cobaltstrike | cb1f848b976a224e741ee9e9cd0ad8daa7651895c0ebab49d94e5192735db1cc

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
17-09-2024 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05dbc6911646f6e026fae9410930d566.exe
Size

5.9MB
MD5

05dbc6911646f6e026fae9410930d566
SHA1

ccb18a676a6ca99ff900ac87cec070381454a08e
SHA256

cb1f848b976a224e741ee9e9cd0ad8daa7651895c0ebab49d94e5192735db1cc
SHA512

3f2224e3e6161bc9dd9805caecb1b454dd954d02cd9e7d55a77d8b498c5d2e9f4388b5dc59b47f0f2539a985fb832a8e54f15d2bf95b9901afe31c4a8b1b10fa
SSDEEP

98304:BemTLkNdfE0pZrT56utgpPFotBER/mQ32lUl:Q+u56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0003000000022ac8-5.dat	cobalt_reflective_dll
behavioral2/files/0x000b000000023ba1-11.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba2-10.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba4-27.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba6-38.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba9-57.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baa-61.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bab-67.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bad-76.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb0-95.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb3-104.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb4-111.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb2-106.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bb1-100.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023baf-89.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bae-85.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023bac-72.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba8-54.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba7-47.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba5-39.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ba3-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/1908-0-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	xmrig
behavioral2/files/0x0003000000022ac8-5.dat	xmrig
behavioral2/files/0x000b000000023ba1-11.dat	xmrig
behavioral2/files/0x000a000000023ba2-10.dat	xmrig
behavioral2/files/0x000a000000023ba4-27.dat	xmrig
behavioral2/files/0x000a000000023ba6-38.dat	xmrig
behavioral2/memory/3088-41-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	xmrig
behavioral2/files/0x000a000000023ba9-57.dat	xmrig
behavioral2/files/0x000a000000023baa-61.dat	xmrig
behavioral2/files/0x000a000000023bab-67.dat	xmrig
behavioral2/files/0x000a000000023bad-76.dat	xmrig
behavioral2/files/0x000a000000023bb0-95.dat	xmrig
behavioral2/files/0x000a000000023bb3-104.dat	xmrig
behavioral2/files/0x000a000000023bb4-111.dat	xmrig
behavioral2/files/0x000a000000023bb2-106.dat	xmrig
behavioral2/files/0x000a000000023bb1-100.dat	xmrig
behavioral2/files/0x000a000000023baf-89.dat	xmrig
behavioral2/files/0x000a000000023bae-85.dat	xmrig
behavioral2/files/0x000a000000023bac-72.dat	xmrig
behavioral2/files/0x000a000000023ba8-54.dat	xmrig
behavioral2/files/0x000a000000023ba7-47.dat	xmrig
behavioral2/files/0x000a000000023ba5-39.dat	xmrig
behavioral2/files/0x000a000000023ba3-31.dat	xmrig
behavioral2/memory/1048-30-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	xmrig
behavioral2/memory/3044-26-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	xmrig
behavioral2/memory/4616-20-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	xmrig
behavioral2/memory/2024-17-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	xmrig
behavioral2/memory/868-8-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	xmrig
behavioral2/memory/4832-113-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	xmrig
behavioral2/memory/1216-115-0x00007FF6ADCB0000-0x00007FF6AE004000-memory.dmp	xmrig
behavioral2/memory/2412-116-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp	xmrig
behavioral2/memory/3464-114-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp	xmrig
behavioral2/memory/2096-118-0x00007FF7F3460000-0x00007FF7F37B4000-memory.dmp	xmrig
behavioral2/memory/3900-119-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp	xmrig
behavioral2/memory/3364-120-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp	xmrig
behavioral2/memory/2692-121-0x00007FF751400000-0x00007FF751754000-memory.dmp	xmrig
behavioral2/memory/2084-117-0x00007FF6E89E0000-0x00007FF6E8D34000-memory.dmp	xmrig
behavioral2/memory/4744-122-0x00007FF744920000-0x00007FF744C74000-memory.dmp	xmrig
behavioral2/memory/3812-125-0x00007FF6F6AD0000-0x00007FF6F6E24000-memory.dmp	xmrig
behavioral2/memory/728-124-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmp	xmrig
behavioral2/memory/628-123-0x00007FF652360000-0x00007FF6526B4000-memory.dmp	xmrig
behavioral2/memory/3356-126-0x00007FF6A7FE0000-0x00007FF6A8334000-memory.dmp	xmrig
behavioral2/memory/4824-127-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp	xmrig
behavioral2/memory/1908-128-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	xmrig
behavioral2/memory/2024-130-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	xmrig
behavioral2/memory/868-129-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	xmrig
behavioral2/memory/4616-131-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	xmrig
behavioral2/memory/3044-132-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	xmrig
behavioral2/memory/3088-134-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	xmrig
behavioral2/memory/1048-133-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	xmrig
behavioral2/memory/4832-135-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	xmrig
behavioral2/memory/868-136-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	xmrig
behavioral2/memory/2024-137-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	xmrig
behavioral2/memory/4616-138-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	xmrig
behavioral2/memory/3044-139-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	xmrig
behavioral2/memory/1048-140-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	xmrig
behavioral2/memory/3088-141-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	xmrig
behavioral2/memory/4832-143-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	xmrig
behavioral2/memory/2412-144-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp	xmrig
behavioral2/memory/3464-145-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp	xmrig
behavioral2/memory/4824-142-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp	xmrig
behavioral2/memory/3364-151-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp	xmrig
behavioral2/memory/3900-152-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp	xmrig
behavioral2/memory/4744-150-0x00007FF744920000-0x00007FF744C74000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
868	AVloUCv.exe
2024	PmOidvT.exe
4616	Offfpff.exe
3044	UlLDnQr.exe
1048	sWUIDUP.exe
3088	BgvVZNt.exe
4832	skaxJSN.exe
4824	mreANCg.exe
3464	twwFYCt.exe
1216	gbAsPkn.exe
2412	cqAZWUY.exe
2084	jKRlipY.exe
2096	wlNcRnc.exe
3900	VrhqnfD.exe
3364	fdfkDhd.exe
2692	aypZtYt.exe
4744	NyvZeXN.exe
628	irowadb.exe
728	DLQCkKD.exe
3812	ZlOcFPp.exe
3356	lWINgAs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1908-0-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	upx
behavioral2/files/0x0003000000022ac8-5.dat	upx
behavioral2/files/0x000b000000023ba1-11.dat	upx
behavioral2/files/0x000a000000023ba2-10.dat	upx
behavioral2/files/0x000a000000023ba4-27.dat	upx
behavioral2/files/0x000a000000023ba6-38.dat	upx
behavioral2/memory/3088-41-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	upx
behavioral2/files/0x000a000000023ba9-57.dat	upx
behavioral2/files/0x000a000000023baa-61.dat	upx
behavioral2/files/0x000a000000023bab-67.dat	upx
behavioral2/files/0x000a000000023bad-76.dat	upx
behavioral2/files/0x000a000000023bb0-95.dat	upx
behavioral2/files/0x000a000000023bb3-104.dat	upx
behavioral2/files/0x000a000000023bb4-111.dat	upx
behavioral2/files/0x000a000000023bb2-106.dat	upx
behavioral2/files/0x000a000000023bb1-100.dat	upx
behavioral2/files/0x000a000000023baf-89.dat	upx
behavioral2/files/0x000a000000023bae-85.dat	upx
behavioral2/files/0x000a000000023bac-72.dat	upx
behavioral2/files/0x000a000000023ba8-54.dat	upx
behavioral2/files/0x000a000000023ba7-47.dat	upx
behavioral2/files/0x000a000000023ba5-39.dat	upx
behavioral2/files/0x000a000000023ba3-31.dat	upx
behavioral2/memory/1048-30-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	upx
behavioral2/memory/3044-26-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	upx
behavioral2/memory/4616-20-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	upx
behavioral2/memory/2024-17-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	upx
behavioral2/memory/868-8-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	upx
behavioral2/memory/4832-113-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	upx
behavioral2/memory/1216-115-0x00007FF6ADCB0000-0x00007FF6AE004000-memory.dmp	upx
behavioral2/memory/2412-116-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp	upx
behavioral2/memory/3464-114-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp	upx
behavioral2/memory/2096-118-0x00007FF7F3460000-0x00007FF7F37B4000-memory.dmp	upx
behavioral2/memory/3900-119-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp	upx
behavioral2/memory/3364-120-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp	upx
behavioral2/memory/2692-121-0x00007FF751400000-0x00007FF751754000-memory.dmp	upx
behavioral2/memory/2084-117-0x00007FF6E89E0000-0x00007FF6E8D34000-memory.dmp	upx
behavioral2/memory/4744-122-0x00007FF744920000-0x00007FF744C74000-memory.dmp	upx
behavioral2/memory/3812-125-0x00007FF6F6AD0000-0x00007FF6F6E24000-memory.dmp	upx
behavioral2/memory/728-124-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmp	upx
behavioral2/memory/628-123-0x00007FF652360000-0x00007FF6526B4000-memory.dmp	upx
behavioral2/memory/3356-126-0x00007FF6A7FE0000-0x00007FF6A8334000-memory.dmp	upx
behavioral2/memory/4824-127-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp	upx
behavioral2/memory/1908-128-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp	upx
behavioral2/memory/2024-130-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	upx
behavioral2/memory/868-129-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	upx
behavioral2/memory/4616-131-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	upx
behavioral2/memory/3044-132-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	upx
behavioral2/memory/3088-134-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	upx
behavioral2/memory/1048-133-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	upx
behavioral2/memory/4832-135-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	upx
behavioral2/memory/868-136-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp	upx
behavioral2/memory/2024-137-0x00007FF729380000-0x00007FF7296D4000-memory.dmp	upx
behavioral2/memory/4616-138-0x00007FF667FB0000-0x00007FF668304000-memory.dmp	upx
behavioral2/memory/3044-139-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp	upx
behavioral2/memory/1048-140-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp	upx
behavioral2/memory/3088-141-0x00007FF6500D0000-0x00007FF650424000-memory.dmp	upx
behavioral2/memory/4832-143-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp	upx
behavioral2/memory/2412-144-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp	upx
behavioral2/memory/3464-145-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp	upx
behavioral2/memory/4824-142-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp	upx
behavioral2/memory/3364-151-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp	upx
behavioral2/memory/3900-152-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp	upx
behavioral2/memory/4744-150-0x00007FF744920000-0x00007FF744C74000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\sWUIDUP.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\BgvVZNt.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\fdfkDhd.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\irowadb.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\AVloUCv.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\UlLDnQr.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\jKRlipY.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\VrhqnfD.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\aypZtYt.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\DLQCkKD.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\lWINgAs.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\twwFYCt.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\gbAsPkn.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\skaxJSN.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\cqAZWUY.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\NyvZeXN.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\ZlOcFPp.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\PmOidvT.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\Offfpff.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\mreANCg.exe	05dbc6911646f6e026fae9410930d566.exe
File created	C:\Windows\System\wlNcRnc.exe	05dbc6911646f6e026fae9410930d566.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1908	05dbc6911646f6e026fae9410930d566.exe
Token: SeLockMemoryPrivilege	1908	05dbc6911646f6e026fae9410930d566.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 868	1908	05dbc6911646f6e026fae9410930d566.exe	85
PID 1908 wrote to memory of 868	1908	05dbc6911646f6e026fae9410930d566.exe	85
PID 1908 wrote to memory of 2024	1908	05dbc6911646f6e026fae9410930d566.exe	86
PID 1908 wrote to memory of 2024	1908	05dbc6911646f6e026fae9410930d566.exe	86
PID 1908 wrote to memory of 4616	1908	05dbc6911646f6e026fae9410930d566.exe	87
PID 1908 wrote to memory of 4616	1908	05dbc6911646f6e026fae9410930d566.exe	87
PID 1908 wrote to memory of 3044	1908	05dbc6911646f6e026fae9410930d566.exe	88
PID 1908 wrote to memory of 3044	1908	05dbc6911646f6e026fae9410930d566.exe	88
PID 1908 wrote to memory of 1048	1908	05dbc6911646f6e026fae9410930d566.exe	89
PID 1908 wrote to memory of 1048	1908	05dbc6911646f6e026fae9410930d566.exe	89
PID 1908 wrote to memory of 3088	1908	05dbc6911646f6e026fae9410930d566.exe	90
PID 1908 wrote to memory of 3088	1908	05dbc6911646f6e026fae9410930d566.exe	90
PID 1908 wrote to memory of 4832	1908	05dbc6911646f6e026fae9410930d566.exe	91
PID 1908 wrote to memory of 4832	1908	05dbc6911646f6e026fae9410930d566.exe	91
PID 1908 wrote to memory of 4824	1908	05dbc6911646f6e026fae9410930d566.exe	92
PID 1908 wrote to memory of 4824	1908	05dbc6911646f6e026fae9410930d566.exe	92
PID 1908 wrote to memory of 3464	1908	05dbc6911646f6e026fae9410930d566.exe	93
PID 1908 wrote to memory of 3464	1908	05dbc6911646f6e026fae9410930d566.exe	93
PID 1908 wrote to memory of 1216	1908	05dbc6911646f6e026fae9410930d566.exe	94
PID 1908 wrote to memory of 1216	1908	05dbc6911646f6e026fae9410930d566.exe	94
PID 1908 wrote to memory of 2412	1908	05dbc6911646f6e026fae9410930d566.exe	95
PID 1908 wrote to memory of 2412	1908	05dbc6911646f6e026fae9410930d566.exe	95
PID 1908 wrote to memory of 2084	1908	05dbc6911646f6e026fae9410930d566.exe	96
PID 1908 wrote to memory of 2084	1908	05dbc6911646f6e026fae9410930d566.exe	96
PID 1908 wrote to memory of 2096	1908	05dbc6911646f6e026fae9410930d566.exe	97
PID 1908 wrote to memory of 2096	1908	05dbc6911646f6e026fae9410930d566.exe	97
PID 1908 wrote to memory of 3900	1908	05dbc6911646f6e026fae9410930d566.exe	98
PID 1908 wrote to memory of 3900	1908	05dbc6911646f6e026fae9410930d566.exe	98
PID 1908 wrote to memory of 3364	1908	05dbc6911646f6e026fae9410930d566.exe	99
PID 1908 wrote to memory of 3364	1908	05dbc6911646f6e026fae9410930d566.exe	99
PID 1908 wrote to memory of 2692	1908	05dbc6911646f6e026fae9410930d566.exe	100
PID 1908 wrote to memory of 2692	1908	05dbc6911646f6e026fae9410930d566.exe	100
PID 1908 wrote to memory of 4744	1908	05dbc6911646f6e026fae9410930d566.exe	101
PID 1908 wrote to memory of 4744	1908	05dbc6911646f6e026fae9410930d566.exe	101
PID 1908 wrote to memory of 628	1908	05dbc6911646f6e026fae9410930d566.exe	102
PID 1908 wrote to memory of 628	1908	05dbc6911646f6e026fae9410930d566.exe	102
PID 1908 wrote to memory of 728	1908	05dbc6911646f6e026fae9410930d566.exe	103
PID 1908 wrote to memory of 728	1908	05dbc6911646f6e026fae9410930d566.exe	103
PID 1908 wrote to memory of 3812	1908	05dbc6911646f6e026fae9410930d566.exe	104
PID 1908 wrote to memory of 3812	1908	05dbc6911646f6e026fae9410930d566.exe	104
PID 1908 wrote to memory of 3356	1908	05dbc6911646f6e026fae9410930d566.exe	105
PID 1908 wrote to memory of 3356	1908	05dbc6911646f6e026fae9410930d566.exe	105

C:\Users\Admin\AppData\Local\Temp\05dbc6911646f6e026fae9410930d566.exe
"C:\Users\Admin\AppData\Local\Temp\05dbc6911646f6e026fae9410930d566.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\System\AVloUCv.exe
  C:\Windows\System\AVloUCv.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\PmOidvT.exe
  C:\Windows\System\PmOidvT.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\Offfpff.exe
  C:\Windows\System\Offfpff.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\UlLDnQr.exe
  C:\Windows\System\UlLDnQr.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\sWUIDUP.exe
  C:\Windows\System\sWUIDUP.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\BgvVZNt.exe
  C:\Windows\System\BgvVZNt.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\skaxJSN.exe
  C:\Windows\System\skaxJSN.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\mreANCg.exe
  C:\Windows\System\mreANCg.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\twwFYCt.exe
  C:\Windows\System\twwFYCt.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\gbAsPkn.exe
  C:\Windows\System\gbAsPkn.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\cqAZWUY.exe
  C:\Windows\System\cqAZWUY.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\jKRlipY.exe
  C:\Windows\System\jKRlipY.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\wlNcRnc.exe
  C:\Windows\System\wlNcRnc.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\VrhqnfD.exe
  C:\Windows\System\VrhqnfD.exe
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Windows\System\fdfkDhd.exe
  C:\Windows\System\fdfkDhd.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\aypZtYt.exe
  C:\Windows\System\aypZtYt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\NyvZeXN.exe
  C:\Windows\System\NyvZeXN.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\irowadb.exe
  C:\Windows\System\irowadb.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\DLQCkKD.exe
  C:\Windows\System\DLQCkKD.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\ZlOcFPp.exe
  C:\Windows\System\ZlOcFPp.exe
  2⤵
  - Executes dropped EXE
  PID:3812
- C:\Windows\System\lWINgAs.exe
  C:\Windows\System\lWINgAs.exe
  2⤵
  - Executes dropped EXE
  PID:3356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AVloUCv.exe

Filesize
5.9MB

MD5
b47bf1d204524e549e92783e616d1129

SHA1
11c6f4af347bee3f6d28a3cb51792bb6eb86d384

SHA256
0718d196c02ac32dd85558d8899f1702877fa3bff710fc461791f08b6aab4d6d

SHA512
42ca2fe8b375577afd1cbdea5dda8b0b0720a19fa6018c755d44565733be4fe360594250284e223a85b49617e5ac8e0029e3fff3d81d13f01621a9c2c460d073

Download Submit
C:\Windows\System\BgvVZNt.exe

Filesize
5.9MB

MD5
8df0cb1cb8e02d8f56f5be1668e6fc8c

SHA1
9c340379b0e97e78eb3dc8242e00dc0aac29616e

SHA256
74d41d3973b99738fddacc23f86f625c6d50148dfb4e4ddd4e555f66b7730f7f

SHA512
0f7b174f05b94b79a60e56b93847a4171ba9ced88996f282d595cf7c746c43b897617b7828485dc3f35f269ae0bac0b006ea5b311c79bd28cfaf70cee13f2af4

Download Submit
C:\Windows\System\DLQCkKD.exe

Filesize
5.9MB

MD5
450830043f433cd30bdf83378361040e

SHA1
7c77973b9d6278300e4357b6660aebe8e28bdd57

SHA256
a40039444ac743b955327269d695f66bc41658ca990ddc6b6c70fee46094fc24

SHA512
7f52ace1a45f7df0ae75ffb782fe4cbc2d6a4fad6a27beefba9ebd1b3a2a0a9bdacff4e6ec93bbd872a8fc2ff405553d5f2e4000193aeea4e7551deff795cd9e

Download Submit
C:\Windows\System\NyvZeXN.exe

Filesize
5.9MB

MD5
7d66f71fe4b93c7d224a7fbf50f127dc

SHA1
ab2d4f6442535008b543bc66525fccfc0c31ac68

SHA256
86dca127fd03fc724ee31c90a93fe8af364f00376234ddd91ec74ecd2ad10b6a

SHA512
94657a7d3448e118b701514f3ab5757605036f5b2d3c89557517b54d60011a3c42c3707151ecbf5099e89fb999ac729f832f7c5c2196db216b599a68fbab3a29

Download Submit
C:\Windows\System\Offfpff.exe

Filesize
5.9MB

MD5
fce75367b3fbbb63e2b72ca42bbaeaa3

SHA1
bf570a21b6926f01426d7bfd7647b302eb224b1e

SHA256
ea7c93e6bd1caf239b6813e65ae09c413d473c6e34988cf6caa4ad3ea8d571fa

SHA512
1bb8c969c7ef84ed2f5a7863bd878653adbd02942d77be5203dda0d55aaa58ecb73d80c02c6db32253b491af150b03e0c419b3374500b6c8d461a53d441c710b

Download Submit
C:\Windows\System\PmOidvT.exe

Filesize
5.9MB

MD5
a098939a055d5409da50c2ce434d5716

SHA1
6ec2ebbe643d8a99e4f896e9e32e8f4f326c4f1b

SHA256
dc24380d87b20d25891f63eb641179a4680c0da4adc95ea50e7541c1378d9f33

SHA512
538b415beae98e6598662e0c8be5092f773d53a323a63c4335b95f0cfda5ff14a8bef5edacacba25b569199f48fc71c596956c5e0c8b9aad77f6d6b20c3004c1

Download Submit
C:\Windows\System\UlLDnQr.exe

Filesize
5.9MB

MD5
ae91abfcce3df05411b921859c2fad91

SHA1
932f5c76c0a9966dea99331e8fb45a38bdc58129

SHA256
103c5575f92471b1d4781b0829db19643c5aef6e217260253bd9e33cc4123dc8

SHA512
e0223b00b60bb8b22d98b2b3e7c988e78cbce07f20eae97585d5161afeeeae8a6d5d53ad8b361841962d6f002f0ec49782d2add20029b65c0ebb04d9a4850c91

Download Submit
C:\Windows\System\VrhqnfD.exe

Filesize
5.9MB

MD5
78075bacdcb92a4706639bb4341507a3

SHA1
44bd94f7ba43a174c1cd508e9588d517f3d27b82

SHA256
a1817456911cbe3c58e365eacc57a72f299bb202663975264dd4cc62826e35ee

SHA512
52cc8de655144260c0283b0455ebb88f619de9debe32c43288cce1e59ff97115ccaf886bc1825ed53b92b3af7767641047aa1ab01ec8b3d17232b0bc71fe7f29

Download Submit
C:\Windows\System\ZlOcFPp.exe

Filesize
5.9MB

MD5
5630da44d0263a0b5e0173fe78860fcd

SHA1
6ffdd4a8407068dd206c2ee94ec0fbb429fbb36a

SHA256
541d071dcc9b3257efa6c9fc97f7d796c0ab105793610b9160d563967016ba83

SHA512
f8deb424e76b5c358b2f4a92e9ac76350f8213796fa96fc5d4c3ed419010c393d94c3eecbb1ada3136327eb987b6494cb25564832edf2ac07751facf9468de83

Download Submit
C:\Windows\System\aypZtYt.exe

Filesize
5.9MB

MD5
71cd003664290146267de79e9dc4e623

SHA1
f63977758595249c56478ae5be76623cb9489914

SHA256
1125107e4035f96031a277ac82779de0b568ba037f2492260fc262b85c634e94

SHA512
6f9c26e6b2a15974df5004f0a19ab5253eeeafcdaf3f8b212fe6d245a2ba3c4a8b225d385498dbe525b1070a629705a638dfe381709005275e61dc67057c2c91

Download Submit
C:\Windows\System\cqAZWUY.exe

Filesize
5.9MB

MD5
4d05f8c3b623d45273a9086c86a48950

SHA1
ad0c1cfb27be532fd1911ec85e30820d094d9696

SHA256
c56027dbd4eb757105ac0dfa05af8d676462574fd01c261e4e958b49d376ff25

SHA512
8b710acb6912489598f95da0f327ba14edafd1a222fe1c05fed5b96d90ac282b2bd2dbcdd9312146ae7a413facd71edad8f726beabcc6cced7df55cc3f643aa0

Download Submit
C:\Windows\System\fdfkDhd.exe

Filesize
5.9MB

MD5
ec1c8a262916f67a54b454e0e1dbc32d

SHA1
c9ece89d4e4cd35d9462b41f22f72b749dcd35a2

SHA256
5b584b41586193ddd199e3d7225bb7126d1294f14be8d7f035ad8af4bfbc65d5

SHA512
78cad94a1d63fa92ba4d717ecf3fc4f36688832de21d4538fa102a25e2e8c25ca84a8d2025e4f9de01849a0db060305c878381d40458c9eaf91cd8a752198211

Download Submit
C:\Windows\System\gbAsPkn.exe

Filesize
5.9MB

MD5
1fe2106ead75789151c0f35f9115e315

SHA1
cccfc59f21b17f1b456f76bed70ef6396604b1bb

SHA256
86c54546c95005b183c5ba119833b1624ca4b026548c7b11e1344d95340f2f30

SHA512
142b076dc038849ad57dab2d5d6e226d83b01a56923757a897b30d0dcf9736c85c7c280847de0026f2386df35e4cce8a557c218b819128dc77925d90054d222e

Download Submit
C:\Windows\System\irowadb.exe

Filesize
5.9MB

MD5
e20800a73264d57494a338e5f6001fa2

SHA1
932a0a0ef992b793d47c82837ad578dfbf21dd62

SHA256
486c6a6d9c550f2e86f66c7815652a30cda1fb2f69ebd7f59d25ca66398dcc96

SHA512
438f2e07122f38b547e67ad0430a87a66293928ea04b8a5a37644d43d497f752c8c90cdcf6f85ce1e2a16b1e0d6742e5734349351d8d474038b667397c918764

Download Submit
C:\Windows\System\jKRlipY.exe

Filesize
5.9MB

MD5
51f7327a951986848ec955dd7dc2ed2a

SHA1
bf8c3c9fedbd75f1e8f64e82ee30e5d11547d3e0

SHA256
51559a1a79b8472214675d35ca524251e15cdc9892954102f6bc2a14c8eec096

SHA512
25bed5a16561166e78ebcddf349855462cf9ad19eb3456eaf6b6e5a5a15720f9ed47c7be65a81e77c5a19fd3a6a89286dd9a9ea051fa40eaf699a975aeb5818d

Download Submit
C:\Windows\System\lWINgAs.exe

Filesize
5.9MB

MD5
1592ffc0b5571f694f114ddc4b643fee

SHA1
9fe4ee6b5defadff0f0b9cc0bf2c74519babb579

SHA256
5d01d2226f3072982e4fd6a03bb53ce3ed373780c8546ca4a9bd7bc7cf6f19e9

SHA512
7929bf39fcc0be4d492124caf747a64177179c54a1065d2f1f42e6618dfc5b76eeb1e455a191e28ab617028ded9fcc4e1c098185ac4097a7c48f5db76f4c2b23

Download Submit
C:\Windows\System\mreANCg.exe

Filesize
5.9MB

MD5
06012ec2317b81bc85356bd36666eb66

SHA1
35b605057e493d35f64c71167580b8817721e28c

SHA256
a8a13faafa6de66b94859aee764c3bfbb31cdddcedb036764344d094c0d101b7

SHA512
d2a54f61fc0dae831694f458845cc2a7d2db649055cef484643d1993172c3ba6e825cc9cc001577809cba1c96ae2e1095df6eaf77867111c51c4b734e22da02c

Download Submit
C:\Windows\System\sWUIDUP.exe

Filesize
5.9MB

MD5
b2d72708c205c059fe347bbc930ae302

SHA1
dbb9d8a61f2f2feee709c0e320c39837446b0274

SHA256
a7845f9df2bee5cd82c7b115602791257b35ec82640e6765cbd5fde46ca2488c

SHA512
9ea4da91d2505df1c049f79a58a47b557881dddade4c2c617fe6731e34c0ac688c53a5f8e072bd436db2797e0f88a0ed06e717880c073fd6935ec242c68d3073

Download Submit
C:\Windows\System\skaxJSN.exe

Filesize
5.9MB

MD5
c5bd986c2708badab04e9bbdfe1f883e

SHA1
89f7aff803c6552ab732cdb5537f32b54b6c9cd5

SHA256
88cf2f2dbee580e4e374db21f4e48844e468b91b9737213d95bec075e4799ba7

SHA512
362a93ff0d61c6dae6659f6cefb4e01f96b77c325e3a106f7f2147ea29b07cbdc7e6418052f6fe66daf5f71f602c3e7ff1de36322d613f9d0bfbd7096df947fc

Download Submit
C:\Windows\System\twwFYCt.exe

Filesize
5.9MB

MD5
85ca02f11f2b9a6b36503e469d2ecab2

SHA1
a0846014f6f4bbed9e5883fc5eb8f09823b27507

SHA256
63dd69f0bd7e403ec513c2accd5aa953d95cc18c3ff8e912ef4a2afb6d3271bf

SHA512
79653f99a14e521ffe7cea77435353671a2802e8b975a364a5cd9aed8ec75df8214700556a08408feb650a8ec4ec1957025d8b3a800c092e9ccb1c15d2d989d0

Download Submit
C:\Windows\System\wlNcRnc.exe

Filesize
5.9MB

MD5
a7544c0f2d9b978710732f7fc1caa1cd

SHA1
e1253c3e9d3b23c6a62d7bbee0791831079d728c

SHA256
45abcc3d53291873eea7b27dfd7cacfcfe3e89005868030e38577237eac3fdc7

SHA512
c5ea24c9bebe4e452cae562766809502fb42a5141f6953eef0589ec01d4f7076412bc95292ea3fd28542ebcab125424637ca89f9e9adc3aa590fb4fbf594a6ef

Download Submit
memory/628-154-0x00007FF652360000-0x00007FF6526B4000-memory.dmp

Filesize
3.3MB

Download
memory/628-123-0x00007FF652360000-0x00007FF6526B4000-memory.dmp

Filesize
3.3MB

Download
memory/728-124-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/728-155-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/868-8-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp

Filesize
3.3MB

Download
memory/868-136-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp

Filesize
3.3MB

Download
memory/868-129-0x00007FF67F6D0000-0x00007FF67FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1048-140-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-133-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-30-0x00007FF6527A0000-0x00007FF652AF4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-146-0x00007FF6ADCB0000-0x00007FF6AE004000-memory.dmp

Filesize
3.3MB

Download
memory/1216-115-0x00007FF6ADCB0000-0x00007FF6AE004000-memory.dmp

Filesize
3.3MB

Download
memory/1908-128-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp

Filesize
3.3MB

Download
memory/1908-1-0x0000025EF5CB0000-0x0000025EF5CC0000-memory.dmp

Filesize
64KB

Download
memory/1908-0-0x00007FF68AAE0000-0x00007FF68AE34000-memory.dmp

Filesize
3.3MB

Download
memory/2024-130-0x00007FF729380000-0x00007FF7296D4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-17-0x00007FF729380000-0x00007FF7296D4000-memory.dmp

Filesize
3.3MB

Download
memory/2024-137-0x00007FF729380000-0x00007FF7296D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-117-0x00007FF6E89E0000-0x00007FF6E8D34000-memory.dmp

Filesize
3.3MB

Download
memory/2084-148-0x00007FF6E89E0000-0x00007FF6E8D34000-memory.dmp

Filesize
3.3MB

Download
memory/2096-147-0x00007FF7F3460000-0x00007FF7F37B4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-118-0x00007FF7F3460000-0x00007FF7F37B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-144-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp

Filesize
3.3MB

Download
memory/2412-116-0x00007FF62EBB0000-0x00007FF62EF04000-memory.dmp

Filesize
3.3MB

Download
memory/2692-121-0x00007FF751400000-0x00007FF751754000-memory.dmp

Filesize
3.3MB

Download
memory/2692-149-0x00007FF751400000-0x00007FF751754000-memory.dmp

Filesize
3.3MB

Download
memory/3044-139-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp

Filesize
3.3MB

Download
memory/3044-132-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp

Filesize
3.3MB

Download
memory/3044-26-0x00007FF70ECF0000-0x00007FF70F044000-memory.dmp

Filesize
3.3MB

Download
memory/3088-134-0x00007FF6500D0000-0x00007FF650424000-memory.dmp

Filesize
3.3MB

Download
memory/3088-41-0x00007FF6500D0000-0x00007FF650424000-memory.dmp

Filesize
3.3MB

Download
memory/3088-141-0x00007FF6500D0000-0x00007FF650424000-memory.dmp

Filesize
3.3MB

Download
memory/3356-153-0x00007FF6A7FE0000-0x00007FF6A8334000-memory.dmp

Filesize
3.3MB

Download
memory/3356-126-0x00007FF6A7FE0000-0x00007FF6A8334000-memory.dmp

Filesize
3.3MB

Download
memory/3364-120-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp

Filesize
3.3MB

Download
memory/3364-151-0x00007FF7DB7D0000-0x00007FF7DBB24000-memory.dmp

Filesize
3.3MB

Download
memory/3464-114-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp

Filesize
3.3MB

Download
memory/3464-145-0x00007FF6DBE40000-0x00007FF6DC194000-memory.dmp

Filesize
3.3MB

Download
memory/3812-156-0x00007FF6F6AD0000-0x00007FF6F6E24000-memory.dmp

Filesize
3.3MB

Download
memory/3812-125-0x00007FF6F6AD0000-0x00007FF6F6E24000-memory.dmp

Filesize
3.3MB

Download
memory/3900-119-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp

Filesize
3.3MB

Download
memory/3900-152-0x00007FF7FD370000-0x00007FF7FD6C4000-memory.dmp

Filesize
3.3MB

Download
memory/4616-138-0x00007FF667FB0000-0x00007FF668304000-memory.dmp

Filesize
3.3MB

Download
memory/4616-20-0x00007FF667FB0000-0x00007FF668304000-memory.dmp

Filesize
3.3MB

Download
memory/4616-131-0x00007FF667FB0000-0x00007FF668304000-memory.dmp

Filesize
3.3MB

Download
memory/4744-150-0x00007FF744920000-0x00007FF744C74000-memory.dmp

Filesize
3.3MB

Download
memory/4744-122-0x00007FF744920000-0x00007FF744C74000-memory.dmp

Filesize
3.3MB

Download
memory/4824-127-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp

Filesize
3.3MB

Download
memory/4824-142-0x00007FF7B3310000-0x00007FF7B3664000-memory.dmp

Filesize
3.3MB

Download
memory/4832-113-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp

Filesize
3.3MB

Download
memory/4832-143-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp

Filesize
3.3MB

Download
memory/4832-135-0x00007FF7DF8B0000-0x00007FF7DFC04000-memory.dmp

Filesize
3.3MB

Download