cobaltstrike | 32e79c9f6953c1e9cbc3a89c6f8fdbd96af59403ddff5d376eb3a9a11af30e50

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9521afafbc8c536831db6bcd79afe2c6.exe
Size

5.2MB
MD5

9521afafbc8c536831db6bcd79afe2c6
SHA1

19294f9b21891d480b60e33199650e10a5c9328f
SHA256

32e79c9f6953c1e9cbc3a89c6f8fdbd96af59403ddff5d376eb3a9a11af30e50
SHA512

cbe5099365384adb18e17da59dc1fe3c78a065e75ffce85c692e5b71cca428b9695c1efd1ba5155f80c81a2c3c0acbcbcb491bdff965d7489aed39c58c16cc54
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lK:RWWBibf56utgpPFotBER/mQ32lUG

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023585-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358a-8.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358b-17.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358d-28.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023589-19.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358c-22.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358e-40.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002358f-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023591-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023592-71.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023586-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023590-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023593-77.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001686a-85.dat	cobalt_reflective_dll
behavioral2/files/0x000500000001686c-92.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e6a8-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023594-120.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023595-122.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001686e-114.dat	cobalt_reflective_dll
behavioral2/files/0x000200000001e6a6-112.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001686d-101.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/1268-31-0x00007FF73B370000-0x00007FF73B6C1000-memory.dmp	xmrig
behavioral2/memory/2496-46-0x00007FF6E85C0000-0x00007FF6E8911000-memory.dmp	xmrig
behavioral2/memory/2288-81-0x00007FF74B4C0000-0x00007FF74B811000-memory.dmp	xmrig
behavioral2/memory/1612-107-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp	xmrig
behavioral2/memory/1140-125-0x00007FF710360000-0x00007FF7106B1000-memory.dmp	xmrig
behavioral2/memory/1648-126-0x00007FF616710000-0x00007FF616A61000-memory.dmp	xmrig
behavioral2/memory/1928-104-0x00007FF672E40000-0x00007FF673191000-memory.dmp	xmrig
behavioral2/memory/4828-103-0x00007FF7A9920000-0x00007FF7A9C71000-memory.dmp	xmrig
behavioral2/memory/2716-100-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp	xmrig
behavioral2/memory/32-97-0x00007FF751560000-0x00007FF7518B1000-memory.dmp	xmrig
behavioral2/memory/4020-91-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp	xmrig
behavioral2/memory/4160-84-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	xmrig
behavioral2/memory/2452-138-0x00007FF6825C0000-0x00007FF682911000-memory.dmp	xmrig
behavioral2/memory/1484-142-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp	xmrig
behavioral2/memory/3700-140-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp	xmrig
behavioral2/memory/4160-130-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	xmrig
behavioral2/memory/3520-141-0x00007FF6730E0000-0x00007FF673431000-memory.dmp	xmrig
behavioral2/memory/4116-139-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	xmrig
behavioral2/memory/1372-154-0x00007FF719440000-0x00007FF719791000-memory.dmp	xmrig
behavioral2/memory/4144-153-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp	xmrig
behavioral2/memory/2208-151-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp	xmrig
behavioral2/memory/1612-150-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp	xmrig
behavioral2/memory/864-148-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp	xmrig
behavioral2/memory/1864-155-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp	xmrig
behavioral2/memory/4160-156-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	xmrig
behavioral2/memory/4160-169-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	xmrig
behavioral2/memory/4020-213-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp	xmrig
behavioral2/memory/32-215-0x00007FF751560000-0x00007FF7518B1000-memory.dmp	xmrig
behavioral2/memory/1268-217-0x00007FF73B370000-0x00007FF73B6C1000-memory.dmp	xmrig
behavioral2/memory/2496-221-0x00007FF6E85C0000-0x00007FF6E8911000-memory.dmp	xmrig
behavioral2/memory/1140-223-0x00007FF710360000-0x00007FF7106B1000-memory.dmp	xmrig
behavioral2/memory/2716-219-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp	xmrig
behavioral2/memory/2452-233-0x00007FF6825C0000-0x00007FF682911000-memory.dmp	xmrig
behavioral2/memory/1928-235-0x00007FF672E40000-0x00007FF673191000-memory.dmp	xmrig
behavioral2/memory/3520-236-0x00007FF6730E0000-0x00007FF673431000-memory.dmp	xmrig
behavioral2/memory/4116-231-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	xmrig
behavioral2/memory/3700-228-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp	xmrig
behavioral2/memory/1484-227-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp	xmrig
behavioral2/memory/2288-242-0x00007FF74B4C0000-0x00007FF74B811000-memory.dmp	xmrig
behavioral2/memory/864-250-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp	xmrig
behavioral2/memory/4828-252-0x00007FF7A9920000-0x00007FF7A9C71000-memory.dmp	xmrig
behavioral2/memory/1612-255-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp	xmrig
behavioral2/memory/1648-256-0x00007FF616710000-0x00007FF616A61000-memory.dmp	xmrig
behavioral2/memory/2208-258-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp	xmrig
behavioral2/memory/4144-260-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp	xmrig
behavioral2/memory/1372-262-0x00007FF719440000-0x00007FF719791000-memory.dmp	xmrig
behavioral2/memory/1864-264-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
4020	dopmkcV.exe
32	CMaFcYq.exe
1268	yVnSxmF.exe
1928	dKFlXXM.exe
2716	OnJHaFR.exe
1140	DTwzxfd.exe
2496	eHHRztQ.exe
2452	pWDdpum.exe
4116	dbdAbfo.exe
3700	ffpPYlr.exe
3520	tKCTKVx.exe
1484	CCZIVrB.exe
2288	TqJMgzo.exe
864	XMjpOIm.exe
4828	vToGtpE.exe
1612	sleBYoz.exe
2208	plYDXBO.exe
1648	CxGcRao.exe
4144	KuPScsf.exe
1372	ElfdAvC.exe
1864	zDwVwAR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4160-0-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	upx
behavioral2/files/0x0008000000023585-4.dat	upx
behavioral2/files/0x000700000002358a-8.dat	upx
behavioral2/files/0x000700000002358b-17.dat	upx
behavioral2/memory/32-20-0x00007FF751560000-0x00007FF7518B1000-memory.dmp	upx
behavioral2/files/0x000700000002358d-28.dat	upx
behavioral2/memory/1928-25-0x00007FF672E40000-0x00007FF673191000-memory.dmp	upx
behavioral2/memory/2716-29-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp	upx
behavioral2/files/0x0007000000023589-19.dat	upx
behavioral2/files/0x000700000002358c-22.dat	upx
behavioral2/memory/4020-9-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp	upx
behavioral2/memory/1268-31-0x00007FF73B370000-0x00007FF73B6C1000-memory.dmp	upx
behavioral2/files/0x000700000002358e-40.dat	upx
behavioral2/memory/2496-46-0x00007FF6E85C0000-0x00007FF6E8911000-memory.dmp	upx
behavioral2/files/0x000700000002358f-49.dat	upx
behavioral2/files/0x0007000000023591-55.dat	upx
behavioral2/memory/1484-65-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp	upx
behavioral2/files/0x0007000000023592-71.dat	upx
behavioral2/files/0x0008000000023586-73.dat	upx
behavioral2/memory/3520-70-0x00007FF6730E0000-0x00007FF673431000-memory.dmp	upx
behavioral2/files/0x0007000000023590-66.dat	upx
behavioral2/memory/3700-64-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp	upx
behavioral2/memory/4116-59-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	upx
behavioral2/memory/2452-48-0x00007FF6825C0000-0x00007FF682911000-memory.dmp	upx
behavioral2/memory/1140-34-0x00007FF710360000-0x00007FF7106B1000-memory.dmp	upx
behavioral2/files/0x0007000000023593-77.dat	upx
behavioral2/memory/2288-81-0x00007FF74B4C0000-0x00007FF74B811000-memory.dmp	upx
behavioral2/files/0x000500000001686a-85.dat	upx
behavioral2/files/0x000500000001686c-92.dat	upx
behavioral2/memory/1612-107-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp	upx
behavioral2/files/0x000200000001e6a8-113.dat	upx
behavioral2/files/0x0007000000023594-120.dat	upx
behavioral2/memory/1140-125-0x00007FF710360000-0x00007FF7106B1000-memory.dmp	upx
behavioral2/memory/1372-129-0x00007FF719440000-0x00007FF719791000-memory.dmp	upx
behavioral2/memory/1648-126-0x00007FF616710000-0x00007FF616A61000-memory.dmp	upx
behavioral2/memory/1864-124-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp	upx
behavioral2/files/0x0007000000023595-122.dat	upx
behavioral2/memory/4144-119-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp	upx
behavioral2/memory/2208-117-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp	upx
behavioral2/files/0x000400000001686e-114.dat	upx
behavioral2/files/0x000200000001e6a6-112.dat	upx
behavioral2/memory/1928-104-0x00007FF672E40000-0x00007FF673191000-memory.dmp	upx
behavioral2/memory/4828-103-0x00007FF7A9920000-0x00007FF7A9C71000-memory.dmp	upx
behavioral2/files/0x000400000001686d-101.dat	upx
behavioral2/memory/2716-100-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp	upx
behavioral2/memory/32-97-0x00007FF751560000-0x00007FF7518B1000-memory.dmp	upx
behavioral2/memory/4020-91-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp	upx
behavioral2/memory/864-89-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp	upx
behavioral2/memory/4160-84-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	upx
behavioral2/memory/2452-138-0x00007FF6825C0000-0x00007FF682911000-memory.dmp	upx
behavioral2/memory/1484-142-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp	upx
behavioral2/memory/3700-140-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp	upx
behavioral2/memory/4160-130-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	upx
behavioral2/memory/3520-141-0x00007FF6730E0000-0x00007FF673431000-memory.dmp	upx
behavioral2/memory/4116-139-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp	upx
behavioral2/memory/1372-154-0x00007FF719440000-0x00007FF719791000-memory.dmp	upx
behavioral2/memory/4144-153-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp	upx
behavioral2/memory/2208-151-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp	upx
behavioral2/memory/1612-150-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp	upx
behavioral2/memory/864-148-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp	upx
behavioral2/memory/1864-155-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp	upx
behavioral2/memory/4160-156-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	upx
behavioral2/memory/4160-169-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp	upx
behavioral2/memory/4020-213-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\CMaFcYq.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\CCZIVrB.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\dKFlXXM.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\DTwzxfd.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\pWDdpum.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\TqJMgzo.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\dopmkcV.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\yVnSxmF.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\ffpPYlr.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\tKCTKVx.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\sleBYoz.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\CxGcRao.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\KuPScsf.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\ElfdAvC.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\OnJHaFR.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\eHHRztQ.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\zDwVwAR.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\vToGtpE.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\plYDXBO.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\dbdAbfo.exe	9521afafbc8c536831db6bcd79afe2c6.exe
File created	C:\Windows\System\XMjpOIm.exe	9521afafbc8c536831db6bcd79afe2c6.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4160	9521afafbc8c536831db6bcd79afe2c6.exe
Token: SeLockMemoryPrivilege	4160	9521afafbc8c536831db6bcd79afe2c6.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4020	4160	9521afafbc8c536831db6bcd79afe2c6.exe	92
PID 4160 wrote to memory of 4020	4160	9521afafbc8c536831db6bcd79afe2c6.exe	92
PID 4160 wrote to memory of 32	4160	9521afafbc8c536831db6bcd79afe2c6.exe	93
PID 4160 wrote to memory of 32	4160	9521afafbc8c536831db6bcd79afe2c6.exe	93
PID 4160 wrote to memory of 1268	4160	9521afafbc8c536831db6bcd79afe2c6.exe	94
PID 4160 wrote to memory of 1268	4160	9521afafbc8c536831db6bcd79afe2c6.exe	94
PID 4160 wrote to memory of 1928	4160	9521afafbc8c536831db6bcd79afe2c6.exe	95
PID 4160 wrote to memory of 1928	4160	9521afafbc8c536831db6bcd79afe2c6.exe	95
PID 4160 wrote to memory of 2716	4160	9521afafbc8c536831db6bcd79afe2c6.exe	96
PID 4160 wrote to memory of 2716	4160	9521afafbc8c536831db6bcd79afe2c6.exe	96
PID 4160 wrote to memory of 1140	4160	9521afafbc8c536831db6bcd79afe2c6.exe	97
PID 4160 wrote to memory of 1140	4160	9521afafbc8c536831db6bcd79afe2c6.exe	97
PID 4160 wrote to memory of 2496	4160	9521afafbc8c536831db6bcd79afe2c6.exe	98
PID 4160 wrote to memory of 2496	4160	9521afafbc8c536831db6bcd79afe2c6.exe	98
PID 4160 wrote to memory of 2452	4160	9521afafbc8c536831db6bcd79afe2c6.exe	99
PID 4160 wrote to memory of 2452	4160	9521afafbc8c536831db6bcd79afe2c6.exe	99
PID 4160 wrote to memory of 4116	4160	9521afafbc8c536831db6bcd79afe2c6.exe	100
PID 4160 wrote to memory of 4116	4160	9521afafbc8c536831db6bcd79afe2c6.exe	100
PID 4160 wrote to memory of 3700	4160	9521afafbc8c536831db6bcd79afe2c6.exe	101
PID 4160 wrote to memory of 3700	4160	9521afafbc8c536831db6bcd79afe2c6.exe	101
PID 4160 wrote to memory of 3520	4160	9521afafbc8c536831db6bcd79afe2c6.exe	102
PID 4160 wrote to memory of 3520	4160	9521afafbc8c536831db6bcd79afe2c6.exe	102
PID 4160 wrote to memory of 1484	4160	9521afafbc8c536831db6bcd79afe2c6.exe	103
PID 4160 wrote to memory of 1484	4160	9521afafbc8c536831db6bcd79afe2c6.exe	103
PID 4160 wrote to memory of 2288	4160	9521afafbc8c536831db6bcd79afe2c6.exe	105
PID 4160 wrote to memory of 2288	4160	9521afafbc8c536831db6bcd79afe2c6.exe	105
PID 4160 wrote to memory of 864	4160	9521afafbc8c536831db6bcd79afe2c6.exe	106
PID 4160 wrote to memory of 864	4160	9521afafbc8c536831db6bcd79afe2c6.exe	106
PID 4160 wrote to memory of 4828	4160	9521afafbc8c536831db6bcd79afe2c6.exe	107
PID 4160 wrote to memory of 4828	4160	9521afafbc8c536831db6bcd79afe2c6.exe	107
PID 4160 wrote to memory of 1612	4160	9521afafbc8c536831db6bcd79afe2c6.exe	108
PID 4160 wrote to memory of 1612	4160	9521afafbc8c536831db6bcd79afe2c6.exe	108
PID 4160 wrote to memory of 2208	4160	9521afafbc8c536831db6bcd79afe2c6.exe	109
PID 4160 wrote to memory of 2208	4160	9521afafbc8c536831db6bcd79afe2c6.exe	109
PID 4160 wrote to memory of 1648	4160	9521afafbc8c536831db6bcd79afe2c6.exe	110
PID 4160 wrote to memory of 1648	4160	9521afafbc8c536831db6bcd79afe2c6.exe	110
PID 4160 wrote to memory of 4144	4160	9521afafbc8c536831db6bcd79afe2c6.exe	111
PID 4160 wrote to memory of 4144	4160	9521afafbc8c536831db6bcd79afe2c6.exe	111
PID 4160 wrote to memory of 1372	4160	9521afafbc8c536831db6bcd79afe2c6.exe	112
PID 4160 wrote to memory of 1372	4160	9521afafbc8c536831db6bcd79afe2c6.exe	112
PID 4160 wrote to memory of 1864	4160	9521afafbc8c536831db6bcd79afe2c6.exe	113
PID 4160 wrote to memory of 1864	4160	9521afafbc8c536831db6bcd79afe2c6.exe	113

C:\Users\Admin\AppData\Local\Temp\9521afafbc8c536831db6bcd79afe2c6.exe
"C:\Users\Admin\AppData\Local\Temp\9521afafbc8c536831db6bcd79afe2c6.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\System\dopmkcV.exe
  C:\Windows\System\dopmkcV.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\CMaFcYq.exe
  C:\Windows\System\CMaFcYq.exe
  2⤵
  - Executes dropped EXE
  PID:32
- C:\Windows\System\yVnSxmF.exe
  C:\Windows\System\yVnSxmF.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dKFlXXM.exe
  C:\Windows\System\dKFlXXM.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\OnJHaFR.exe
  C:\Windows\System\OnJHaFR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\DTwzxfd.exe
  C:\Windows\System\DTwzxfd.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\eHHRztQ.exe
  C:\Windows\System\eHHRztQ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\pWDdpum.exe
  C:\Windows\System\pWDdpum.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\dbdAbfo.exe
  C:\Windows\System\dbdAbfo.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\ffpPYlr.exe
  C:\Windows\System\ffpPYlr.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\tKCTKVx.exe
  C:\Windows\System\tKCTKVx.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\CCZIVrB.exe
  C:\Windows\System\CCZIVrB.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\TqJMgzo.exe
  C:\Windows\System\TqJMgzo.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\XMjpOIm.exe
  C:\Windows\System\XMjpOIm.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\vToGtpE.exe
  C:\Windows\System\vToGtpE.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\sleBYoz.exe
  C:\Windows\System\sleBYoz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\plYDXBO.exe
  C:\Windows\System\plYDXBO.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\CxGcRao.exe
  C:\Windows\System\CxGcRao.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\KuPScsf.exe
  C:\Windows\System\KuPScsf.exe
  2⤵
  - Executes dropped EXE
  PID:4144
- C:\Windows\System\ElfdAvC.exe
  C:\Windows\System\ElfdAvC.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\zDwVwAR.exe
  C:\Windows\System\zDwVwAR.exe
  2⤵
  - Executes dropped EXE
  PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
1⤵
PID:3692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\CCZIVrB.exe

Filesize
5.2MB

MD5
8505fcd505103460525029bff8f6f22f

SHA1
2186bcf65b4d515f63c140e284d36802ca36ebf3

SHA256
541174f1db1673eb665c89398371c5df4184df14ed51dafa96b9f5c9a01fb79a

SHA512
1fa60b4b63cb92946c871a7be002b4b939c6f56bc187b9756d58e9411c169a17224662470ff4855658664bf189570757d91b0827286b587746aceacfdc25dc73

Download Submit
C:\Windows\System\CMaFcYq.exe

Filesize
5.2MB

MD5
80a37986329d04cd6b6a898ed5550bb4

SHA1
bf142fab38ffc442a81011bbee13eedfa30a6f6a

SHA256
c462380a3328035e56eb2c134dd84c42847e50b0c0b8496cdb9fcbf91ea6a2b3

SHA512
66d2774230a54241689ffbadf47af2ea141819a0d35cea890b934dc50cf3eab05ce38075c0b378bffefedbcac3b89dedd57a8710ec6a8f468fc11f9398ec5b62

Download Submit
C:\Windows\System\CxGcRao.exe

Filesize
5.2MB

MD5
c0e6efacd51c6c997cb68a5e3b12c934

SHA1
56b8f4379296bee364c615765f3ed80f5322cc62

SHA256
fac35cdd15b1f4fa244f38fe74a5758ae24486cb03c65026f174953970f7904b

SHA512
42cf4f1fd6376e4eb0917eff41398d6d5be4636bddc71d3d19fb41c15dea7fb164b48d4359d120959eceaa9d52f3773bc545408787dddf0f30721f0c422bfde5

Download Submit
C:\Windows\System\DTwzxfd.exe

Filesize
5.2MB

MD5
c44bc720dbf3c34bc48877f5b2080007

SHA1
4e41031a5edf66ee9d9b1ba91441c0243518a63d

SHA256
c4d8e82cb65b44e03a0010e97574946caefb1cc32271d565cd2def7ceccf50ec

SHA512
35770fbaea1de4f53910a768ea70f81aae649b221e769f978d4aca3ad13809025f29ec9e95ca86e549c4933c271e540d1827028a10d4888841781a9b55d3f2d5

Download Submit
C:\Windows\System\ElfdAvC.exe

Filesize
5.2MB

MD5
d6861cd11cab77672a7d5d76c59560bb

SHA1
a5992b7816045aa80ed3d2e7e97d14dcce9a29ca

SHA256
f0dea8bc8294fb605c200bc4aad9193973d99b19959ca75f75193bf031756fbc

SHA512
cb068886acc85c5cb902e38b81a12b2c37d7c5b0e3cee0f713cde55a1d9a92813f1bf695acba58a117324130594b9789363694819b716082d1216adaf6105e19

Download Submit
C:\Windows\System\KuPScsf.exe

Filesize
5.2MB

MD5
55b12f5b9b1dca1d6cd9d1a94d47320b

SHA1
797ea14137d4e1326538682efb0401b331c3855a

SHA256
406a01323ab0741fa9b1e22babc9a05c8235cad4b5977c02cd4abb0f7b6657d2

SHA512
a670ed5b36ab591a1deeb2ef031bcdcae420845ba20aae71d70efbdc4b42ce636ba5ef1e9f0589dc29a9f0dc8e388c9b73eb9e91c2e7b142255c4d268dd58b7b

Download Submit
C:\Windows\System\OnJHaFR.exe

Filesize
5.2MB

MD5
851fc255e877348d7921ee0ecfa6b467

SHA1
ecb736e1ab13b708e2a0b65af424b147c0c46a9f

SHA256
db4d7bd88507ff8b584a1e37ea066d921772189d2f0f2a8af57d5dfcb54d7a4d

SHA512
b30256a6551aadbb43928be163195a7872bd257015507a53b648977e36b99c9150c7cd41029f42cd9a8014fd0aee974a02fa7af8b64e554e9c5d47f90f0c1eb9

Download Submit
C:\Windows\System\TqJMgzo.exe

Filesize
5.2MB

MD5
0964064534cceca1eeb95125d396f8da

SHA1
15dbf842f06c954e8decdb9e3acb1aba17caf392

SHA256
66f2063494b2ba37078038d90c909d0fcd10eb9a1c0d212cca5694927fc40869

SHA512
ac31cabfe74d92a46e373906ba7b8f445d93c1286cc91a46ca61187a1634b2fb3aaece6a52aa6cc68df6e41d81e33f6e14fba17a076653c05aa1308774ed491c

Download Submit
C:\Windows\System\XMjpOIm.exe

Filesize
5.2MB

MD5
d9ecc32bcbcd747dab1fe52afbd5c3b5

SHA1
89fe0957ab720e9fe5006639daa2ea6f7f72a1d1

SHA256
4672d5ab9d5a55ee79bab04673ba9a193f602b00a87e3c76bfd61e1419cb8928

SHA512
335af0c2ff7a8d158ac6898409219fb2a39e837768b9b5636192e3b5da67dd8234307fca285b0861337ac1aadccb25c523bdc0484d1f2e317ff7c494bdf7247f

Download Submit
C:\Windows\System\dKFlXXM.exe

Filesize
5.2MB

MD5
dea83971f4de5706d44b622b493e5308

SHA1
806ba9d5c5da9ae619eb01851bb49dbfe8eae67f

SHA256
f26a1c061fa5f91e4f61129b4a770a91d8c66c5d899cd57f3ecc888ea386ad97

SHA512
5db8842a9ef581d9cc43ba6f24d00c55b8015baf088f3227cd20c933e150325463bb4f24184391040529b551734bac21747967713987eaa56188d16c5dcbcba4

Download Submit
C:\Windows\System\dbdAbfo.exe

Filesize
5.2MB

MD5
61095fb3aebfc26467acbea4948ba2c3

SHA1
f5832f35e12e06d795042b702f0d486441637740

SHA256
7c551cf9c6e654cdf75a1c112d57f06c91b959f1c29b19da3672d194b175e9ce

SHA512
ef2057397055d2a2cee5433d4429d632c6082411d8198bb4ae214f0f95f9f3cbc8848d16647b575fa32ddf7934ba2ad7fdfadc32a07a73b907bc12213766c5b4

Download Submit
C:\Windows\System\dopmkcV.exe

Filesize
5.2MB

MD5
467871a8b1ebb5a91af44d08e860f815

SHA1
e90de10869e370bc47cd68d9bb44d531067bcc36

SHA256
518e8d7ec8c99adf7c9b7e99195a30e0affb24dab67fedd4b7cac62a2263cc57

SHA512
9d9de6f917d18c4d8cb188a4c72969aa8b84001dc9891af61a9a46615237b13c2c80fade6fd46a6506ed5a2dbb85199074e2d00acbb859f424e6d8ff4ed4c7a9

Download Submit
C:\Windows\System\eHHRztQ.exe

Filesize
5.2MB

MD5
1b398105888273256204896bde067198

SHA1
c819e517901f23ea3b88566cab453d51a6ffb5ef

SHA256
3b413364f7d77a15bae299448c8a01de26c488c3599836320bb65ab7ab6331af

SHA512
b92a1f4b2b39a216389e1545fcbc440bb67cde057772ed121808656d48a88248e130e107ba7bbbe474bfe766889d550d93d0ab5964ddeb0d992fe286fcadbee5

Download Submit
C:\Windows\System\ffpPYlr.exe

Filesize
5.2MB

MD5
0a7ec3dab14fb399f295c0ef2bb054eb

SHA1
51f997d860f9326c4e9b4c30f8a7c0f0545effce

SHA256
55c8668f736268034a77ffa5af885d0e9ebbe164c1bd7c27c91bb6af2092efb7

SHA512
204f30aced7c249fd0bd77cb53377eb28248e9e3d468402e5ac6d969bbe87a8603b3536bfe962ab8a77ae4d826ad77e6f87f0c9361a7b2149290b2b59df2de17

Download Submit
C:\Windows\System\pWDdpum.exe

Filesize
5.2MB

MD5
3ceb7d628f0389ba663841af0103b46c

SHA1
44f2b4f08ca1dca623a6a49a24cb9a25282f8046

SHA256
19ebf4e988e4088b7de7ce4c74a8a40289c25f90d54d96cfabde06d8690383c2

SHA512
966ae5ef5a46f4d8b5038e30a084b5d1f2b55c968bd8bec21a38b86388906a9ce1ae54d70e0ec1f5930d9e770621215223dca99d7c56dc4655cb0f54ce6d8021

Download Submit
C:\Windows\System\plYDXBO.exe

Filesize
5.2MB

MD5
bdbbcf8829075f16443f5f692a350ee2

SHA1
26660ff8319f895ddb51d9eb5b222f3977a3604c

SHA256
c3ba64fbd4d4eff4108a8721f353a2651a731e1de805bb24b7b6c943a358f59d

SHA512
a67ff30173c94f117a88339fa761e86ef08c323fe38d8afd731e85ca81c7db8e8084b2f81966563d0b0a74c3dc7b51d49975c59192c62a2bdccbeabfa2a8e8e7

Download Submit
C:\Windows\System\sleBYoz.exe

Filesize
5.2MB

MD5
fa0d99a9d51540bcdcba88b2251d05e5

SHA1
ea217b02a3d29a26257cabc27130d1284c7e5ae6

SHA256
b35756b0dc78ebaf512c97b283b6cc10656860295b130930992abf94fffb1b63

SHA512
8a9d65e3dc31ffd3e4227e04d203604887db00932e231629082fa377eab74e4df48c3f1a1a7e8ce88edeccb45dfafc6bbe7a8db0964db5c13b3d2403cd16e58a

Download Submit
C:\Windows\System\tKCTKVx.exe

Filesize
5.2MB

MD5
73477379c3543f452fba7ac2cd65ff57

SHA1
80da90f7091d50a80ed72de18f5b4203376b96e9

SHA256
f63b23748a8a5abce15b31ba8529100756e4ec237d82436703dca2cabdf8d4ae

SHA512
af5ac8e3e39144e579a298304dd590abb1725622c779d0656e20a38101b0292b1870485136cfa1abf8e77aaacc45b032cd4c9d7123b5d10f993a1df622ad29ae

Download Submit
C:\Windows\System\vToGtpE.exe

Filesize
5.2MB

MD5
363cb65852a3a001dfb8cdee3b911cf5

SHA1
6d98d1af909685533e950ace78dcda7fc56d4660

SHA256
e7cc36a493692533e3828771fc928b9ba1ff5ee02041d111dd20521166048342

SHA512
8aef0f8bf1c0bd3631a39e797c778b9753f6a70d6377b18acbbabd0496bfe423849d9cdc45bffb5214951d07a42bdbf27b90e194eeb2e11dc6f3d862b0c1151b

Download Submit
C:\Windows\System\yVnSxmF.exe

Filesize
5.2MB

MD5
afc5909b5ce23bd256c5eff4223080f9

SHA1
0aefb06ab1aaa14844729ab8b7eceae21e2f5e31

SHA256
ef7a9d3d11f68eb5a5f2fd8190ab5ab1097de3db36ac661312c30a9f4a9a9c14

SHA512
120e5a3cc710c0a6afb7f9b3777918c4b06e3436dd21ed7e709d86ab765ae98a13c237771317ce5bface92fda650d686555ab323e0b2304e8065ced13824f592

Download Submit
C:\Windows\System\zDwVwAR.exe

Filesize
5.2MB

MD5
57683673ced3559c77e97745ea8a3762

SHA1
0a6d36a0f84f9fc41371e54ecf3953b7f49cee8c

SHA256
eab483f9286d176f6fca1618bd47178d6129dd1631e26aaf516b7be12e8195bb

SHA512
7a0de233bcd9b8ed7d5b04b15d267c34100ae7d972f44ef1f520a436059d25a51540e67f78c051ca4679b4eff13a1f3a96a01a5072f62fd417b8d74780b5c731

Download Submit
memory/32-215-0x00007FF751560000-0x00007FF7518B1000-memory.dmp

Filesize
3.3MB

Download
memory/32-20-0x00007FF751560000-0x00007FF7518B1000-memory.dmp

Filesize
3.3MB

Download
memory/32-97-0x00007FF751560000-0x00007FF7518B1000-memory.dmp

Filesize
3.3MB

Download
memory/864-89-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp

Filesize
3.3MB

Download
memory/864-148-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp

Filesize
3.3MB

Download
memory/864-250-0x00007FF71C290000-0x00007FF71C5E1000-memory.dmp

Filesize
3.3MB

Download
memory/1140-34-0x00007FF710360000-0x00007FF7106B1000-memory.dmp

Filesize
3.3MB

Download
memory/1140-223-0x00007FF710360000-0x00007FF7106B1000-memory.dmp

Filesize
3.3MB

Download
memory/1140-125-0x00007FF710360000-0x00007FF7106B1000-memory.dmp

Filesize
3.3MB

Download
memory/1268-217-0x00007FF73B370000-0x00007FF73B6C1000-memory.dmp

Filesize
3.3MB

Download
memory/1268-31-0x00007FF73B370000-0x00007FF73B6C1000-memory.dmp

Filesize
3.3MB

Download
memory/1372-154-0x00007FF719440000-0x00007FF719791000-memory.dmp

Filesize
3.3MB

Download
memory/1372-129-0x00007FF719440000-0x00007FF719791000-memory.dmp

Filesize
3.3MB

Download
memory/1372-262-0x00007FF719440000-0x00007FF719791000-memory.dmp

Filesize
3.3MB

Download
memory/1484-142-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp

Filesize
3.3MB

Download
memory/1484-227-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp

Filesize
3.3MB

Download
memory/1484-65-0x00007FF6F1020000-0x00007FF6F1371000-memory.dmp

Filesize
3.3MB

Download
memory/1612-255-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp

Filesize
3.3MB

Download
memory/1612-150-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp

Filesize
3.3MB

Download
memory/1612-107-0x00007FF7D7660000-0x00007FF7D79B1000-memory.dmp

Filesize
3.3MB

Download
memory/1648-256-0x00007FF616710000-0x00007FF616A61000-memory.dmp

Filesize
3.3MB

Download
memory/1648-126-0x00007FF616710000-0x00007FF616A61000-memory.dmp

Filesize
3.3MB

Download
memory/1864-124-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp

Filesize
3.3MB

Download
memory/1864-155-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp

Filesize
3.3MB

Download
memory/1864-264-0x00007FF6DEE50000-0x00007FF6DF1A1000-memory.dmp

Filesize
3.3MB

Download
memory/1928-235-0x00007FF672E40000-0x00007FF673191000-memory.dmp

Filesize
3.3MB

Download
memory/1928-104-0x00007FF672E40000-0x00007FF673191000-memory.dmp

Filesize
3.3MB

Download
memory/1928-25-0x00007FF672E40000-0x00007FF673191000-memory.dmp

Filesize
3.3MB

Download
memory/2208-117-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp

Filesize
3.3MB

Download
memory/2208-258-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp

Filesize
3.3MB

Download
memory/2208-151-0x00007FF71ACE0000-0x00007FF71B031000-memory.dmp

Filesize
3.3MB

Download
memory/2288-242-0x00007FF74B4C0000-0x00007FF74B811000-memory.dmp

Filesize
3.3MB

Download
memory/2288-81-0x00007FF74B4C0000-0x00007FF74B811000-memory.dmp

Filesize
3.3MB

Download
memory/2452-48-0x00007FF6825C0000-0x00007FF682911000-memory.dmp

Filesize
3.3MB

Download
memory/2452-138-0x00007FF6825C0000-0x00007FF682911000-memory.dmp

Filesize
3.3MB

Download
memory/2452-233-0x00007FF6825C0000-0x00007FF682911000-memory.dmp

Filesize
3.3MB

Download
memory/2496-221-0x00007FF6E85C0000-0x00007FF6E8911000-memory.dmp

Filesize
3.3MB

Download
memory/2496-46-0x00007FF6E85C0000-0x00007FF6E8911000-memory.dmp

Filesize
3.3MB

Download
memory/2716-219-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp

Filesize
3.3MB

Download
memory/2716-29-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp

Filesize
3.3MB

Download
memory/2716-100-0x00007FF61BAE0000-0x00007FF61BE31000-memory.dmp

Filesize
3.3MB

Download
memory/3520-70-0x00007FF6730E0000-0x00007FF673431000-memory.dmp

Filesize
3.3MB

Download
memory/3520-236-0x00007FF6730E0000-0x00007FF673431000-memory.dmp

Filesize
3.3MB

Download
memory/3520-141-0x00007FF6730E0000-0x00007FF673431000-memory.dmp

Filesize
3.3MB

Download
memory/3700-64-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp

Filesize
3.3MB

Download
memory/3700-228-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp

Filesize
3.3MB

Download
memory/3700-140-0x00007FF64C0B0000-0x00007FF64C401000-memory.dmp

Filesize
3.3MB

Download
memory/4020-213-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp

Filesize
3.3MB

Download
memory/4020-9-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp

Filesize
3.3MB

Download
memory/4020-91-0x00007FF6B1FA0000-0x00007FF6B22F1000-memory.dmp

Filesize
3.3MB

Download
memory/4116-231-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp

Filesize
3.3MB

Download
memory/4116-139-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp

Filesize
3.3MB

Download
memory/4116-59-0x00007FF643D90000-0x00007FF6440E1000-memory.dmp

Filesize
3.3MB

Download
memory/4144-119-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp

Filesize
3.3MB

Download
memory/4144-260-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp

Filesize
3.3MB

Download
memory/4144-153-0x00007FF7C79C0000-0x00007FF7C7D11000-memory.dmp

Filesize
3.3MB

Download
memory/4160-0-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-130-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-84-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-169-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-156-0x00007FF7F6670000-0x00007FF7F69C1000-memory.dmp

Filesize
3.3MB

Download
memory/4160-1-0x0000023605E30000-0x0000023605E40000-memory.dmp

Filesize
64KB

Download
memory/4828-252-0x00007FF7A9920000-0x00007FF7A9C71000-memory.dmp

Filesize
3.3MB

Download
memory/4828-103-0x00007FF7A9920000-0x00007FF7A9C71000-memory.dmp

Filesize
3.3MB

Download