cobaltstrike | 19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613

Analysis

max time kernel
110s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
Size

5.2MB
MD5

68c09ae86d3e839bbeb3f9474ea92e70
SHA1

180b3d303b2318e3dad8c9c7bffff5ff875cb8ec
SHA256

19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613
SHA512

5d9b149840017466b8654b2d57f23550237cb84016aaf625f721ef6784a897c672455f36e5fe528997ceff518ee762d9367d3129248f4c3ee52b9500f1d6ff25
SSDEEP

49152:ROdWCCi7/rai56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lp:RWWBibd56utgpPFotBER/mQ32lUN

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023ca4-4.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caf-22.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb0-29.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb1-36.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb3-49.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb4-63.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb7-70.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb6-75.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb8-77.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb5-84.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb9-90.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cb2-48.dat	cobalt_reflective_dll
behavioral2/files/0x000a000000023ca5-39.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cba-105.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cc0-129.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbd-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbe-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbf-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cbc-112.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/624-92-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp	xmrig
behavioral2/memory/5112-81-0x00007FF729900000-0x00007FF729C51000-memory.dmp	xmrig
behavioral2/memory/4260-69-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	xmrig
behavioral2/memory/4080-53-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp	xmrig
behavioral2/memory/4824-51-0x00007FF75D4A0000-0x00007FF75D7F1000-memory.dmp	xmrig
behavioral2/memory/2316-122-0x00007FF7A9A50000-0x00007FF7A9DA1000-memory.dmp	xmrig
behavioral2/memory/800-103-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp	xmrig
behavioral2/memory/3356-102-0x00007FF721D20000-0x00007FF722071000-memory.dmp	xmrig
behavioral2/memory/4608-135-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp	xmrig
behavioral2/memory/4080-138-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp	xmrig
behavioral2/memory/4604-139-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp	xmrig
behavioral2/memory/2396-144-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp	xmrig
behavioral2/memory/1080-147-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp	xmrig
behavioral2/memory/368-146-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp	xmrig
behavioral2/memory/2596-145-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp	xmrig
behavioral2/memory/3824-143-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp	xmrig
behavioral2/memory/2436-142-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp	xmrig
behavioral2/memory/824-134-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp	xmrig
behavioral2/memory/4260-149-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	xmrig
behavioral2/memory/4676-157-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp	xmrig
behavioral2/memory/4832-158-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp	xmrig
behavioral2/memory/404-156-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp	xmrig
behavioral2/memory/4508-155-0x00007FF630490000-0x00007FF6307E1000-memory.dmp	xmrig
behavioral2/memory/4084-154-0x00007FF732B10000-0x00007FF732E61000-memory.dmp	xmrig
behavioral2/memory/4260-171-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	xmrig
behavioral2/memory/5112-197-0x00007FF729900000-0x00007FF729C51000-memory.dmp	xmrig
behavioral2/memory/624-201-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp	xmrig
behavioral2/memory/800-203-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp	xmrig
behavioral2/memory/3356-205-0x00007FF721D20000-0x00007FF722071000-memory.dmp	xmrig
behavioral2/memory/824-223-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp	xmrig
behavioral2/memory/4608-225-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp	xmrig
behavioral2/memory/4824-227-0x00007FF75D4A0000-0x00007FF75D7F1000-memory.dmp	xmrig
behavioral2/memory/4080-229-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp	xmrig
behavioral2/memory/4604-231-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp	xmrig
behavioral2/memory/2436-233-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp	xmrig
behavioral2/memory/2396-236-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp	xmrig
behavioral2/memory/3824-238-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp	xmrig
behavioral2/memory/2596-240-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp	xmrig
behavioral2/memory/1080-244-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp	xmrig
behavioral2/memory/368-243-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp	xmrig
behavioral2/memory/2316-252-0x00007FF7A9A50000-0x00007FF7A9DA1000-memory.dmp	xmrig
behavioral2/memory/4084-254-0x00007FF732B10000-0x00007FF732E61000-memory.dmp	xmrig
behavioral2/memory/4676-256-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp	xmrig
behavioral2/memory/4832-258-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp	xmrig
behavioral2/memory/404-260-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp	xmrig
behavioral2/memory/4508-262-0x00007FF630490000-0x00007FF6307E1000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
5112	nScbIKx.exe
624	lArNihV.exe
800	XTbbeNB.exe
3356	QPCHXoh.exe
824	xUEvfWv.exe
4608	NOgdENu.exe
4824	mFDodSY.exe
4080	SMswyhB.exe
4604	ujhzLHt.exe
2436	ZBGwSod.exe
2396	XQCJOTP.exe
2596	KZYeXxx.exe
3824	lkGiMBp.exe
368	xrtBtwj.exe
1080	vMKxsCo.exe
2316	IxnpWAt.exe
4084	ttuLsqH.exe
4508	GDrjgng.exe
404	aMXhjeg.exe
4676	jHcBfAf.exe
4832	IyIdGcd.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4260-0-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	upx
behavioral2/files/0x0009000000023ca4-4.dat	upx
behavioral2/memory/5112-8-0x00007FF729900000-0x00007FF729C51000-memory.dmp	upx
behavioral2/files/0x0007000000023cae-10.dat	upx
behavioral2/files/0x0007000000023cad-11.dat	upx
behavioral2/memory/624-12-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp	upx
behavioral2/files/0x0007000000023caf-22.dat	upx
behavioral2/memory/3356-23-0x00007FF721D20000-0x00007FF722071000-memory.dmp	upx
behavioral2/memory/800-19-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp	upx
behavioral2/files/0x0007000000023cb0-29.dat	upx
behavioral2/files/0x0007000000023cb1-36.dat	upx
behavioral2/files/0x0007000000023cb3-49.dat	upx
behavioral2/files/0x0007000000023cb4-63.dat	upx
behavioral2/files/0x0007000000023cb7-70.dat	upx
behavioral2/files/0x0007000000023cb6-75.dat	upx
behavioral2/files/0x0007000000023cb8-77.dat	upx
behavioral2/memory/2596-82-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp	upx
behavioral2/memory/368-83-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp	upx
behavioral2/files/0x0007000000023cb5-84.dat	upx
behavioral2/files/0x0007000000023cb9-90.dat	upx
behavioral2/memory/1080-93-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp	upx
behavioral2/memory/624-92-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp	upx
behavioral2/memory/5112-81-0x00007FF729900000-0x00007FF729C51000-memory.dmp	upx
behavioral2/memory/3824-80-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp	upx
behavioral2/memory/2396-74-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp	upx
behavioral2/memory/4260-69-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	upx
behavioral2/memory/2436-60-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp	upx
behavioral2/memory/4604-59-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp	upx
behavioral2/memory/4080-53-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp	upx
behavioral2/memory/4824-51-0x00007FF75D4A0000-0x00007FF75D7F1000-memory.dmp	upx
behavioral2/files/0x0007000000023cb2-48.dat	upx
behavioral2/memory/4608-44-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp	upx
behavioral2/files/0x000a000000023ca5-39.dat	upx
behavioral2/memory/824-33-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp	upx
behavioral2/files/0x0007000000023cba-105.dat	upx
behavioral2/memory/404-124-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp	upx
behavioral2/memory/2316-122-0x00007FF7A9A50000-0x00007FF7A9DA1000-memory.dmp	upx
behavioral2/files/0x0007000000023cc0-129.dat	upx
behavioral2/memory/4508-132-0x00007FF630490000-0x00007FF6307E1000-memory.dmp	upx
behavioral2/memory/4832-133-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp	upx
behavioral2/files/0x0007000000023cbd-131.dat	upx
behavioral2/files/0x0007000000023cbe-130.dat	upx
behavioral2/memory/4676-128-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp	upx
behavioral2/files/0x0007000000023cbf-125.dat	upx
behavioral2/memory/4084-116-0x00007FF732B10000-0x00007FF732E61000-memory.dmp	upx
behavioral2/files/0x0007000000023cbc-112.dat	upx
behavioral2/memory/800-103-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp	upx
behavioral2/memory/3356-102-0x00007FF721D20000-0x00007FF722071000-memory.dmp	upx
behavioral2/memory/4608-135-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp	upx
behavioral2/memory/4080-138-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp	upx
behavioral2/memory/4604-139-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp	upx
behavioral2/memory/2396-144-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp	upx
behavioral2/memory/1080-147-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp	upx
behavioral2/memory/368-146-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp	upx
behavioral2/memory/2596-145-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp	upx
behavioral2/memory/3824-143-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp	upx
behavioral2/memory/2436-142-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp	upx
behavioral2/memory/824-134-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp	upx
behavioral2/memory/4260-149-0x00007FF61D500000-0x00007FF61D851000-memory.dmp	upx
behavioral2/memory/4676-157-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp	upx
behavioral2/memory/4832-158-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp	upx
behavioral2/memory/404-156-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp	upx
behavioral2/memory/4508-155-0x00007FF630490000-0x00007FF6307E1000-memory.dmp	upx
behavioral2/memory/4084-154-0x00007FF732B10000-0x00007FF732E61000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\GDrjgng.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\aMXhjeg.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\NOgdENu.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\ujhzLHt.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\XQCJOTP.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\IyIdGcd.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\XTbbeNB.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\lkGiMBp.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\xrtBtwj.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\ZBGwSod.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\vMKxsCo.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\IxnpWAt.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\ttuLsqH.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\jHcBfAf.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\lArNihV.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\xUEvfWv.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\mFDodSY.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\KZYeXxx.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\nScbIKx.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\QPCHXoh.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
File created	C:\Windows\System\SMswyhB.exe	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
Token: SeLockMemoryPrivilege	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 5112	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	83
PID 4260 wrote to memory of 5112	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	83
PID 4260 wrote to memory of 624	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	84
PID 4260 wrote to memory of 624	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	84
PID 4260 wrote to memory of 800	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	85
PID 4260 wrote to memory of 800	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	85
PID 4260 wrote to memory of 3356	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	86
PID 4260 wrote to memory of 3356	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	86
PID 4260 wrote to memory of 824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	87
PID 4260 wrote to memory of 824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	87
PID 4260 wrote to memory of 4608	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	88
PID 4260 wrote to memory of 4608	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	88
PID 4260 wrote to memory of 4824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	89
PID 4260 wrote to memory of 4824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	89
PID 4260 wrote to memory of 4080	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	90
PID 4260 wrote to memory of 4080	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	90
PID 4260 wrote to memory of 4604	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	91
PID 4260 wrote to memory of 4604	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	91
PID 4260 wrote to memory of 2436	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	92
PID 4260 wrote to memory of 2436	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	92
PID 4260 wrote to memory of 3824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	93
PID 4260 wrote to memory of 3824	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	93
PID 4260 wrote to memory of 2396	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	94
PID 4260 wrote to memory of 2396	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	94
PID 4260 wrote to memory of 2596	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	95
PID 4260 wrote to memory of 2596	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	95
PID 4260 wrote to memory of 368	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	96
PID 4260 wrote to memory of 368	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	96
PID 4260 wrote to memory of 1080	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	97
PID 4260 wrote to memory of 1080	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	97
PID 4260 wrote to memory of 2316	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	98
PID 4260 wrote to memory of 2316	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	98
PID 4260 wrote to memory of 4084	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	99
PID 4260 wrote to memory of 4084	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	99
PID 4260 wrote to memory of 4508	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	100
PID 4260 wrote to memory of 4508	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	100
PID 4260 wrote to memory of 404	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	101
PID 4260 wrote to memory of 404	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	101
PID 4260 wrote to memory of 4676	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	102
PID 4260 wrote to memory of 4676	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	102
PID 4260 wrote to memory of 4832	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	103
PID 4260 wrote to memory of 4832	4260	19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe	103

C:\Users\Admin\AppData\Local\Temp\19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe
"C:\Users\Admin\AppData\Local\Temp\19339153f1d1a9383ee2374f8c406d917f0dd61f003520488f02929e3bd38613N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\System\nScbIKx.exe
  C:\Windows\System\nScbIKx.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\lArNihV.exe
  C:\Windows\System\lArNihV.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\XTbbeNB.exe
  C:\Windows\System\XTbbeNB.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\QPCHXoh.exe
  C:\Windows\System\QPCHXoh.exe
  2⤵
  - Executes dropped EXE
  PID:3356
- C:\Windows\System\xUEvfWv.exe
  C:\Windows\System\xUEvfWv.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\NOgdENu.exe
  C:\Windows\System\NOgdENu.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\mFDodSY.exe
  C:\Windows\System\mFDodSY.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\SMswyhB.exe
  C:\Windows\System\SMswyhB.exe
  2⤵
  - Executes dropped EXE
  PID:4080
- C:\Windows\System\ujhzLHt.exe
  C:\Windows\System\ujhzLHt.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\ZBGwSod.exe
  C:\Windows\System\ZBGwSod.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\lkGiMBp.exe
  C:\Windows\System\lkGiMBp.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\XQCJOTP.exe
  C:\Windows\System\XQCJOTP.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\KZYeXxx.exe
  C:\Windows\System\KZYeXxx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\xrtBtwj.exe
  C:\Windows\System\xrtBtwj.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\vMKxsCo.exe
  C:\Windows\System\vMKxsCo.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\IxnpWAt.exe
  C:\Windows\System\IxnpWAt.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ttuLsqH.exe
  C:\Windows\System\ttuLsqH.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\GDrjgng.exe
  C:\Windows\System\GDrjgng.exe
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Windows\System\aMXhjeg.exe
  C:\Windows\System\aMXhjeg.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\jHcBfAf.exe
  C:\Windows\System\jHcBfAf.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\IyIdGcd.exe
  C:\Windows\System\IyIdGcd.exe
  2⤵
  - Executes dropped EXE
  PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GDrjgng.exe

Filesize
5.2MB

MD5
850dfe15a9d3575b92b10ecd467ed88a

SHA1
a2a45445ffd5569594c24b9815d43a7bb9543534

SHA256
3a9e3baa7f111bb9d041f28f9798255e9c489532b39497c0656cad0e71e7a830

SHA512
c84ad85df6cbb1bde57b67b8e83eb7b238565abbe66154a1ed498f5c912a76afdc41dd863e5e1ca69dcf2e1103cd86b90bccc7ee9ca37a49a0d09cfe0353b6d1

Download Submit
C:\Windows\System\IxnpWAt.exe

Filesize
5.2MB

MD5
ce166484bb30a0b3c9e03287f0fb6da4

SHA1
08a99861303a18c9dd80e06f7f2a2baee1317bcf

SHA256
c3ef1be672363f985fa3f13a67300ed9ea07b6ccd21baec495add00a57257375

SHA512
c84e39c302f71b9e9342ffeb263700033505eddaab56e3262d1915b1ede2cfa36573bde9ac92d6d7806cda8350853a83a8262603f93ce890c04efa3805a7e4c6

Download Submit
C:\Windows\System\IyIdGcd.exe

Filesize
5.2MB

MD5
d29387cf984b4d4705eb87882b433c01

SHA1
986cbae4bae2b80e4333933bb48e8ab77bd69d0d

SHA256
30477625e88ab364fefc83e57e69c72c992507c9ca866a236895468f9b565e15

SHA512
c6d4bac5cf25727bf390fe35944180040c4edaef44902ad62fa2912f274d4b3cd70d98881852cbb427c35b3fc73e1a4ad8d2da5deb2ab70515ef5e8877854a28

Download Submit
C:\Windows\System\KZYeXxx.exe

Filesize
5.2MB

MD5
ba7cf26d980723bf1f918998798a1012

SHA1
44a9333278f6b533d1d5b44bcc6b7c3883d241b2

SHA256
ea0fa8660e0ba2d99075649e6175cdd798aa0b5aa7694bfae03a41b165d3a261

SHA512
1f1621394854d803f137ef341c103d0062f0b9e160eab924ec432b2e0ffce9e8e16b1eb760facdad67975b29f0bf7e6947495d985967443354a6ead894e7f7fd

Download Submit
C:\Windows\System\NOgdENu.exe

Filesize
5.2MB

MD5
a091e709e87097de3e227cae0b37adcb

SHA1
b24c77bc82a62bb0bc1e2ae6c9207c313420c6f4

SHA256
44b7e10fc627317ab3314130718bdd11054d9afb1bf68ab9431908a90e5e6191

SHA512
46ff60cc5a4837d76967d4da8c38cef1b54c57f42a006ca977655dffefb107c91ba7295ef137295f4ec2346ab15328c6640010f3f8614bef5e835ec4fb9c5ab2

Download Submit
C:\Windows\System\QPCHXoh.exe

Filesize
5.2MB

MD5
81e9bb5bb17df487efbb21572e677475

SHA1
5a1dfac9e99e1347be422a48da175f96e93eead1

SHA256
978c9cdbd7686764f1f1ecd1d644b30f76352102033edbe2864486e70d09ee5c

SHA512
3c4dcf40fa80c2ba07bdb59c11d5b235d0c679e86738050eb31f54dc5a4f2c1ddb8f081b9be0b286ee7a201a0e6da847baafe5b72d1bce3d2c559792ac5be98a

Download Submit
C:\Windows\System\SMswyhB.exe

Filesize
5.2MB

MD5
d2ad4cfb5fde49902eb812e1e0741109

SHA1
557dd50d172929a054f3686af8e5bc79c55faf9c

SHA256
74213b37b02d1918eee45c3ab7ffa8f29525bd71fa9c21908ceb6057e2c236fe

SHA512
3d6e7416897db30a41d5d9150830c763dd6aeebec4244acf56bacac57dc3d0d0b56766aa63918acb0f1e416852a9ed67f5d7984953c6b34eb6daa5706609e088

Download Submit
C:\Windows\System\XQCJOTP.exe

Filesize
5.2MB

MD5
6730780a9a8ada0a915038dd94d098b4

SHA1
c90ea322b621358d870ab81eb32c495a6e7e64e8

SHA256
d1614737ef885ab3f698b71b64127c8456db3256962b8a6d251a389031abd8e4

SHA512
d30a935edd12c4400ec6a8c854603f5227d70600454d956db34d21467dab2a5d5a7086b98457d0c59f8c41e18e25282bb6f6d44b60ab1ae14a008031d58c0964

Download Submit
C:\Windows\System\XTbbeNB.exe

Filesize
5.2MB

MD5
0f1d7e87169e833d6b90f5a14ab5e58e

SHA1
ed049b77b8584c4090e6951c692e2917c29bcd74

SHA256
5700e469f47bf8502a5fc2a3c9c4a9f3887ace05ffe060ae090c0b93524a43f2

SHA512
c768eec4fd81cec702f950a48d31a9e252959ac13528d372b9328e99ae9bd7f0c13455a82dd0608a5fa54f67d59f88c4c9a662bc76392389977ab83ca03fa83f

Download Submit
C:\Windows\System\ZBGwSod.exe

Filesize
5.2MB

MD5
93ebd6eabcb7a95806e15f5e8ffcc331

SHA1
74ecc0b719fd54508f57ce801cc30e1763a9fd5a

SHA256
efdef3108e03e5863dc8ccc22c735b104cfbed6db1b67b82de5aadd460228722

SHA512
cd1a9eb76d869dcb682fbc0c927e6172f890474fd9e574c86444dc76d08de483b15526c4790ee784557362ffce765ff539e598ab397a116b641a891a72a5fcd9

Download Submit
C:\Windows\System\aMXhjeg.exe

Filesize
5.2MB

MD5
dbe1a9f85b062d9e223fa59cd45f82e1

SHA1
8dd12acc986784e4a0839296278862c75458958a

SHA256
13e65412aa4d3b49f35c860df7898743c7d3fcc72b5333e4764009e89b9c3411

SHA512
edce7106d543d853e206a0ed4b6f805b5811952a867043b98955ee05e95aa6f95f9b87b9fdc73833e34ef7eb24cfcced2e733571d08828bc8c4d03e85872230d

Download Submit
C:\Windows\System\jHcBfAf.exe

Filesize
5.2MB

MD5
b8c34be3634b54b7ee617c6b489a471d

SHA1
661760f19d43aed95020f369f90d76d5a4f9c51c

SHA256
d8ecb5f7fdaed1027e37eef56433eb433908d11e52ccf5a9a928ab2875c4e32c

SHA512
985f27d67b777eb27ea90254fb764e3b280c1ff24c9476c1eb00481f5b609da5353da6963a54f194dc46425681e07f7cb27bbf91c93b3cf85d1dff59b27837f2

Download Submit
C:\Windows\System\lArNihV.exe

Filesize
5.2MB

MD5
004a744852377f3a79afdb30119ae6f8

SHA1
9f3c3a5a3cca1ff9dd2f6622df20cc8ab8009409

SHA256
fb65e70667f448bcb8f9137d74cadb7aa56285b9be6ce82bf1e001bad5268351

SHA512
56f815ccc8f37738b127cda817487374085eff9268cf15f77398857352f65d71fdeb75f4cd6b1329f9457c0fce52fdfcfae11bf5bc04ae27310853efa686759b

Download Submit
C:\Windows\System\lkGiMBp.exe

Filesize
5.2MB

MD5
2906b6e2ce944a2725dccfbcaa030d3d

SHA1
b5a5c41bf92439e7e939f50fc20fccb9522a31e8

SHA256
e6b9625d97e318c3423ac5987f432ef70f91f8d532dffa4cad3a06ead0941b9c

SHA512
8683703c55d4344225ddd4ac9d4859575922fb12466e3fb46377f370251265d93fef040a653b2a0e40082d97f218b2f80ff57fdd398892f3722849918db355e1

Download Submit
C:\Windows\System\mFDodSY.exe

Filesize
5.2MB

MD5
c7a40b0a2590834f40078d106bf5fa0e

SHA1
5028273690d569fba88bd9f1b658cc33a9598c1e

SHA256
a7a6f77f431872ca330e50f2409773c54f3503c0cdc7925129e2650840ab8adc

SHA512
9de98edf7c55cd5f9b1f46deb2f0970338acb92f5a0171f38df2d0863ddd8227530d383d4ab50d122472c2182080fef397a85c2a765f399705641a43c8d27998

Download Submit
C:\Windows\System\nScbIKx.exe

Filesize
5.2MB

MD5
36a18c91c3c0127f7a31675b7bc0ce10

SHA1
ca8557aa946709de4d6ca4da92225200ee13fe29

SHA256
fe425f02383bfb8bea63ff08dd7ee1b14122b04b68cad838f0dcf2bf88d5390e

SHA512
3b74458ea52170508fcd51519507bea65847469302de902855be8dff21d9e08e92adb785df1e3a4e5d082a3998b0fd8fd0340991037c2314b611c3de112540a3

Download Submit
C:\Windows\System\ttuLsqH.exe

Filesize
5.2MB

MD5
5141464294c6f267a76d48303b7e942e

SHA1
9c0b3c136a8c369bef48442e002eb451382a91eb

SHA256
055496b24b9e7a4483c00534d3e0d6714a1bf2906c3c1aae403e29e8e04e34b2

SHA512
befb8a55260eb0ab1ab5b07cb6491c0cf23b79aa710252b91533d8de525cbf7baaf7b937579d4ff8ba93de176d8632a9193b4c85f25942c131faaf096155775f

Download Submit
C:\Windows\System\ujhzLHt.exe

Filesize
5.2MB

MD5
c06cdee8c71ca7289f87fc605071abdd

SHA1
3934751a074de752e5bb45d29344ad8fa365461d

SHA256
7731824a73d9583a0de24a936d578cff38fa2cae976c9c19e6c81a4d5a6c02f7

SHA512
a5bd807d234bbd78d610e9fcd12eade596a6c845d9162a4d5fa1695764543c5dce6f394f625400974e6dc96bf9e7befa28d26cc9f2a8f2bc645d07f664150761

Download Submit
C:\Windows\System\vMKxsCo.exe

Filesize
5.2MB

MD5
3e50f54f66d873e55b1b0efdd55a2c22

SHA1
4ed71c5a0500c10289d99f999d75af2523319e8d

SHA256
9e89fb8a819f9f2a8bdb71eb65db2db6cf637432b5601c02dc775894eb5b91bb

SHA512
908150c0f2742dfec9bcd58d45216133f1c45ece906a72c257e07d5765b03b53443aa4f1ccc3c9720b19b3a90b5df93e553b09efb609d7e63c549fce8178814a

Download Submit
C:\Windows\System\xUEvfWv.exe

Filesize
5.2MB

MD5
3e965e94b2bcaace4a15717f652f671d

SHA1
b3fcdf6c4c4a15b48d483e19acb3af67cf626493

SHA256
c9353ce9a4896df463f7a8bf8493c0c6708abce7a785fd8f9d22b8f68f470084

SHA512
10f96f51ec8b61aaa8f9451d458cb86bf4a6d693b601a6a424fe9b7c78136ce42de15152bb78a6311f5b1749ad690f3a6e8b48f724047c37631c7fcd130c788b

Download Submit
C:\Windows\System\xrtBtwj.exe

Filesize
5.2MB

MD5
667340c89d7a17d49ba13451089a8dfc

SHA1
db978a3a286bb87a6247b7c7ac097c82df633aab

SHA256
6d1eedb9d2db446be622e6ee07d3de2d4ed41388e5a7ee2744cf7c4001ab3c69

SHA512
3b27d7f7e9efc488ec8379b8643473fb6f78ca4170461eea21f2db91fd14eb5274f3bbe042df2856316821a869f17ab42fdd13e06e6f66d08b43e4b241e1e4e1

Download Submit
memory/368-83-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp

Filesize
3.3MB

Download
memory/368-146-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp

Filesize
3.3MB

Download
memory/368-243-0x00007FF7968F0000-0x00007FF796C41000-memory.dmp

Filesize
3.3MB

Download
memory/404-156-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp

Filesize
3.3MB

Download
memory/404-124-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp

Filesize
3.3MB

Download
memory/404-260-0x00007FF7DD980000-0x00007FF7DDCD1000-memory.dmp

Filesize
3.3MB

Download
memory/624-92-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp

Filesize
3.3MB

Download
memory/624-12-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp

Filesize
3.3MB

Download
memory/624-201-0x00007FF7E2A50000-0x00007FF7E2DA1000-memory.dmp

Filesize
3.3MB

Download
memory/800-203-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp

Filesize
3.3MB

Download
memory/800-103-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp

Filesize
3.3MB

Download
memory/800-19-0x00007FF7ED800000-0x00007FF7EDB51000-memory.dmp

Filesize
3.3MB

Download
memory/824-134-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp

Filesize
3.3MB

Download
memory/824-223-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp

Filesize
3.3MB

Download
memory/824-33-0x00007FF7B7220000-0x00007FF7B7571000-memory.dmp

Filesize
3.3MB

Download
memory/1080-93-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp

Filesize
3.3MB

Download
memory/1080-147-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp

Filesize
3.3MB

Download
memory/1080-244-0x00007FF757F70000-0x00007FF7582C1000-memory.dmp

Filesize
3.3MB

Download
memory/2316-122-0x00007FF7A9A50000-0x00007FF7A9DA1000-memory.dmp

Filesize
3.3MB

Download
memory/2316-252-0x00007FF7A9A50000-0x00007FF7A9DA1000-memory.dmp

Filesize
3.3MB

Download
memory/2396-144-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp

Filesize
3.3MB

Download
memory/2396-74-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp

Filesize
3.3MB

Download
memory/2396-236-0x00007FF7DC920000-0x00007FF7DCC71000-memory.dmp

Filesize
3.3MB

Download
memory/2436-60-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp

Filesize
3.3MB

Download
memory/2436-142-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp

Filesize
3.3MB

Download
memory/2436-233-0x00007FF6AFF90000-0x00007FF6B02E1000-memory.dmp

Filesize
3.3MB

Download
memory/2596-82-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp

Filesize
3.3MB

Download
memory/2596-240-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp

Filesize
3.3MB

Download
memory/2596-145-0x00007FF6E4860000-0x00007FF6E4BB1000-memory.dmp

Filesize
3.3MB

Download
memory/3356-205-0x00007FF721D20000-0x00007FF722071000-memory.dmp

Filesize
3.3MB

Download
memory/3356-23-0x00007FF721D20000-0x00007FF722071000-memory.dmp

Filesize
3.3MB

Download
memory/3356-102-0x00007FF721D20000-0x00007FF722071000-memory.dmp

Filesize
3.3MB

Download
memory/3824-143-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp

Filesize
3.3MB

Download
memory/3824-80-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp

Filesize
3.3MB

Download
memory/3824-238-0x00007FF6C2E80000-0x00007FF6C31D1000-memory.dmp

Filesize
3.3MB

Download
memory/4080-53-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp

Filesize
3.3MB

Download
memory/4080-138-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp

Filesize
3.3MB

Download
memory/4080-229-0x00007FF78E350000-0x00007FF78E6A1000-memory.dmp

Filesize
3.3MB

Download
memory/4084-154-0x00007FF732B10000-0x00007FF732E61000-memory.dmp

Filesize
3.3MB

Download
memory/4084-116-0x00007FF732B10000-0x00007FF732E61000-memory.dmp

Filesize
3.3MB

Download
memory/4084-254-0x00007FF732B10000-0x00007FF732E61000-memory.dmp

Filesize
3.3MB

Download
memory/4260-171-0x00007FF61D500000-0x00007FF61D851000-memory.dmp

Filesize
3.3MB

Download
memory/4260-0-0x00007FF61D500000-0x00007FF61D851000-memory.dmp

Filesize
3.3MB

Download
memory/4260-149-0x00007FF61D500000-0x00007FF61D851000-memory.dmp

Filesize
3.3MB

Download
memory/4260-69-0x00007FF61D500000-0x00007FF61D851000-memory.dmp

Filesize
3.3MB

Download
memory/4260-1-0x000002404BB50000-0x000002404BB60000-memory.dmp

Filesize
64KB

Download
memory/4508-155-0x00007FF630490000-0x00007FF6307E1000-memory.dmp

Filesize
3.3MB

Download
memory/4508-262-0x00007FF630490000-0x00007FF6307E1000-memory.dmp

Filesize
3.3MB

Download
memory/4508-132-0x00007FF630490000-0x00007FF6307E1000-memory.dmp

Filesize
3.3MB

Download
memory/4604-139-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp

Filesize
3.3MB

Download
memory/4604-59-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp

Filesize
3.3MB

Download
memory/4604-231-0x00007FF7C2E00000-0x00007FF7C3151000-memory.dmp

Filesize
3.3MB

Download
memory/4608-44-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-225-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-135-0x00007FF767E50000-0x00007FF7681A1000-memory.dmp

Filesize
3.3MB

Download
memory/4676-157-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp

Filesize
3.3MB

Download
memory/4676-128-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp

Filesize
3.3MB

Download
memory/4676-256-0x00007FF7DE6D0000-0x00007FF7DEA21000-memory.dmp

Filesize
3.3MB

Download
memory/4824-227-0x00007FF75D4A0000-0x00007FF75D7F1000-memory.dmp

Filesize
3.3MB

Download
memory/4824-51-0x00007FF75D4A0000-0x00007FF75D7F1000-memory.dmp

Filesize
3.3MB

Download
memory/4832-133-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp

Filesize
3.3MB

Download
memory/4832-158-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp

Filesize
3.3MB

Download
memory/4832-258-0x00007FF71A5F0000-0x00007FF71A941000-memory.dmp

Filesize
3.3MB

Download
memory/5112-8-0x00007FF729900000-0x00007FF729C51000-memory.dmp

Filesize
3.3MB

Download
memory/5112-197-0x00007FF729900000-0x00007FF729C51000-memory.dmp

Filesize
3.3MB

Download
memory/5112-81-0x00007FF729900000-0x00007FF729C51000-memory.dmp

Filesize
3.3MB

Download