468f87d80dd608bc30360a246ce9.exe	83
PID 396 wrote to memory of 3124	396	76d9468f87d80dd608bc30360a246ce9.exe	84
PID 396 wrote to memory of 3124	396	76d9468f87d80dd608bc30360a246ce9.exe	84
PID 396 wrote to memory of 4680	396	76d9468f87d80dd608bc30360a246ce9.exe	85
PID 396 wrote to memory of 4680	396	76d9468f87d80dd608bc30360a246ce9.exe	85
PID 396 wrote to memory of 3420	396	76d9468f87d80dd608bc30360a246ce9.exe	86
PID 396 wrote to memory of 3420	396	76d9468f87d80dd608bc30360a246ce9.exe	86
PID 396 wrote to memory of 1172	396	76d9468f87d80dd608bc30360a246ce9.exe	87
PID 396 wrote to memory of 1172	396	76d9468f87d80dd608bc30360a246ce9.exe	87
PID 396 wrote to memory of 3416	396	76d9468f87d80dd608bc30360a246ce9.exe	88
PID 396 wrote to memory of 3416	396	76d9468f87d80dd608bc30360a246ce9.exe	88
PID 396 wrote to memory of 4868	396	76d9468f87d80dd608bc30360a246ce9.exe	89
PID 396 wrote to memory of 4868	396	76d9468f87d80dd608bc30360a246ce9.exe	89
PID 396 wrote to memory of 4820	396	76d9468f87d80dd608bc30360a246ce9.exe	90
PID 396 wrote to memory of 4820	396	76d9468f87d80dd608bc30360a246ce9.exe	90
PID 396 wrote to memory of 756	396	76d9468f87d80dd608bc30360a246ce9.exe	91
PID 396 wrote to memory of 756	396	76d9468f87d80dd608bc30360a246ce9.exe	91
PID 396 wrote to memory of 1320	396	76d9468f87d80dd608bc30360a246ce9.exe	92
PID 396 wrote to memory of 1320	396	76d9468f87d80dd608bc30360a246ce9.exe	92
PID 396 wrote to memory of 1452	396	76d9468f87d80dd608bc30360a246ce9.exe	93
PID 396 wrote to memory of 1452	396	76d9468f87d80dd608bc30360a246ce9.exe	93
PID 396 wrote to memory of 4320	396	76d9468f87d80dd608bc30360a246ce9.exe	94
PID 396 wrote to memory of 4320	396	76d9468f87d80dd608bc30360a246ce9.exe	94
PID 396 wrote to memory of 1496	396	76d9468f87d80dd608bc30360a246ce9.exe	95
PID 396 wrote to memory of 1496	396	76d9468f87d80dd608bc30360a246ce9.exe	95
PID 396 wrote to memory of 1016	396	76d9468f87d80dd608bc30360a246ce9.exe	96
PID 396 wrote to memory of 1016	396	76d9468f87d80dd608bc30360a246ce9.exe	96
PID 396 wrote to memory of 4252	396	76d9468f87d80dd608bc30360a246ce9.exe	97
PID 396 wrote to memory of 4252	396	76d9468f87d80dd608bc30360a246ce9.exe	97
PID 396 wrote to memory of 3592	396	76d9468f87d80dd608bc30360a246ce9.exe	98
PID 396 wrote to memory of 3592	396	76d9468f87d80dd608bc30360a246ce9.exe	98
PID 396 wrote to memory of 3168	396	76d9468f87d80dd608bc30360a246ce9.exe	99
PID 396 wrote to memory of 3168	396	76d9468f87d80dd608bc30360a246ce9.exe	99
PID 396 wrote to memory of 2696	396	76d9468f87d80dd608bc30360a246ce9.exe	100
PID 396 wrote to memory of 2696	396	76d9468f87d80dd608bc30360a246ce9.exe	100
PID 396 wrote to memory of 4400	396	76d9468f87d80dd608bc30360a246ce9.exe	101
PID 396 wrote to memory of 4400	396	76d9468f87d80dd608bc30360a246ce9.exe	101
PID 396 wrote to memory of 4452	396	76d9468f87d80dd608bc30360a246ce9.exe	102
PID 396 wrote to memory of 4452	396	76d9468f87d80dd608bc30360a246ce9.exe	102
PID 396 wrote to memory of 4372	396	76d9468f87d80dd608bc30360a246ce9.exe	103
PID 396 wrote to memory of 4372	396	76d9468f87d80dd608bc30360a246ce9.exe	103

C:\Users\Admin\AppData\Local\Temp\76d9468f87d80dd608bc30360a246ce9.exe
"C:\Users\Admin\AppData\Local\Temp\76d9468f87d80dd608bc30360a246ce9.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\System\Lgmbtbv.exe
  C:\Windows\System\Lgmbtbv.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\jrwYzFN.exe
  C:\Windows\System\jrwYzFN.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\hEWmVzY.exe
  C:\Windows\System\hEWmVzY.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\nOjLvpR.exe
  C:\Windows\System\nOjLvpR.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\fJuHtWq.exe
  C:\Windows\System\fJuHtWq.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\yRiinUW.exe
  C:\Windows\System\yRiinUW.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\zIhprEH.exe
  C:\Windows\System\zIhprEH.exe
  2⤵
  - Executes dropped EXE
  PID:4868
- C:\Windows\System\TGmmEzg.exe
  C:\Windows\System\TGmmEzg.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\IJEiPXG.exe
  C:\Windows\System\IJEiPXG.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\MBxEtxi.exe
  C:\Windows\System\MBxEtxi.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\RfsLWnK.exe
  C:\Windows\System\RfsLWnK.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\HaShjDx.exe
  C:\Windows\System\HaShjDx.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\RmgVmla.exe
  C:\Windows\System\RmgVmla.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\rVLyIPn.exe
  C:\Windows\System\rVLyIPn.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\ZbvThBf.exe
  C:\Windows\System\ZbvThBf.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\bjixYwd.exe
  C:\Windows\System\bjixYwd.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\kbABmWu.exe
  C:\Windows\System\kbABmWu.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Windows\System\TeiBOti.exe
  C:\Windows\System\TeiBOti.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\rHjyOoM.exe
  C:\Windows\System\rHjyOoM.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\ItnPwwq.exe
  C:\Windows\System\ItnPwwq.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\yGGUpFO.exe
  C:\Windows\System\yGGUpFO.exe
  2⤵
  - Executes dropped EXE
  PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\HaShjDx.exe

Filesize
5.2MB

MD5
7473032e9c77e42d03c5ee755946989b

SHA1
c95597b8edccb6540b92bdfd22e8569a1e6c80b7

SHA256
9babc7c038b2e223f4ff0be75603afa31d1c92692d1ca6dee94c1115d7afaa99

SHA512
e1ebdd748ef413a05930af9868eb3db0ddc186a9ad60a2a50b1fd3cf2e6b34ed45d6fd16bae2243f9e6a92eed32b90fee70f0327062fec24d2388f7b884a597f

Download Submit
C:\Windows\System\IJEiPXG.exe

Filesize
5.2MB

MD5
945f5ca879ee5530af4126fdce96ae84

SHA1
2c0c0d3feb1b49a7f5aa4d5ba7c2227107491837

SHA256
b18caaa87251321ac81fb0d44ce79b99dfa98bae5c87f9808c429e48289739bb

SHA512
22fde4717395522f698d329d6871e27f985838e1114101dd9d483099d29c39de85551f9c4ce3eb3a3566fa2b3b57264f06073b03b7a126b0ba4c0f79dfb8d1d0

Download Submit
C:\Windows\System\ItnPwwq.exe

Filesize
5.2MB

MD5
042a04485729fe2fc3a371dc3dfbb39e

SHA1
3f11754146c31edb7037334f5d95a6cadbdf013d

SHA256
4347ad82d516c2d76b2dee42eeeafbe9808de172340b7c35c33e3e31a20eb060

SHA512
00258e79adee22175d4e6fa14fe402e3fc9cb7f617a11f83be1d8596b1dfee4caa228f8be863cfba28182cb89323096c51ec424a5f6e7adb8178c80e1c2d19d0

Download Submit
C:\Windows\System\Lgmbtbv.exe

Filesize
5.2MB

MD5
e8a1e6adc982c190931f6ee7f71f7cf1

SHA1
50319e7178c9ac2ad47d80774b8f8239b0731316

SHA256
27e9ce2ad2d0ef69bcf886278671b8856863948b330ff34a7360ac06a86ca2fe

SHA512
adcbf9a58127599eb3a05642600ac448ec89da89c2856d29f1d6e057ef3abc75bfc5d61871edebca99530b2981b2814aeddea2386e89a267f36e7c97051b40b9

Download Submit
C:\Windows\System\MBxEtxi.exe

Filesize
5.2MB

MD5
30d21a5882bb548498a86a2fa397662c

SHA1
a188c1b9a029309df9a4181a3095c940f99b2d26

SHA256
65531e1418acfaf492313b466aa41498db9b9b37b49e1205b0e5703715c550ac

SHA512
803539bd1e2a3a5da1d3884d25a7e53bae0e7fcb96da67e5956c2a19258fcf61ca4ecbf1d74079cbe591428993ac12b93f1a11e851634f8388dd42e43b953366

Download Submit
C:\Windows\System\RfsLWnK.exe

Filesize
5.2MB

MD5
968c56bcdaac7cc043995688bf577116

SHA1
288fb14ab7d5899612bfd9ee84824859a457630b

SHA256
9d311aedc25b9a0f88f9d0fa3ed9aacfb95455317cbcda5a1b1df75f86e30040

SHA512
7a2c631e4bef19f6809d181375f3967583dc68b3e2c6fe6d3a2043d495af31f7475dc24311b3636748b2bd70c889f14ccce777d311d8a8acc913b053318e7da2

Download Submit
C:\Windows\System\RmgVmla.exe

Filesize
5.2MB

MD5
e12e64de87a605de8ff2c89f4d0f66b7

SHA1
255927ed6748e028bd8fe07673e32b3ff96230e0

SHA256
65c2ca7a8430a90afbd1fe9662609cae1deed169e48be858e5f533ca3499d8da

SHA512
3b6fe7732896bae9e541d86d492d19a594ff794d1e707ef9692d7b5edabb60acea4481af3625bc3908bdd2112d84e3e89c09bdff1d61715b5fdfe19ceef2dcce

Download Submit
C:\Windows\System\TGmmEzg.exe

Filesize
5.2MB

MD5
2317640551973630543ca3a2fd189c00

SHA1
c690ea4132203fb23cd678712caf8d5035814636

SHA256
5bb125d3c2c48cca82b490426a125ad773170a29841f332b7a2e491771f41cdf

SHA512
6a4dffef0484dc8e239321c086ed3d104dffe94d0451ff6c1b4dfce8e7eca0d42bc3f76422350cf95567f5c329584376c732451f0bb1ab0676deba199e96c064

Download Submit
C:\Windows\System\TeiBOti.exe

Filesize
5.2MB

MD5
14fd3c4688f1fa004771f0540d339885

SHA1
8a7f8895e1b1a1d8be7314a5a40c0c69b0d2a926

SHA256
b8a832565fdbc585028a3eaede67acfed6055476c781aacde0e150631615c7c8

SHA512
0044c5a9a50653e30296cfd7e531811a5b7c306a8a532ec88cf496801b3bbc5408d3cea7cbc8f5d6d08ad1c213d0d38179fa696206735ee7eb58e50af2f35bea

Download Submit
C:\Windows\System\ZbvThBf.exe

Filesize
5.2MB

MD5
aa85ee1663692ea51305f05df32081ea

SHA1
32a161eb0af5407e6f6d330e670b028c776c8ac7

SHA256
ef25eee663b9dda4e7fd6ae0c70d8a4facc16939fca0596cfd721d00863d7a31

SHA512
04a9e7fe9f5e665559a56640ed957213ab35a0801eb012568bd0a0f357b10fa9182d55b1b8a83a548aba0cb3124eec6d2acc7d0d52075c148f4d591df3db228a

Download Submit
C:\Windows\System\bjixYwd.exe

Filesize
5.2MB

MD5
4992422c296db5100e448ce2d1528a02

SHA1
a2563229ffa407ea98ae46b5b5b095e330c36267

SHA256
22d80a43cb06338e3ce23d90da0ff2f4973bab5439b1f821093325e8cee3bf25

SHA512
3b75c0d21d99b42bb7de047b5604916450aa5ccd84c4647af3d04a26078d835c0479085220b101a7c76d29e651476de82b288b0278e775a608b71c226c0ecd4e

Download Submit
C:\Windows\System\fJuHtWq.exe

Filesize
5.2MB

MD5
19d1f87b352a107b546f4d1ca65f2dfb

SHA1
2f2db0b7c69cc97015c0925a4964b06f5e520d6f

SHA256
57a4f77f7f5a25ec8adfb8fa7e00f7a8aa9375039a5ede8ec382e4200d9a178d

SHA512
d156a90286a1409c3dff5689419fd7906134f3919b35f4b7cd2d95824511d9d2fa5fd7e6234ff3a505ef887550f4f1104e21c43b91ce793ad00e0ebb78c8a74c

Download Submit
C:\Windows\System\hEWmVzY.exe

Filesize
5.2MB

MD5
77d95bcd00197e06c830b6ca26d7090e

SHA1
e300ff1bfd885f956fd2d1b9441639dcf828a129

SHA256
05d49fb8b8e348d221cde9311d832eba5bc4e5a3fa4ecf840ef63796cdf5423a

SHA512
98cc2787f32f286d4e365402e09407106180c710a73e2b1fe05a7dba5ae0226617b23da7d5e6f46fbba34bc6fea584919e7e3f501fe5df460c58876eb036085b

Download Submit
C:\Windows\System\jrwYzFN.exe

Filesize
5.2MB

MD5
94ff0a26ec7d9d59328ebf2f04d609b3

SHA1
4fe8b8c1ffd5caca93badc3aa2f760a44961892c

SHA256
430e69c26d4d0a97843b9e999ce63b0caf757243e2a70741e92ed115d0182fb2

SHA512
6646ea8a0f6a848284401844014bb6e287d05c0de2427ac251e85a00a56e46468ca82a640bde7f54c8abae8480c95a0512565874590fb1fb3a4c8e700b74afdd

Download Submit
C:\Windows\System\kbABmWu.exe

Filesize
5.2MB

MD5
37525405eb473fc411fd2858b6a1d5dd

SHA1
a80b1bffd1b619f0c53d321d0d6668d67e628f83

SHA256
e4ad7dfe8a285f4b9465d2f071ba057a88b9b02561aa3882fd7070574fd81804

SHA512
57f4b2e7e00bec335c15607c231bbbec8c2329091b8b3ff8709b4430e5fb4b7a56db8e6d5aae07060201cc8d639613f03b5cbf241221cc6623462e0543cfd22f

Download Submit
C:\Windows\System\nOjLvpR.exe

Filesize
5.2MB

MD5
dfde28155dcf3a11fadd64ea6fb8f433

SHA1
aa668e9637d877538ff7b0976a326112797ed478

SHA256
d337586ee299a00fcb56a0f77f7fd8da93411a67f150b19b23ee611714e794fe

SHA512
2dc5d11000db578df9627fb2daf2171d88facb5f64965ffcc66b0b27579b1ac0e4a5e1773bf290f5047489b7cbcd9ab70fdfdcfef8c40ff261deb4db9630d330

Download Submit
C:\Windows\System\rHjyOoM.exe

Filesize
5.2MB

MD5
a67d705096ac65cf9e904122ca2170e6

SHA1
f6d4b86b7563376f93f3b161ed613a39bb2e862c

SHA256
3e524ef0baf083a6c5cc5cfc7ac5c3d4bc652cd64598a942f501267511f06d02

SHA512
405b9624f77d8f16d60f2a4b0b4a378d8147fcd12d3494ba9b7fa56f564861efd87ad555ed6a1f15a4c772870187400317cdfbb94f515ad834a06b12140a9461

Download Submit
C:\Windows\System\rVLyIPn.exe

Filesize
5.2MB

MD5
7d923f131ecd4b7da836ee979f0748e0

SHA1
e403b81f134242e3d120f491c7eac945dba0f89a

SHA256
6d3bfca3c3c96f5a85f3e1182fb1cae18f818a1045a1e2dee8596067708f9463

SHA512
7e4de8fe749dbc55c99b9a332d94d44cd83f5c6ebe2a91d81951d6ca884567c7d1620b348346ffa8c67a98b45037cba7c2f75072ca76a176fa6f99a2588f6046

Download Submit
C:\Windows\System\yGGUpFO.exe

Filesize
5.2MB

MD5
a1a958927d60b26d4efd1861c50aa802

SHA1
9ba9df0e38fad93b27f5344a631affbfebfc0b69

SHA256
40475a9c04055c32973d0d756f6e7ac1629a0a7e27cb5137c921f75770ffda33

SHA512
82e0dccc6695347a10a954f06cfff6b7047d65e03ffc8e6ce0a642fb6fb494958ef1102a74052da3ca02a151fa2ada3621e60aec20f40d444b566962d4963d02

Download Submit
C:\Windows\System\yRiinUW.exe

Filesize
5.2MB

MD5
8978ad98755ebaa25d3e76297b2cd5f8

SHA1
391d9a21929506aa3332359cc7d31663908ec6e3

SHA256
8da894c0739bb850b2ca97ab8b97af10c4c639640dc76e7ba673e93d7e2055e3

SHA512
9642ac30ffecc6d1683718a7a80c7cfa9fe8befa4844d2973283c1278b9c27aab96f00b18649a8ffa8e71e721964c38eb9358c31f64644bea03626dfe79ca287

Download Submit
C:\Windows\System\zIhprEH.exe

Filesize
5.2MB

MD5
4bea493b01811dd5295cd00bdb61730f

SHA1
90f13eaf04b328277d246319176645802dc29404

SHA256
dea98c8ffe7fce82ab419be038777a39986dfcad97ee8b7e0e141ed9e05dd325

SHA512
3dbb879236da63438249f02ad29d5da3bb0cf36ef78f50e4b4baefdda480d95610d6b5f181feabb582377f80c0370c26d25f26035a11b9eceac512e5c6d4abcb

Download Submit
memory/396-152-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

Filesize
3.3MB

Download
memory/396-127-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

Filesize
3.3MB

Download
memory/396-1-0x000001C3D7870000-0x000001C3D7880000-memory.dmp

Filesize
64KB

Download
memory/396-0-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

Filesize
3.3MB

Download
memory/396-130-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

Filesize
3.3MB

Download
memory/756-236-0x00007FF6A0660000-0x00007FF6A09B1000-memory.dmp

Filesize
3.3MB

Download
memory/756-71-0x00007FF6A0660000-0x00007FF6A09B1000-memory.dmp

Filesize
3.3MB

Download
memory/1016-249-0x00007FF716840000-0x00007FF716B91000-memory.dmp

Filesize
3.3MB

Download
memory/1016-103-0x00007FF716840000-0x00007FF716B91000-memory.dmp

Filesize
3.3MB

Download
memory/1172-229-0x00007FF695410000-0x00007FF695761000-memory.dmp

Filesize
3.3MB

Download
memory/1172-44-0x00007FF695410000-0x00007FF695761000-memory.dmp

Filesize
3.3MB

Download
memory/1172-135-0x00007FF695410000-0x00007FF695761000-memory.dmp

Filesize
3.3MB

Download
memory/1320-235-0x00007FF643C20000-0x00007FF643F71000-memory.dmp

Filesize
3.3MB

Download
memory/1320-52-0x00007FF643C20000-0x00007FF643F71000-memory.dmp

Filesize
3.3MB

Download
memory/1320-140-0x00007FF643C20000-0x00007FF643F71000-memory.dmp

Filesize
3.3MB

Download
memory/1452-240-0x00007FF784520000-0x00007FF784871000-memory.dmp

Filesize
3.3MB

Download
memory/1452-80-0x00007FF784520000-0x00007FF784871000-memory.dmp

Filesize
3.3MB

Download
memory/1496-241-0x00007FF706F10000-0x00007FF707261000-memory.dmp

Filesize
3.3MB

Download
memory/1496-79-0x00007FF706F10000-0x00007FF707261000-memory.dmp

Filesize
3.3MB

Download
memory/1496-143-0x00007FF706F10000-0x00007FF707261000-memory.dmp

Filesize
3.3MB

Download
memory/2696-148-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp

Filesize
3.3MB

Download
memory/2696-110-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp

Filesize
3.3MB

Download
memory/2696-253-0x00007FF6C8740000-0x00007FF6C8A91000-memory.dmp

Filesize
3.3MB

Download
memory/3124-132-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp

Filesize
3.3MB

Download
memory/3124-14-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp

Filesize
3.3MB

Download
memory/3124-220-0x00007FF6A47D0000-0x00007FF6A4B21000-memory.dmp

Filesize
3.3MB

Download
memory/3168-147-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp

Filesize
3.3MB

Download
memory/3168-243-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp

Filesize
3.3MB

Download
memory/3168-104-0x00007FF6A7390000-0x00007FF6A76E1000-memory.dmp

Filesize
3.3MB

Download
memory/3416-61-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp

Filesize
3.3MB

Download
memory/3416-226-0x00007FF6DBF50000-0x00007FF6DC2A1000-memory.dmp

Filesize
3.3MB

Download
memory/3420-32-0x00007FF612640000-0x00007FF612991000-memory.dmp

Filesize
3.3MB

Download
memory/3420-134-0x00007FF612640000-0x00007FF612991000-memory.dmp

Filesize
3.3MB

Download
memory/3420-224-0x00007FF612640000-0x00007FF612991000-memory.dmp

Filesize
3.3MB

Download
memory/3592-109-0x00007FF65E9F0000-0x00007FF65ED41000-memory.dmp

Filesize
3.3MB

Download
memory/3592-251-0x00007FF65E9F0000-0x00007FF65ED41000-memory.dmp

Filesize
3.3MB

Download
memory/4252-254-0x00007FF78A390000-0x00007FF78A6E1000-memory.dmp

Filesize
3.3MB

Download
memory/4252-108-0x00007FF78A390000-0x00007FF78A6E1000-memory.dmp

Filesize
3.3MB

Download
memory/4320-245-0x00007FF6B3170000-0x00007FF6B34C1000-memory.dmp

Filesize
3.3MB

Download
memory/4320-90-0x00007FF6B3170000-0x00007FF6B34C1000-memory.dmp

Filesize
3.3MB

Download
memory/4372-259-0x00007FF6D05D0000-0x00007FF6D0921000-memory.dmp

Filesize
3.3MB

Download
memory/4372-128-0x00007FF6D05D0000-0x00007FF6D0921000-memory.dmp

Filesize
3.3MB

Download
memory/4400-107-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4400-246-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4400-149-0x00007FF6B69A0000-0x00007FF6B6CF1000-memory.dmp

Filesize
3.3MB

Download
memory/4452-125-0x00007FF635930000-0x00007FF635C81000-memory.dmp

Filesize
3.3MB

Download
memory/4452-257-0x00007FF635930000-0x00007FF635C81000-memory.dmp

Filesize
3.3MB

Download
memory/4680-222-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp

Filesize
3.3MB

Download
memory/4680-24-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp

Filesize
3.3MB

Download
memory/4680-133-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp

Filesize
3.3MB

Download
memory/4820-138-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4820-232-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4820-50-0x00007FF701C50000-0x00007FF701FA1000-memory.dmp

Filesize
3.3MB

Download
memory/4868-231-0x00007FF7990D0000-0x00007FF799421000-memory.dmp

Filesize
3.3MB

Download
memory/4868-62-0x00007FF7990D0000-0x00007FF799421000-memory.dmp

Filesize
3.3MB

Download
memory/4988-7-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-202-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp

Filesize
3.3MB

Download
memory/4988-129-0x00007FF76FA70000-0x00007FF76FDC1000-memory.dmp

Filesize
3.3MB

Download