cobaltstrike | df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468

Analysis

max time kernel
110s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2024, 04:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
Size

5.2MB
MD5

025e582ae62703fc1fbfe821cff8d870
SHA1

f119e4def40a2a4717bc9f09a368b568fe71e414
SHA256

df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468
SHA512

cf949519f56eb9034a6fba216ce2ce9190fd0872028604c7bcf2ae3b9c7b66f60f20e2f9b09b76f586e920aa41b70755b34a7513468c885d7e02fa9ba8cc1147
SSDEEP

49152:ROdWCCi7/rai56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l6:RWWBibd56utgpPFotBER/mQ32lU2

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023c5f-5.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c63-10.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c64-24.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c65-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c67-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6a-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c68-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6b-55.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6d-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6f-76.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6e-78.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-96.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c70-94.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c74-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-125.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-111.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c71-109.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c60-93.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c6c-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c69-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c66-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/720-119-0x00007FF60D5A0000-0x00007FF60D8F1000-memory.dmp	xmrig
behavioral2/memory/2644-123-0x00007FF7CFB20000-0x00007FF7CFE71000-memory.dmp	xmrig
behavioral2/memory/5076-122-0x00007FF7DB9F0000-0x00007FF7DBD41000-memory.dmp	xmrig
behavioral2/memory/1540-121-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp	xmrig
behavioral2/memory/1228-120-0x00007FF6E2340000-0x00007FF6E2691000-memory.dmp	xmrig
behavioral2/memory/1928-118-0x00007FF7652D0000-0x00007FF765621000-memory.dmp	xmrig
behavioral2/memory/1200-116-0x00007FF6D9940000-0x00007FF6D9C91000-memory.dmp	xmrig
behavioral2/memory/1356-103-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp	xmrig
behavioral2/memory/2244-81-0x00007FF6B3440000-0x00007FF6B3791000-memory.dmp	xmrig
behavioral2/memory/1120-69-0x00007FF6DEB70000-0x00007FF6DEEC1000-memory.dmp	xmrig
behavioral2/memory/3752-31-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp	xmrig
behavioral2/memory/2944-134-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp	xmrig
behavioral2/memory/1068-136-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp	xmrig
behavioral2/memory/2628-143-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp	xmrig
behavioral2/memory/3684-149-0x00007FF762980000-0x00007FF762CD1000-memory.dmp	xmrig
behavioral2/memory/1356-141-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp	xmrig
behavioral2/memory/1948-140-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp	xmrig
behavioral2/memory/4664-135-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp	xmrig
behavioral2/memory/448-133-0x00007FF67B000000-0x00007FF67B351000-memory.dmp	xmrig
behavioral2/memory/3092-131-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp	xmrig
behavioral2/memory/4132-130-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp	xmrig
behavioral2/memory/1992-129-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp	xmrig
behavioral2/memory/1540-144-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp	xmrig
behavioral2/memory/4628-127-0x00007FF604B30000-0x00007FF604E81000-memory.dmp	xmrig
behavioral2/memory/4628-150-0x00007FF604B30000-0x00007FF604E81000-memory.dmp	xmrig
behavioral2/memory/1992-204-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp	xmrig
behavioral2/memory/4132-206-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp	xmrig
behavioral2/memory/3752-210-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp	xmrig
behavioral2/memory/3092-209-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp	xmrig
behavioral2/memory/2944-221-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp	xmrig
behavioral2/memory/448-223-0x00007FF67B000000-0x00007FF67B351000-memory.dmp	xmrig
behavioral2/memory/4664-225-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp	xmrig
behavioral2/memory/1068-227-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp	xmrig
behavioral2/memory/1120-229-0x00007FF6DEB70000-0x00007FF6DEEC1000-memory.dmp	xmrig
behavioral2/memory/720-231-0x00007FF60D5A0000-0x00007FF60D8F1000-memory.dmp	xmrig
behavioral2/memory/2244-233-0x00007FF6B3440000-0x00007FF6B3791000-memory.dmp	xmrig
behavioral2/memory/1948-239-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp	xmrig
behavioral2/memory/1356-241-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp	xmrig
behavioral2/memory/1228-243-0x00007FF6E2340000-0x00007FF6E2691000-memory.dmp	xmrig
behavioral2/memory/2628-245-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp	xmrig
behavioral2/memory/5076-247-0x00007FF7DB9F0000-0x00007FF7DBD41000-memory.dmp	xmrig
behavioral2/memory/1200-249-0x00007FF6D9940000-0x00007FF6D9C91000-memory.dmp	xmrig
behavioral2/memory/2644-251-0x00007FF7CFB20000-0x00007FF7CFE71000-memory.dmp	xmrig
behavioral2/memory/3684-253-0x00007FF762980000-0x00007FF762CD1000-memory.dmp	xmrig
behavioral2/memory/1928-255-0x00007FF7652D0000-0x00007FF765621000-memory.dmp	xmrig
behavioral2/memory/1540-259-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
1992	SyHjVlw.exe
4132	zLShXlh.exe
3092	EcVGTym.exe
3752	pAZybgl.exe
448	zFDHjla.exe
2944	wmKJePT.exe
4664	lUOKHMl.exe
1068	BvnepFs.exe
1120	XbHHfWN.exe
720	GKMJckc.exe
2244	uyjQlVI.exe
1948	pxQhelP.exe
1228	DkTchBj.exe
2628	DAALVyv.exe
1356	ktCARYv.exe
1540	PDyCjYg.exe
5076	lueCZUF.exe
1200	OxMWBuD.exe
2644	GKPMsWl.exe
1928	jFekjkT.exe
3684	xIoezMO.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4628-0-0x00007FF604B30000-0x00007FF604E81000-memory.dmp	upx
behavioral2/files/0x0008000000023c5f-5.dat	upx
behavioral2/files/0x0007000000023c63-10.dat	upx
behavioral2/memory/1992-8-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp	upx
behavioral2/files/0x0007000000023c64-24.dat	upx
behavioral2/files/0x0007000000023c65-27.dat	upx
behavioral2/files/0x0007000000023c67-40.dat	upx
behavioral2/files/0x0007000000023c6a-52.dat	upx
behavioral2/memory/4664-48-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp	upx
behavioral2/files/0x0007000000023c68-47.dat	upx
behavioral2/files/0x0007000000023c6b-55.dat	upx
behavioral2/files/0x0007000000023c6d-64.dat	upx
behavioral2/files/0x0007000000023c6f-76.dat	upx
behavioral2/files/0x0007000000023c6e-78.dat	upx
behavioral2/memory/1948-85-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp	upx
behavioral2/memory/2628-91-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp	upx
behavioral2/files/0x0007000000023c72-96.dat	upx
behavioral2/files/0x0007000000023c70-94.dat	upx
behavioral2/files/0x0007000000023c74-113.dat	upx
behavioral2/memory/720-119-0x00007FF60D5A0000-0x00007FF60D8F1000-memory.dmp	upx
behavioral2/memory/2644-123-0x00007FF7CFB20000-0x00007FF7CFE71000-memory.dmp	upx
behavioral2/files/0x0007000000023c75-125.dat	upx
behavioral2/memory/3684-124-0x00007FF762980000-0x00007FF762CD1000-memory.dmp	upx
behavioral2/memory/5076-122-0x00007FF7DB9F0000-0x00007FF7DBD41000-memory.dmp	upx
behavioral2/memory/1540-121-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp	upx
behavioral2/memory/1228-120-0x00007FF6E2340000-0x00007FF6E2691000-memory.dmp	upx
behavioral2/memory/1928-118-0x00007FF7652D0000-0x00007FF765621000-memory.dmp	upx
behavioral2/memory/1200-116-0x00007FF6D9940000-0x00007FF6D9C91000-memory.dmp	upx
behavioral2/files/0x0007000000023c73-111.dat	upx
behavioral2/files/0x0007000000023c71-109.dat	upx
behavioral2/memory/1356-103-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp	upx
behavioral2/files/0x0008000000023c60-93.dat	upx
behavioral2/memory/2244-81-0x00007FF6B3440000-0x00007FF6B3791000-memory.dmp	upx
behavioral2/files/0x0007000000023c6c-74.dat	upx
behavioral2/memory/1120-69-0x00007FF6DEB70000-0x00007FF6DEEC1000-memory.dmp	upx
behavioral2/memory/1068-63-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp	upx
behavioral2/files/0x0007000000023c69-56.dat	upx
behavioral2/memory/2944-36-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp	upx
behavioral2/files/0x0007000000023c66-34.dat	upx
behavioral2/memory/448-32-0x00007FF67B000000-0x00007FF67B351000-memory.dmp	upx
behavioral2/memory/3752-31-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp	upx
behavioral2/memory/3092-23-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp	upx
behavioral2/memory/4132-17-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp	upx
behavioral2/memory/2944-134-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp	upx
behavioral2/memory/1068-136-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp	upx
behavioral2/memory/2628-143-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp	upx
behavioral2/memory/3684-149-0x00007FF762980000-0x00007FF762CD1000-memory.dmp	upx
behavioral2/memory/1356-141-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp	upx
behavioral2/memory/1948-140-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp	upx
behavioral2/memory/4664-135-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp	upx
behavioral2/memory/448-133-0x00007FF67B000000-0x00007FF67B351000-memory.dmp	upx
behavioral2/memory/3092-131-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp	upx
behavioral2/memory/4132-130-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp	upx
behavioral2/memory/1992-129-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp	upx
behavioral2/memory/1540-144-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp	upx
behavioral2/memory/4628-127-0x00007FF604B30000-0x00007FF604E81000-memory.dmp	upx
behavioral2/memory/4628-150-0x00007FF604B30000-0x00007FF604E81000-memory.dmp	upx
behavioral2/memory/1992-204-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp	upx
behavioral2/memory/4132-206-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp	upx
behavioral2/memory/3752-210-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp	upx
behavioral2/memory/3092-209-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp	upx
behavioral2/memory/2944-221-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp	upx
behavioral2/memory/448-223-0x00007FF67B000000-0x00007FF67B351000-memory.dmp	upx
behavioral2/memory/4664-225-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\zFDHjla.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\GKMJckc.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\DAALVyv.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\GKPMsWl.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\OxMWBuD.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\zLShXlh.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\EcVGTym.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\BvnepFs.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\XbHHfWN.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\ktCARYv.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\DkTchBj.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\SyHjVlw.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\lUOKHMl.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\PDyCjYg.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\lueCZUF.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\pAZybgl.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\wmKJePT.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\uyjQlVI.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\pxQhelP.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\jFekjkT.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
File created	C:\Windows\System\xIoezMO.exe	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
Token: SeLockMemoryPrivilege	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 1992	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	83
PID 4628 wrote to memory of 1992	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	83
PID 4628 wrote to memory of 4132	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	84
PID 4628 wrote to memory of 4132	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	84
PID 4628 wrote to memory of 3092	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	85
PID 4628 wrote to memory of 3092	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	85
PID 4628 wrote to memory of 3752	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	86
PID 4628 wrote to memory of 3752	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	86
PID 4628 wrote to memory of 448	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	87
PID 4628 wrote to memory of 448	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	87
PID 4628 wrote to memory of 2944	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	88
PID 4628 wrote to memory of 2944	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	88
PID 4628 wrote to memory of 4664	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	89
PID 4628 wrote to memory of 4664	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	89
PID 4628 wrote to memory of 1068	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	90
PID 4628 wrote to memory of 1068	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	90
PID 4628 wrote to memory of 1120	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	91
PID 4628 wrote to memory of 1120	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	91
PID 4628 wrote to memory of 720	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	92
PID 4628 wrote to memory of 720	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	92
PID 4628 wrote to memory of 2244	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	93
PID 4628 wrote to memory of 2244	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	93
PID 4628 wrote to memory of 1948	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	94
PID 4628 wrote to memory of 1948	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	94
PID 4628 wrote to memory of 1356	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	95
PID 4628 wrote to memory of 1356	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	95
PID 4628 wrote to memory of 1228	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	96
PID 4628 wrote to memory of 1228	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	96
PID 4628 wrote to memory of 2628	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	97
PID 4628 wrote to memory of 2628	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	97
PID 4628 wrote to memory of 1540	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	98
PID 4628 wrote to memory of 1540	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	98
PID 4628 wrote to memory of 1200	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	99
PID 4628 wrote to memory of 1200	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	99
PID 4628 wrote to memory of 5076	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	100
PID 4628 wrote to memory of 5076	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	100
PID 4628 wrote to memory of 2644	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	101
PID 4628 wrote to memory of 2644	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	101
PID 4628 wrote to memory of 1928	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	102
PID 4628 wrote to memory of 1928	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	102
PID 4628 wrote to memory of 3684	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	103
PID 4628 wrote to memory of 3684	4628	df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe	103

C:\Users\Admin\AppData\Local\Temp\df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe
"C:\Users\Admin\AppData\Local\Temp\df63d99fb0d72fe8e8437aab3222fa6ee45686e973006787a091081990fe2468N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Windows\System\SyHjVlw.exe
  C:\Windows\System\SyHjVlw.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\zLShXlh.exe
  C:\Windows\System\zLShXlh.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\EcVGTym.exe
  C:\Windows\System\EcVGTym.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\pAZybgl.exe
  C:\Windows\System\pAZybgl.exe
  2⤵
  - Executes dropped EXE
  PID:3752
- C:\Windows\System\zFDHjla.exe
  C:\Windows\System\zFDHjla.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\wmKJePT.exe
  C:\Windows\System\wmKJePT.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\lUOKHMl.exe
  C:\Windows\System\lUOKHMl.exe
  2⤵
  - Executes dropped EXE
  PID:4664
- C:\Windows\System\BvnepFs.exe
  C:\Windows\System\BvnepFs.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\XbHHfWN.exe
  C:\Windows\System\XbHHfWN.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\GKMJckc.exe
  C:\Windows\System\GKMJckc.exe
  2⤵
  - Executes dropped EXE
  PID:720
- C:\Windows\System\uyjQlVI.exe
  C:\Windows\System\uyjQlVI.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\pxQhelP.exe
  C:\Windows\System\pxQhelP.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ktCARYv.exe
  C:\Windows\System\ktCARYv.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\DkTchBj.exe
  C:\Windows\System\DkTchBj.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\DAALVyv.exe
  C:\Windows\System\DAALVyv.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\PDyCjYg.exe
  C:\Windows\System\PDyCjYg.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\OxMWBuD.exe
  C:\Windows\System\OxMWBuD.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\lueCZUF.exe
  C:\Windows\System\lueCZUF.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\GKPMsWl.exe
  C:\Windows\System\GKPMsWl.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\jFekjkT.exe
  C:\Windows\System\jFekjkT.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\xIoezMO.exe
  C:\Windows\System\xIoezMO.exe
  2⤵
  - Executes dropped EXE
  PID:3684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BvnepFs.exe

Filesize
5.2MB

MD5
34baeaad220ef7995eee22f8fe808e0a

SHA1
421e0f8a4d69d324e7babb824d7478ddb1b0ed0c

SHA256
41dce386ec86b319e603717032ccb64b8d749f5bb868619702dd611a2406d81f

SHA512
91b3cdc9f8cea1bf211f829db907ad0e975190e5c331ede34afd65c53b8610295fe7d65311a5437a36aab334764631fe8a518df2039f489837ae53d4b6132268

Download Submit
C:\Windows\System\DAALVyv.exe

Filesize
5.2MB

MD5
6a0778a76df69bda27c25f710a77f6a8

SHA1
ba8eea12391c6c0a736aa7d8276548f972f4033d

SHA256
fed0895349b93555070d49c9be076cb0c494a5b96c0804c76de66ab1fd84f7a9

SHA512
36a937b7c1a94291ec3053e6f7b4fddacaf7b64518f97a09ee987a95746c7b1ec5cf56e30ac547c2dca5bfb5bdfb99c552471b85ec933c4db62295bf4f575b8a

Download Submit
C:\Windows\System\DkTchBj.exe

Filesize
5.2MB

MD5
6d60968763dad0fee797474708fe284c

SHA1
0c8d85a2281c2aded5c34816fa2e77d09f330409

SHA256
e900da7e863f20a07f90ae07f53e37e0be5935457cfedf429cf5706c0abdc04b

SHA512
21d987f0472ce34f79b7f4c9960f48a4e117754432e3ef009a30b2e18db4e59eb955c3690756ce631ed04cb50269974552b2237f0c66c653d26ca2f5683fa14b

Download Submit
C:\Windows\System\EcVGTym.exe

Filesize
5.2MB

MD5
7cfed20e122d0ae7c96cb9438d057e15

SHA1
1b77b3a4e204d5d13d32d5b7e405d373589cb2e8

SHA256
bc47e8f5295ea7d5ea32e81724ee09969b14d4ae60717859a88ede7970ec670c

SHA512
94f83b3fb3ec3cddab357e79a2b6074ee6b3ccdbb1d87b74c2b40f3afc8dc5ddf404e52fcf2dd3ca38c99c230b4aba75d147decaca1a169712cdbd1636673928

Download Submit
C:\Windows\System\GKMJckc.exe

Filesize
5.2MB

MD5
442f64b348ea3a3b5e4ef6b5a1c2e7c6

SHA1
72004c1e8dee4362a4be45e7db38442a8d8a9baf

SHA256
e2eb2519356e287fe51028924413c3413ff1d4d11a160631060847ddbc69c756

SHA512
bc8c27dc2965d80bb8fd91e1b3bf4c44c6747430c521a3359252fd85ddf5df95cf2847a7791ad1a7a27b6edaedc392d8c4a6358ba553cbda9177cd8ce70542bf

Download Submit
C:\Windows\System\GKPMsWl.exe

Filesize
5.2MB

MD5
34128edb3b671da13d75a10fcade12c3

SHA1
ebe2f8d629b9e7f0f4f97dc7213a64061569a804

SHA256
52b1399c030c7e7bdb3a5d275efed3d8003759ce1db394d9148d0c109ad7a6a9

SHA512
46474a5d5441d8a8fec7c7d74b83362c712318b2bf4db31b5ca5ac28139523f43a9fc82e98801c3720daa9d1817acfc8ae7d6eb8fa8e0d92d69c585222595874

Download Submit
C:\Windows\System\OxMWBuD.exe

Filesize
5.2MB

MD5
1be88d8b0fab45be77723e7ca9782ecc

SHA1
2b985081cba154996860ca6db75597b54ca44543

SHA256
84d6169297d698abbe1546e527a5ad6a282b3ac46061a821104f6bc302475392

SHA512
cd1146a243eda8cb100b28a2c5f9364b4bf0d49dbfdf224438ae5ea51645eeb1717c886ff53b89c7b57ddf56c8e99a41cf2ae540ab37d57329b9bc63c6e1594d

Download Submit
C:\Windows\System\PDyCjYg.exe

Filesize
5.2MB

MD5
c9ca5f3df9d71212e83f9fecb5a102ab

SHA1
cd5c69d117c9707ac738fa58bbf7b57dd3d5d65d

SHA256
732489ace390ee8b268017e5096562dba24814582a03bbe48a5ea10c877b265e

SHA512
1b12470e9347fcbdf69ac0969ef9c2485c4ed1b0325e28267470078393ea1c414612518d25d877c081f55af052e41fe54276745344b6064c06d6ced084210d02

Download Submit
C:\Windows\System\SyHjVlw.exe

Filesize
5.2MB

MD5
fa48a26c3beb3cf38dff09625bd10396

SHA1
2e409f75cc7af881de0c76e8c9fa76eef95fecea

SHA256
897ca746d7623818d60f3a793a6318bd4837026914fb5cea72152c8b81fdda14

SHA512
44a07050eac2cb844776daee56ca2629844165105667c11d1c285c5948ddf0a02b32cd5bf06077b5305e9c841abeacbff0a8d94e0024297d5a3737e0606136a8

Download Submit
C:\Windows\System\XbHHfWN.exe

Filesize
5.2MB

MD5
ef763f47a929762628e7aad6c3d772ca

SHA1
05a2cac07dde1b7e3d9614b05bedfb5c75e6f07c

SHA256
5134a5d6c140c96fa4b8247d7e3506754067adcbbbb5c760e613841b100baed5

SHA512
04c7d4417a6615127f604e80a0aba285e3964ebf455da6e519c543a95a1a02d183d3647333c3f8594a28e700f2d2b5c37938ac8d45c8204e195bcd5485c6c586

Download Submit
C:\Windows\System\jFekjkT.exe

Filesize
5.2MB

MD5
5e45a048725db8a4f5854c56aec14f29

SHA1
bc57508826e8aa91e053db9c6888be5701d47936

SHA256
5e01194bf57136b803796c0306d44b34849c4642cc1d79a9d54e812c0c87d3a7

SHA512
702151936e7317c451153cb91eb1a9a83e5a58028d633013e31313572fc1e59d646524164411a0e38ebae83a571d9c33512770b9c7bc40cba84f2338c490cd18

Download Submit
C:\Windows\System\ktCARYv.exe

Filesize
5.2MB

MD5
e9f292e147aba0e5596562e1b4f10684

SHA1
e3773b2055207e304fcd8abaab064c3be3913ab7

SHA256
48243796f70b10c465deeb3d6bab0a20396cfc013ea5dd776d25431ce8f38061

SHA512
31d2d9ffc70be332cb8b6038500a9361b30bd0b5769bd94a225501a29918de590238f6248de2a0055ccc40975970d1ddddbb444e7f1bd48d4bed50918ab15e17

Download Submit
C:\Windows\System\lUOKHMl.exe

Filesize
5.2MB

MD5
3aff1bab76906c30fa0f7b6ffda50bcf

SHA1
303fd6d4e10bc3549f2c2d7d6adf96139632975f

SHA256
0ab54da4682dc7d5daebbd4fe3c129adb13e7683b7b370467753635f5fc00222

SHA512
8964f098b4487615352089dbca1ae67a4003ea3f3abb56cd648f3f9f0bb398aebaff497bc8ae21da8ae607956bec5ece1c5d3e7114fdee12b1e2fdb55717e879

Download Submit
C:\Windows\System\lueCZUF.exe

Filesize
5.2MB

MD5
9f11862f67f59941999f1761a93a4466

SHA1
fbcfd2d8e49503b66d24386412866b6f0a22bbe9

SHA256
42ccb5d6a247769b15062977d3e67993b5e23f3ac5c0156341db656f6c8fa211

SHA512
ddc0d2ea631113926cdfae8b4d2098274e60c6e98574ad982609a76f562316301757d7abf20780f2a3ba36a3bb4fecf1b1c7411632874270cc212ce07a8220f1

Download Submit
C:\Windows\System\pAZybgl.exe

Filesize
5.2MB

MD5
e5ec176391c1b13799081790e8f56f9a

SHA1
70f087f8ca030979ed906ebe5defe45c1d6b857c

SHA256
06831ec840513486eca31124f82d9a6ced68c7e2417232ae756881c617285233

SHA512
c1969298b1a8ea8d1cb02613e0da568be773a729c293c348b5ad6af94ea8002be9b8388631a28be854cd38edb2ca105686a105851e4c0d53a2c024ffd131adf1

Download Submit
C:\Windows\System\pxQhelP.exe

Filesize
5.2MB

MD5
aa0ac17fc1b346c9be5c8e0c6e53ba52

SHA1
d0cf194a81ee712a5ba2f15736fa6628fae8ebd4

SHA256
0b6f887790a9b3299a141f2eff7a5a966d6bab01a90dadc27b6afc62a216b0ba

SHA512
5f91f247436e1d8b8141c93292e23e2b4c1a9f885301f0e036bf7c876460a276cba70afa06555d25cf465ca6f19464c0a75f039315beb34e07030f1b1b89af66

Download Submit
C:\Windows\System\uyjQlVI.exe

Filesize
5.2MB

MD5
bd9e6073b1fc9033387f87b2851f0ecf

SHA1
5a9c9d1617ba757666b867b10077de3eb0f83895

SHA256
e57d8f46ea327f5d07110fb09701fb32c8cbf105fc3f133c2079939f7168fd9a

SHA512
1ea2c3022d64bf0f019c1d06695d45900e79784728b37389e7dfeac3c00af2d59ac8e5727ca2c864449d31be14aa3ff3334158cbafddee5a491c506270aff160

Download Submit
C:\Windows\System\wmKJePT.exe

Filesize
5.2MB

MD5
bdfcb6ab1e24a9cb3348e8c232be071c

SHA1
41e102fbece351be42be0ec96a7fc95bc4335fd9

SHA256
d61d3bc085416322f0841fa42cbd31d93fe7b4d889dfd343861db4c62f2bd0be

SHA512
21e5130634a589df9da571a4edf75bbc9f0e177422e1d06c62273a47629749bdd9c95e51b037b82151efd7e2b3b8165984ea87d7bab1ea9ef268ac0164fdea8f

Download Submit
C:\Windows\System\xIoezMO.exe

Filesize
5.2MB

MD5
80b6a1c56fd205e5018ebc037c0f8285

SHA1
e222a35a544e93d8d065ef697e49bf272bf2ee85

SHA256
bc0994827674a9114b26d3f62ea35000d5f0ceec610dc1b69399d00c8c89b023

SHA512
2fd7f0b51a6d0596840817569ae1419532ecbab9c726051c99c922412111c146cbfc86f789cddcedb4f5061c9015c830798d4b11eb345abf95ff26da3d055acf

Download Submit
C:\Windows\System\zFDHjla.exe

Filesize
5.2MB

MD5
fc97af8e4fde36b2774cc9faa13191a9

SHA1
9ded074453cf11b8ad0fc4df55b170c4759442f7

SHA256
21cdc8502de0b5292209fac4e1d59212f0429fbf15e60ecbeeac73790fa2b0ee

SHA512
1dcff85a03e73ca22179daa260f5cb4122cb91f8e1f3727f3ced5de2f04e2ac6dcf77fb57cd6066776ee43874521c73dbac19d270d4bced68ad046df6f29fb07

Download Submit
C:\Windows\System\zLShXlh.exe

Filesize
5.2MB

MD5
1b7f060d626efa9056f18101e294c653

SHA1
fbf8da042c17e4a63eda355625416d25cf51b033

SHA256
52026e9060d49ccfeee64fda20fc912ef0aec555567b1d1f8dd7ca64163d7b5f

SHA512
b19ff305a631f6f86dd0e033fecf54c69713c4ed9b2f7d267de5bc581f40d2b5a873abd6ca9a0d1ab527e69d45437a2d20d20164bec21b69d10de140aa4a1e21

Download Submit
memory/448-32-0x00007FF67B000000-0x00007FF67B351000-memory.dmp

Filesize
3.3MB

Download
memory/448-133-0x00007FF67B000000-0x00007FF67B351000-memory.dmp

Filesize
3.3MB

Download
memory/448-223-0x00007FF67B000000-0x00007FF67B351000-memory.dmp

Filesize
3.3MB

Download
memory/720-231-0x00007FF60D5A0000-0x00007FF60D8F1000-memory.dmp

Filesize
3.3MB

Download
memory/720-119-0x00007FF60D5A0000-0x00007FF60D8F1000-memory.dmp

Filesize
3.3MB

Download
memory/1068-63-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp

Filesize
3.3MB

Download
memory/1068-136-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp

Filesize
3.3MB

Download
memory/1068-227-0x00007FF7D3870000-0x00007FF7D3BC1000-memory.dmp

Filesize
3.3MB

Download
memory/1120-69-0x00007FF6DEB70000-0x00007FF6DEEC1000-memory.dmp

Filesize
3.3MB

Download
memory/1120-229-0x00007FF6DEB70000-0x00007FF6DEEC1000-memory.dmp

Filesize
3.3MB

Download
memory/1200-249-0x00007FF6D9940000-0x00007FF6D9C91000-memory.dmp

Filesize
3.3MB

Download
memory/1200-116-0x00007FF6D9940000-0x00007FF6D9C91000-memory.dmp

Filesize
3.3MB

Download
memory/1228-120-0x00007FF6E2340000-0x00007FF6E2691000-memory.dmp

Filesize
3.3MB

Download
memory/1228-243-0x00007FF6E2340000-0x00007FF6E2691000-memory.dmp

Filesize
3.3MB

Download
memory/1356-103-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp

Filesize
3.3MB

Download
memory/1356-241-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp

Filesize
3.3MB

Download
memory/1356-141-0x00007FF7309D0000-0x00007FF730D21000-memory.dmp

Filesize
3.3MB

Download
memory/1540-121-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp

Filesize
3.3MB

Download
memory/1540-144-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp

Filesize
3.3MB

Download
memory/1540-259-0x00007FF61ABB0000-0x00007FF61AF01000-memory.dmp

Filesize
3.3MB

Download
memory/1928-118-0x00007FF7652D0000-0x00007FF765621000-memory.dmp

Filesize
3.3MB

Download
memory/1928-255-0x00007FF7652D0000-0x00007FF765621000-memory.dmp

Filesize
3.3MB

Download
memory/1948-140-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp

Filesize
3.3MB

Download
memory/1948-85-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp

Filesize
3.3MB

Download
memory/1948-239-0x00007FF77CB60000-0x00007FF77CEB1000-memory.dmp

Filesize
3.3MB

Download
memory/1992-204-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp

Filesize
3.3MB

Download
memory/1992-8-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp

Filesize
3.3MB

Download
memory/1992-129-0x00007FF77E090000-0x00007FF77E3E1000-memory.dmp

Filesize
3.3MB

Download
memory/2244-233-0x00007FF6B3440000-0x00007FF6B3791000-memory.dmp

Filesize
3.3MB

Download
memory/2244-81-0x00007FF6B3440000-0x00007FF6B3791000-memory.dmp

Filesize
3.3MB

Download
memory/2628-245-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp

Filesize
3.3MB

Download
memory/2628-91-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp

Filesize
3.3MB

Download
memory/2628-143-0x00007FF6A61E0000-0x00007FF6A6531000-memory.dmp

Filesize
3.3MB

Download
memory/2644-251-0x00007FF7CFB20000-0x00007FF7CFE71000-memory.dmp

Filesize
3.3MB

Download
memory/2644-123-0x00007FF7CFB20000-0x00007FF7CFE71000-memory.dmp

Filesize
3.3MB

Download
memory/2944-134-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp

Filesize
3.3MB

Download
memory/2944-221-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp

Filesize
3.3MB

Download
memory/2944-36-0x00007FF6D2F70000-0x00007FF6D32C1000-memory.dmp

Filesize
3.3MB

Download
memory/3092-131-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp

Filesize
3.3MB

Download
memory/3092-209-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp

Filesize
3.3MB

Download
memory/3092-23-0x00007FF6B8B20000-0x00007FF6B8E71000-memory.dmp

Filesize
3.3MB

Download
memory/3684-149-0x00007FF762980000-0x00007FF762CD1000-memory.dmp

Filesize
3.3MB

Download
memory/3684-253-0x00007FF762980000-0x00007FF762CD1000-memory.dmp

Filesize
3.3MB

Download
memory/3684-124-0x00007FF762980000-0x00007FF762CD1000-memory.dmp

Filesize
3.3MB

Download
memory/3752-210-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp

Filesize
3.3MB

Download
memory/3752-31-0x00007FF7A0870000-0x00007FF7A0BC1000-memory.dmp

Filesize
3.3MB

Download
memory/4132-130-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp

Filesize
3.3MB

Download
memory/4132-206-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp

Filesize
3.3MB

Download
memory/4132-17-0x00007FF71C950000-0x00007FF71CCA1000-memory.dmp

Filesize
3.3MB

Download
memory/4628-0-0x00007FF604B30000-0x00007FF604E81000-memory.dmp

Filesize
3.3MB

Download
memory/4628-127-0x00007FF604B30000-0x00007FF604E81000-memory.dmp

Filesize
3.3MB

Download
memory/4628-150-0x00007FF604B30000-0x00007FF604E81000-memory.dmp

Filesize
3.3MB

Download
memory/4628-1-0x0000018840220000-0x0000018840230000-memory.dmp

Filesize
64KB

Download
memory/4664-48-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp

Filesize
3.3MB

Download
memory/4664-135-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp

Filesize
3.3MB

Download
memory/4664-225-0x00007FF7B7D00000-0x00007FF7B8051000-memory.dmp

Filesize
3.3MB

Download
memory/5076-122-0x00007FF7DB9F0000-0x00007FF7DBD41000-memory.dmp

Filesize
3.3MB

Download
memory/5076-247-0x00007FF7DB9F0000-0x00007FF7DBD41000-memory.dmp

Filesize
3.3MB

Download