xmrig | f1f68b45e8c1fabbb2bed26b3982f91a4eb4dfb9fd204c9cdb05ca3ded0bc6b6

Analysis

max time kernel
135s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-06-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
Size

5.9MB
MD5

affd17e18c2d0fc92265133b5c3863f8
SHA1

72321fa247397d2d99202acaf688d3fd54487da4
SHA256

f1f68b45e8c1fabbb2bed26b3982f91a4eb4dfb9fd204c9cdb05ca3ded0bc6b6
SHA512

c4cdff5dd872deba3a830248e898c0eeb3461d5eeff207c461de0e463d36d6d49009fcc17e853cc9149543af8799c7dd7947a54352e4d994991aaa4cae1d4f59
SSDEEP

98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUu:Q+856utgpPF8u/7u

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 14 IoCs

resource	yara_rule
behavioral1/files/0x000600000001661c-81.dat	UPX
behavioral1/files/0x0006000000016572-76.dat	UPX
behavioral1/files/0x000600000001661c-84.dat	UPX
behavioral1/files/0x003500000001568c-87.dat	UPX
behavioral1/files/0x0006000000016cb7-126.dat	UPX
behavioral1/files/0x0006000000016ce4-124.dat	UPX
behavioral1/files/0x0006000000016ce4-119.dat	UPX
behavioral1/files/0x0006000000016c6b-114.dat	UPX
behavioral1/files/0x0006000000016c6b-108.dat	UPX
behavioral1/files/0x0006000000016a9a-98.dat	UPX
behavioral1/files/0x0006000000016843-91.dat	UPX
behavioral1/files/0x003500000001568c-85.dat	UPX
behavioral1/files/0x0006000000016572-74.dat	UPX
behavioral1/files/0x003500000001567f-9.dat	UPX

XMRig Miner payload 28 IoCs

miner

resource	yara_rule
behavioral1/files/0x000c000000014f71-5.dat	xmrig
behavioral1/memory/2564-46-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2496-73-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2604-80-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x000600000001661c-81.dat	xmrig
behavioral1/files/0x0006000000016572-76.dat	xmrig
behavioral1/files/0x000600000001661c-84.dat	xmrig
behavioral1/files/0x003500000001568c-87.dat	xmrig
behavioral1/memory/2692-130-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cb7-126.dat	xmrig
behavioral1/memory/1628-125-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ce4-124.dat	xmrig
behavioral1/memory/2744-122-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ce4-119.dat	xmrig
behavioral1/files/0x0006000000016c6b-114.dat	xmrig
behavioral1/files/0x0006000000016c4a-112.dat	xmrig
behavioral1/files/0x0006000000016c6b-108.dat	xmrig
behavioral1/files/0x0006000000016a9a-98.dat	xmrig
behavioral1/files/0x0006000000016843-91.dat	xmrig
behavioral1/files/0x003500000001568c-85.dat	xmrig
behavioral1/files/0x0006000000016572-74.dat	xmrig
behavioral1/files/0x0007000000015ceb-36.dat	xmrig
behavioral1/files/0x0007000000015ce1-30.dat	xmrig
behavioral1/files/0x0007000000015ce1-27.dat	xmrig
behavioral1/files/0x0007000000015cd5-23.dat	xmrig
behavioral1/files/0x003500000001567f-9.dat	xmrig
behavioral1/memory/2060-0-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2060-134-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
1708	ukqYhMQ.exe
2020	veHlZLP.exe
2108	oWXTPlT.exe
2580	avssSGf.exe
2740	vsUlDbe.exe
2564	ZgpTVqO.exe
2628	CHpIQpp.exe
2652	dTkdPze.exe
2604	Ghkjkph.exe
2432	wGgPQjY.exe
2496	asqomnF.exe
2744	MWKwrgR.exe
1628	TPsXIgK.exe
2692	AjiXOOO.exe
2532	OLgHyQk.exe
2780	JoMECSV.exe
2168	ydaZpoI.exe
1808	lBVDqpE.exe
1788	ntGTndy.exe
2236	tnNlwIa.exe
1988	bLMcZsc.exe

Loads dropped DLL 21 IoCs

pid	Process
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c000000014f71-5.dat	upx
behavioral1/memory/1708-13-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2020-20-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2580-32-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0007000000015ceb-38.dat	upx
behavioral1/memory/2564-46-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2628-52-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x00060000000161e7-56.dat	upx
behavioral1/memory/2496-73-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2604-80-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x000600000001661c-81.dat	upx
behavioral1/files/0x0006000000016572-76.dat	upx
behavioral1/files/0x000600000001661c-84.dat	upx
behavioral1/files/0x003500000001568c-87.dat	upx
behavioral1/memory/2692-130-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0006000000016cb7-126.dat	upx
behavioral1/memory/1628-125-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0006000000016ce4-124.dat	upx
behavioral1/memory/2744-122-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0006000000016ce4-119.dat	upx
behavioral1/files/0x0006000000016c6b-114.dat	upx
behavioral1/files/0x0006000000016c4a-112.dat	upx
behavioral1/files/0x0006000000016c6b-108.dat	upx
behavioral1/files/0x0006000000016c63-104.dat	upx
behavioral1/files/0x0006000000016a9a-98.dat	upx
behavioral1/files/0x0006000000016843-91.dat	upx
behavioral1/files/0x003500000001568c-85.dat	upx
behavioral1/files/0x0006000000016572-74.dat	upx
behavioral1/memory/2432-70-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2652-53-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0009000000015d56-50.dat	upx
behavioral1/files/0x0007000000015ceb-36.dat	upx
behavioral1/memory/2740-33-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0007000000015ce1-30.dat	upx
behavioral1/files/0x0007000000015ce1-27.dat	upx
behavioral1/memory/2108-25-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000015cd5-23.dat	upx
behavioral1/files/0x003500000001567f-9.dat	upx
behavioral1/memory/2060-0-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2060-134-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2496-135-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1708-137-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2020-138-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2108-139-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2740-141-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2580-140-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2652-144-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2604-145-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2432-146-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2496-147-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2744-148-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2628-143-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2564-142-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1628-150-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2692-149-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\ukqYhMQ.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\oWXTPlT.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\CHpIQpp.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\OLgHyQk.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ydaZpoI.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\lBVDqpE.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ZgpTVqO.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\asqomnF.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\MWKwrgR.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\JoMECSV.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\veHlZLP.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\vsUlDbe.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\dTkdPze.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\TPsXIgK.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\bLMcZsc.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\avssSGf.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\Ghkjkph.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\wGgPQjY.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\AjiXOOO.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\ntGTndy.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
File created	C:\Windows\System\tnNlwIa.exe	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
Token: SeLockMemoryPrivilege	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 1708	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	29
PID 2060 wrote to memory of 1708	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	29
PID 2060 wrote to memory of 1708	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	29
PID 2060 wrote to memory of 2020	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	30
PID 2060 wrote to memory of 2020	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	30
PID 2060 wrote to memory of 2020	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	30
PID 2060 wrote to memory of 2108	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	31
PID 2060 wrote to memory of 2108	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	31
PID 2060 wrote to memory of 2108	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	31
PID 2060 wrote to memory of 2580	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	32
PID 2060 wrote to memory of 2580	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	32
PID 2060 wrote to memory of 2580	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	32
PID 2060 wrote to memory of 2740	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	33
PID 2060 wrote to memory of 2740	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	33
PID 2060 wrote to memory of 2740	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	33
PID 2060 wrote to memory of 2564	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	34
PID 2060 wrote to memory of 2564	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	34
PID 2060 wrote to memory of 2564	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	34
PID 2060 wrote to memory of 2628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	35
PID 2060 wrote to memory of 2628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	35
PID 2060 wrote to memory of 2628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	35
PID 2060 wrote to memory of 2652	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	36
PID 2060 wrote to memory of 2652	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	36
PID 2060 wrote to memory of 2652	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	36
PID 2060 wrote to memory of 2604	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	37
PID 2060 wrote to memory of 2604	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	37
PID 2060 wrote to memory of 2604	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	37
PID 2060 wrote to memory of 2432	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	38
PID 2060 wrote to memory of 2432	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	38
PID 2060 wrote to memory of 2432	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	38
PID 2060 wrote to memory of 2496	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	39
PID 2060 wrote to memory of 2496	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	39
PID 2060 wrote to memory of 2496	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	39
PID 2060 wrote to memory of 2744	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	40
PID 2060 wrote to memory of 2744	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	40
PID 2060 wrote to memory of 2744	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	40
PID 2060 wrote to memory of 1628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	41
PID 2060 wrote to memory of 1628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	41
PID 2060 wrote to memory of 1628	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	41
PID 2060 wrote to memory of 2692	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	42
PID 2060 wrote to memory of 2692	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	42
PID 2060 wrote to memory of 2692	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	42
PID 2060 wrote to memory of 2532	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	43
PID 2060 wrote to memory of 2532	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	43
PID 2060 wrote to memory of 2532	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	43
PID 2060 wrote to memory of 2780	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	44
PID 2060 wrote to memory of 2780	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	44
PID 2060 wrote to memory of 2780	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	44
PID 2060 wrote to memory of 2168	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	45
PID 2060 wrote to memory of 2168	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	45
PID 2060 wrote to memory of 2168	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	45
PID 2060 wrote to memory of 1788	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	46
PID 2060 wrote to memory of 1788	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	46
PID 2060 wrote to memory of 1788	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	46
PID 2060 wrote to memory of 1808	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	47
PID 2060 wrote to memory of 1808	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	47
PID 2060 wrote to memory of 1808	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	47
PID 2060 wrote to memory of 1988	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	48
PID 2060 wrote to memory of 1988	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	48
PID 2060 wrote to memory of 1988	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	48
PID 2060 wrote to memory of 2236	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	49
PID 2060 wrote to memory of 2236	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	49
PID 2060 wrote to memory of 2236	2060	2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe	49

C:\Users\Admin\AppData\Local\Temp\2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-05_affd17e18c2d0fc92265133b5c3863f8_cobalt-strike_cobaltstrike.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\System\ukqYhMQ.exe
  C:\Windows\System\ukqYhMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\veHlZLP.exe
  C:\Windows\System\veHlZLP.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\oWXTPlT.exe
  C:\Windows\System\oWXTPlT.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\avssSGf.exe
  C:\Windows\System\avssSGf.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\vsUlDbe.exe
  C:\Windows\System\vsUlDbe.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\ZgpTVqO.exe
  C:\Windows\System\ZgpTVqO.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\CHpIQpp.exe
  C:\Windows\System\CHpIQpp.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\dTkdPze.exe
  C:\Windows\System\dTkdPze.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\Ghkjkph.exe
  C:\Windows\System\Ghkjkph.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\wGgPQjY.exe
  C:\Windows\System\wGgPQjY.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\asqomnF.exe
  C:\Windows\System\asqomnF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\MWKwrgR.exe
  C:\Windows\System\MWKwrgR.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\TPsXIgK.exe
  C:\Windows\System\TPsXIgK.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\AjiXOOO.exe
  C:\Windows\System\AjiXOOO.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\OLgHyQk.exe
  C:\Windows\System\OLgHyQk.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\JoMECSV.exe
  C:\Windows\System\JoMECSV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ydaZpoI.exe
  C:\Windows\System\ydaZpoI.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\ntGTndy.exe
  C:\Windows\System\ntGTndy.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\lBVDqpE.exe
  C:\Windows\System\lBVDqpE.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\bLMcZsc.exe
  C:\Windows\System\bLMcZsc.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\tnNlwIa.exe
  C:\Windows\System\tnNlwIa.exe
  2⤵
  - Executes dropped EXE
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AjiXOOO.exe

Filesize
2.0MB

MD5
ce95ecfd82cad989d07f01bb5a4e0e62

SHA1
9c404e62c6a147d88e2c4214a4a0c1206972e9c1

SHA256
593e7bd118d819d8e39ef2651ab132601260307c705634ada0a2db317b292576

SHA512
c2ff795a22229b7c15805b1e961a5dfe271dec3d9731c58be06511c88be95cff0caaac2a29a6db9c14604bb11c8d799f874a0f83a490e055a4995d26515db084

Download Submit
C:\Windows\system\Ghkjkph.exe

Filesize
576KB

MD5
2b325ba998218e1724cf0adeb30ee980

SHA1
91c91f972b93ca21c02dbae5cc375d4e1212c0a0

SHA256
3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9

SHA512
d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

Download Submit
C:\Windows\system\JoMECSV.exe

Filesize
1.6MB

MD5
56ee677de21a709db946a046883f7ce0

SHA1
de18ab857415512a1e5f9227b15c119ff5bfa14f

SHA256
4d63063582e2a3e93cf2cb0976139a91882eb15370331c0784df87514396f7c1

SHA512
ccab8e9ff99489923a6586d6c1b451d4eed0c1f125832dd3c1bf57d39c698c9d6cfcc62855403d2f81460eb28155b65585fb3218e472dceac11b91ccaf735bc7

Download Submit
C:\Windows\system\MWKwrgR.exe

Filesize
1.4MB

MD5
d97939e7759d9307f9eaf0d8918eba95

SHA1
12c61fef52f0fd06026becd4921bdb4f54b880b5

SHA256
c2a8fd656ce934ba0938d6b9d21954c48c0b2661eda466f5c4e9be62e4c2f657

SHA512
29000522b29d463094669a814e5ab09084f3920f905f01bb0c9ca85deb9c75d2cf18f8b81d5ac7b82427975dd12de0dac245946fcf8aba34f067f41d3147fb6f

Download Submit
C:\Windows\system\OLgHyQk.exe

Filesize
1.6MB

MD5
214d1045e92c61fc5f7445e77ac03d7d

SHA1
7ab001a23b13f4095a8c3bf3a5d40488436b0fa4

SHA256
e3d9d47c43d3199f70fe445fd180487437e9badf39d9c0d43c0714034fc3ff00

SHA512
c834fdde581610fc05abe8967afd81c03a7334d36444c3dd97aaf099023286629269b47ad8c54e85bf13fca6d7ad4a71c0d5fcf3b68edca93d58e37969dfde56

Download Submit
C:\Windows\system\TPsXIgK.exe

Filesize
1.8MB

MD5
c665d55523745ebd550a2c4296ad8ec9

SHA1
43f72a8e93454ded742dbec7a7c84f59cb0d6520

SHA256
4ce197747d9fbeeec8496c26db012627d7ce7e6aa1a732a7c731d6ef8431204b

SHA512
57b316ce017c765c9f224c8ed85aafffadf3e3509d0b9d8b28c09b7a506bf84dd5216ab3d5048ad1f637628cef7585aca82701224766df2dd48aff33618c1454

Download Submit
C:\Windows\system\ZgpTVqO.exe

Filesize
448KB

MD5
0642442db4acbbfb6037e06789624264

SHA1
923aee440a6887c7a7a8a78085aa492b2cdcee65

SHA256
5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

SHA512
7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

Download Submit
C:\Windows\system\avssSGf.exe

Filesize
977KB

MD5
db2bc11d9d1fe767e0ddd787d2503ebe

SHA1
ae8feb2669101dfced0ed2cf7d602f4710b3407b

SHA256
65b9a8e3e1ca89296eebdeceab077b36d15cad95d90b97344fcab4c2d94cff7c

SHA512
37db62e9fba25ce4767fad2d6ea7686629acbfd192ce3e5a7ef2a925a6cb8957cc88622159c277ccb344dd17cf4f46af124012aeaa89307e421f41494f543bcd

Download Submit
C:\Windows\system\bLMcZsc.exe

Filesize
2.1MB

MD5
15cf87e23de9e5aa880141bb688825a5

SHA1
62c06d564ba5dcf8c888d229493c3613180cb5e4

SHA256
5e032da20af1e4ea2f35f05234c52177f74b360949d2f7345fcbb0acd3c961d5

SHA512
430fd051d838f0a408c8cf2c85f71154d09742b9b0cb871177c59d1cbe99b32ffc5f19c8fa50a1364c5395d12cdfbcd1e09f71400f2f63efffb416e480b00137

Download Submit
C:\Windows\system\dTkdPze.exe

Filesize
512KB

MD5
6b5887af4274a78686a788865765637c

SHA1
5afc15e6fcbc11377bbabbda47ff43f6ebedd369

SHA256
ecdfed9bc02368fefbebe0d02090e93826b7e5cc1043e339dd245299c8b23006

SHA512
4f563e539f8ec68bbc27d4cc59c42ea4897bb131085e08433f745cc558ab7a030701a601ddb711cda19dfa6cd9086b458fb74762092be15aaa4190c05134d077

Download Submit
C:\Windows\system\lBVDqpE.exe

Filesize
1.2MB

MD5
711965c0ed770375b388ea9b5ea57c70

SHA1
21f7ffc0c96b29ee6bc8176dc97f6fd049d110a2

SHA256
c07d701eb04ab4f8699484a3bd23da869373ffe5abb89855dad47bf019625666

SHA512
1805d8628649a043140bc3aafe1e7909e2e2c4d13967ba772fc49046b58f359c9204953c678c902e0a7afe7ca922f35fcfea6266309db91efb45c72ff619c428

Download Submit
C:\Windows\system\tnNlwIa.exe

Filesize
1.1MB

MD5
cefe7ebbcbdc6a5e5023e2ad8530b25b

SHA1
6e0d7ab1a6ddd7ee739d050791a70816c80e15a8

SHA256
6ab2207c199b9f50a07b7695194b47a621541e0d37d9b22f0438e67dcb93d475

SHA512
93f98af6631d01c751345fac9f47be26cfbc75dd9db0dd1fbd6fa2e5834aa5211f8d199ade4392a702dd45e08ec6d96b6b5fac0e6e70a1f9a03484c2b65fa844

Download Submit
C:\Windows\system\ukqYhMQ.exe

Filesize
967KB

MD5
445250c73c6ff4797694b3cdc101b139

SHA1
09bb7b43148d456325c2c7d70ecde6425ea88d95

SHA256
32e91cb51bf556e71eaf8dec7779e25e31e54ce3948fcd5621f7a77257b4fe3d

SHA512
9d949fa18a20056de152084f706b009b8ac9f3f1dbc3bef6110827e131a698c26598108c3e113e5b7f7ac39108936904d7b2ae774f87eb73c8e01699ec2903b3

Download Submit
C:\Windows\system\vsUlDbe.exe

Filesize
704KB

MD5
27f1ae58c0e7ea96c463a8f0329d13e3

SHA1
a5352f33f2a7ec676e07aa36bd587f2a910b1502

SHA256
570ef729e78067f9e824a09ee84a0b44c24671dfe07947eaca970f453f235334

SHA512
51c2e61154a9cf7b8c51728bee23d084e40467a64fc74544ed07917de5c42cd2c4f093dc4dba57e475be140334b7f9d2f8c2784d353f9bec4fe5fc6098f5ad70

Download Submit
C:\Windows\system\ydaZpoI.exe

Filesize
960KB

MD5
180ec18cff675908ea09fb02b8edeae7

SHA1
908a0fde6e66598e819044f800d2fb12a2c2d5e4

SHA256
35e0571c2720559fc2e392ef1ac01a4890a7f5a52de790fe0560ba1ddb8b0978

SHA512
f4efca4f8c80307ac309f06271cca1b553bd93330b442aaa71749f3ce5f3d47dab778dbee66162c088762bb8f4726a65ed8e5313f9bd8da09d951b910b9f8e49

Download Submit
\Windows\system\AjiXOOO.exe

Filesize
1.6MB

MD5
7307e8c615a3f2c17bf199ed0119a363

SHA1
acd84cbfc0249fba08958e84398a9fe1cc9096c2

SHA256
e522177f8eb2f1662860c2c5e0731c75dfa27c3170cac299592367305c68811d

SHA512
87254c9fad8b86ae391b508920e879729a60c79fe3f1586842b40b9e1a3e9eecc931823f1251f94f7985a1c4e79a15ec5937c5d201da34f8d9bdf37a05af8354

Download Submit
\Windows\system\MWKwrgR.exe

Filesize
1.8MB

MD5
4231b2fa694d8a319d855e6578a7f812

SHA1
e9b4753fc076b0b75b617f45b36b27fef48c3de7

SHA256
af18ccfd46b984fbd144a121b88d7c2e956e863e0baff9e7af25dfaeb1eb9e01

SHA512
3e40bf1af33147e31868786f7eafc56c6f0fdf764276586ed64b6b3b62ee120cd29639853f510b6e774954385654a38992b1dc470da637ee7fb2c609e5d37abf

Download Submit
\Windows\system\TPsXIgK.exe

Filesize
2.2MB

MD5
793d9918288b75a71d1ea73538325744

SHA1
b6b4f37b73c0017168a72257085e8ff3f8116dde

SHA256
2a28a5f47a1b9f038db60f0db42a3e2739bccce2f6d6851e3fb16ea9022858ab

SHA512
0d06da43a2ebec4e6b41ba3b888fdb95660bd17715e9d4665d15f15e201b0e2b4eca12e76ad4bb43220a19bb52bcfcda912c6295e4fea8f8f8f3c04ff10f1410

Download Submit
\Windows\system\ZgpTVqO.exe

Filesize
923KB

MD5
2ce606c8914a93e8099fbe79f858cddb

SHA1
84c0492537801d7a093e26e19cf4c331d45e34b2

SHA256
123e1b5c54e74a2b85d791a13a70a807b17f0be8051243b35346e4af6c8b27c2

SHA512
5c6486fc06f9adfce629555823737332bd9e3943d8602dcb566f7345f3dff87a1c5a388aa2d15d323ec818fa1361cdde0489ac6ee08baef5228473de98fc73bd

Download Submit
\Windows\system\lBVDqpE.exe

Filesize
1.9MB

MD5
d05ef84478372f2db11d67b0919392c9

SHA1
e1300e72c9c6af7cdb5ceed60fbb7d1431623afa

SHA256
03f796cf2b3cf6c87fbc0c9f2d8f1b0d58f1ca34764d20a3f68b7078ecb6b92c

SHA512
90fe6b195787a87123baf3e44a8773d5bfbf874c0a657c7126ffb03137d17892a537a2a3d7a656e2d69f287636ece2d1d394f974929d1d2daafd291d08b18e06

Download Submit
\Windows\system\ntGTndy.exe

Filesize
384KB

MD5
6207c08555e637186de329c9179e16d9

SHA1
09098b1d2cbfb2ab317439f6c4fc0121d5b8f70a

SHA256
90e60744ec9da51fba847be626db348bca6bdaf98ac91b116446f5b42433003b

SHA512
a17015ce5be9dbe107f45a5361c78d0722d3574d1684f1ab5a78044304a8f13b281179a8bde4be29c0529678da2d8332817db568d46fd1e81541274c1a2a6ea7

Download Submit
\Windows\system\tnNlwIa.exe

Filesize
1.9MB

MD5
0b1dc771469fa6753e7aace834956918

SHA1
ab392eb1cb5fc16a55a2c41b7c5a6d56cfdeced7

SHA256
60a5948084400707991c40b4413636168d0f0501efbc67fab461d4937de55fb6

SHA512
6ff29d03eaaae06a15e3efe1ea402940d3f7a6e2ebae2266481a1a80576dd91702b1cbddedd5f74c67cdfdf217582f180323fa66c29c2525747039f60c34ba60

Download Submit
\Windows\system\veHlZLP.exe

Filesize
1.1MB

MD5
b0b3bf07ef818e1f98ae2e884b0fa5ad

SHA1
619c00d3fce88b0c73bcde5377691c7e26b5f74a

SHA256
874c063736f2c46ba232d539afab85f4c5b983428835738d9b000dfac77c9683

SHA512
e74ba325d2c639cb60470c21f81f121fa7bfc2bab1116ea4fa94631b4ddc446be3e634cd1687050e22b71f04ae32f6fd0346cce4288bbe949de3d44dce3ae304

Download Submit
\Windows\system\vsUlDbe.exe

Filesize
832KB

MD5
fe23d8f2a683ea3c37e211db5c47c198

SHA1
c8d98757080f758fa71fe2947f967f4c2ba26b77

SHA256
e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

SHA512
ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

Download Submit
memory/1628-150-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1628-125-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1708-137-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1708-13-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2020-138-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2020-20-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2060-66-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2060-117-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2060-133-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-132-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2060-99-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2060-64-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2060-59-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2060-131-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2060-136-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-134-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-0-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-129-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2060-8-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2060-35-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2060-34-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2060-79-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-139-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2108-25-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2432-146-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2432-70-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2496-135-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-73-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2496-147-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-46-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2564-142-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2580-32-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-140-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-145-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-80-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-52-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2628-143-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2652-53-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-144-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2692-130-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2692-149-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2740-33-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2740-141-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2744-148-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2744-122-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download