cobaltstrike | 81db6633ff1fcc98e5e03f0c4c9a595128813e9e5109cebdaf115e0160123888

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
Size

5.9MB
MD5

d66332a2cf8d428ae1f425f8effa65e1
SHA1

7f62b20f2ed77cdf91b75e46ebbc26a1b161ace0
SHA256

81db6633ff1fcc98e5e03f0c4c9a595128813e9e5109cebdaf115e0160123888
SHA512

80a74138e207f819055a115bf159096423feb335b8761e22fe633b5aa24c8a70ab7e4c91f8d6db39c0c42f2a2c37b1807a294aa139554e5fe658f15f63ffbd9d
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lUO:E+b56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-18.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001934d-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019315-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191dc-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018712-48.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dcf-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-115.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d69-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924a-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f1-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bc8-75.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ddf-74.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dcb-73.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d65-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-23.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/1344-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-3.dat	xmrig
behavioral1/files/0x0008000000016d31-9.dat	xmrig
behavioral1/memory/2136-8-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3a-18.dat	xmrig
behavioral1/memory/840-14-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000500000001934d-118.dat	xmrig
behavioral1/memory/840-97-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019315-94.dat	xmrig
behavioral1/files/0x0005000000019266-85.dat	xmrig
behavioral1/files/0x0005000000019259-78.dat	xmrig
behavioral1/files/0x0005000000019244-65.dat	xmrig
behavioral1/memory/1344-58-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191dc-55.dat	xmrig
behavioral1/memory/1344-51-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/332-135-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018712-48.dat	xmrig
behavioral1/memory/1344-43-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dcf-40.dat	xmrig
behavioral1/memory/1344-34-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/files/0x000500000001926b-116.dat	xmrig
behavioral1/files/0x000500000001925d-115.dat	xmrig
behavioral1/files/0x0007000000016d69-114.dat	xmrig
behavioral1/memory/1344-110-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2664-109-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2656-108-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2956-107-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2880-106-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3032-105-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2400-104-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924a-77.dat	xmrig
behavioral1/files/0x00050000000191f1-76.dat	xmrig
behavioral1/files/0x0006000000018bc8-75.dat	xmrig
behavioral1/files/0x0009000000016ddf-74.dat	xmrig
behavioral1/files/0x0007000000016dcb-73.dat	xmrig
behavioral1/files/0x0007000000016d65-72.dat	xmrig
behavioral1/memory/2136-63-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/332-31-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d5e-23.dat	xmrig
behavioral1/memory/3008-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2136-139-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/840-140-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3008-141-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/332-142-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/3032-143-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2400-145-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2656-148-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2664-147-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2956-146-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2880-144-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2136	MbOZpsN.exe
840	STDZpcX.exe
3008	vuznxcR.exe
332	GaROqqF.exe
2400	IcFUwcM.exe
3032	KBtSUDi.exe
2880	MXOEnXi.exe
2956	rUVImfi.exe
2656	dJfMuOc.exe
2664	safhytq.exe
2816	TjFlyQu.exe
108	AUfCVqs.exe
1852	wcTzZie.exe
2828	ZQjoREc.exe
3020	eENoxRi.exe
2900	nlhGBfT.exe
2492	hRwoiiK.exe
2612	RdIFgkM.exe
2204	BxCAGgM.exe
1620	dJqqJqy.exe
2916	XTUmbck.exe

Loads dropped DLL 21 IoCs

pid	Process
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe

UPX packed file 46 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1344-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0007000000012119-3.dat	upx
behavioral1/files/0x0008000000016d31-9.dat	upx
behavioral1/memory/2136-8-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0008000000016d3a-18.dat	upx
behavioral1/memory/840-14-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000500000001934d-118.dat	upx
behavioral1/memory/840-97-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019315-94.dat	upx
behavioral1/files/0x0005000000019266-85.dat	upx
behavioral1/files/0x0005000000019259-78.dat	upx
behavioral1/files/0x0005000000019244-65.dat	upx
behavioral1/files/0x00050000000191dc-55.dat	upx
behavioral1/memory/332-135-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0005000000018712-48.dat	upx
behavioral1/memory/1344-43-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0009000000016dcf-40.dat	upx
behavioral1/files/0x000500000001926b-116.dat	upx
behavioral1/files/0x000500000001925d-115.dat	upx
behavioral1/files/0x0007000000016d69-114.dat	upx
behavioral1/memory/2664-109-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2656-108-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2956-107-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2880-106-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3032-105-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2400-104-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000500000001924a-77.dat	upx
behavioral1/files/0x00050000000191f1-76.dat	upx
behavioral1/files/0x0006000000018bc8-75.dat	upx
behavioral1/files/0x0009000000016ddf-74.dat	upx
behavioral1/files/0x0007000000016dcb-73.dat	upx
behavioral1/files/0x0007000000016d65-72.dat	upx
behavioral1/memory/2136-63-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/332-31-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d5e-23.dat	upx
behavioral1/memory/3008-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2136-139-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/840-140-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3008-141-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/332-142-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/3032-143-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2400-145-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2656-148-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2664-147-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2956-146-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2880-144-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\MbOZpsN.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\STDZpcX.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\MXOEnXi.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\hRwoiiK.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\AUfCVqs.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\ZQjoREc.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\wcTzZie.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\vuznxcR.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\GaROqqF.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\IcFUwcM.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\rUVImfi.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\safhytq.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\dJqqJqy.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\RdIFgkM.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\BxCAGgM.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\XTUmbck.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\TjFlyQu.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\KBtSUDi.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\eENoxRi.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\nlhGBfT.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
File created	C:\Windows\System\dJfMuOc.exe	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2136	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	31
PID 1344 wrote to memory of 2136	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	31
PID 1344 wrote to memory of 2136	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	31
PID 1344 wrote to memory of 840	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	32
PID 1344 wrote to memory of 840	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	32
PID 1344 wrote to memory of 840	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	32
PID 1344 wrote to memory of 3008	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	33
PID 1344 wrote to memory of 3008	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	33
PID 1344 wrote to memory of 3008	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	33
PID 1344 wrote to memory of 332	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	34
PID 1344 wrote to memory of 332	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	34
PID 1344 wrote to memory of 332	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	34
PID 1344 wrote to memory of 2400	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	35
PID 1344 wrote to memory of 2400	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	35
PID 1344 wrote to memory of 2400	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	35
PID 1344 wrote to memory of 2816	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	36
PID 1344 wrote to memory of 2816	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	36
PID 1344 wrote to memory of 2816	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	36
PID 1344 wrote to memory of 3032	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	37
PID 1344 wrote to memory of 3032	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	37
PID 1344 wrote to memory of 3032	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	37
PID 1344 wrote to memory of 3020	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	38
PID 1344 wrote to memory of 3020	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	38
PID 1344 wrote to memory of 3020	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	38
PID 1344 wrote to memory of 2880	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	39
PID 1344 wrote to memory of 2880	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	39
PID 1344 wrote to memory of 2880	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	39
PID 1344 wrote to memory of 2900	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	40
PID 1344 wrote to memory of 2900	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	40
PID 1344 wrote to memory of 2900	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	40
PID 1344 wrote to memory of 2956	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	41
PID 1344 wrote to memory of 2956	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	41
PID 1344 wrote to memory of 2956	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	41
PID 1344 wrote to memory of 2492	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	42
PID 1344 wrote to memory of 2492	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	42
PID 1344 wrote to memory of 2492	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	42
PID 1344 wrote to memory of 2656	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	43
PID 1344 wrote to memory of 2656	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	43
PID 1344 wrote to memory of 2656	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	43
PID 1344 wrote to memory of 2612	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	44
PID 1344 wrote to memory of 2612	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	44
PID 1344 wrote to memory of 2612	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	44
PID 1344 wrote to memory of 2664	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	45
PID 1344 wrote to memory of 2664	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	45
PID 1344 wrote to memory of 2664	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	45
PID 1344 wrote to memory of 2204	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	46
PID 1344 wrote to memory of 2204	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	46
PID 1344 wrote to memory of 2204	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	46
PID 1344 wrote to memory of 108	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	47
PID 1344 wrote to memory of 108	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	47
PID 1344 wrote to memory of 108	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	47
PID 1344 wrote to memory of 1620	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	48
PID 1344 wrote to memory of 1620	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	48
PID 1344 wrote to memory of 1620	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	48
PID 1344 wrote to memory of 1852	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	49
PID 1344 wrote to memory of 1852	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	49
PID 1344 wrote to memory of 1852	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	49
PID 1344 wrote to memory of 2916	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	50
PID 1344 wrote to memory of 2916	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	50
PID 1344 wrote to memory of 2916	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	50
PID 1344 wrote to memory of 2828	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	51
PID 1344 wrote to memory of 2828	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	51
PID 1344 wrote to memory of 2828	1344	d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe	51

C:\Users\Admin\AppData\Local\Temp\d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d66332a2cf8d428ae1f425f8effa65e1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\System\MbOZpsN.exe
  C:\Windows\System\MbOZpsN.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\STDZpcX.exe
  C:\Windows\System\STDZpcX.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\vuznxcR.exe
  C:\Windows\System\vuznxcR.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\GaROqqF.exe
  C:\Windows\System\GaROqqF.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\IcFUwcM.exe
  C:\Windows\System\IcFUwcM.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\TjFlyQu.exe
  C:\Windows\System\TjFlyQu.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\KBtSUDi.exe
  C:\Windows\System\KBtSUDi.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\eENoxRi.exe
  C:\Windows\System\eENoxRi.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\MXOEnXi.exe
  C:\Windows\System\MXOEnXi.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\nlhGBfT.exe
  C:\Windows\System\nlhGBfT.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\rUVImfi.exe
  C:\Windows\System\rUVImfi.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\hRwoiiK.exe
  C:\Windows\System\hRwoiiK.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\dJfMuOc.exe
  C:\Windows\System\dJfMuOc.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\RdIFgkM.exe
  C:\Windows\System\RdIFgkM.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\safhytq.exe
  C:\Windows\System\safhytq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\BxCAGgM.exe
  C:\Windows\System\BxCAGgM.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\AUfCVqs.exe
  C:\Windows\System\AUfCVqs.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\dJqqJqy.exe
  C:\Windows\System\dJqqJqy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\wcTzZie.exe
  C:\Windows\System\wcTzZie.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\XTUmbck.exe
  C:\Windows\System\XTUmbck.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ZQjoREc.exe
  C:\Windows\System\ZQjoREc.exe
  2⤵
  - Executes dropped EXE
  PID:2828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUfCVqs.exe

Filesize
5.9MB

MD5
21b86cc3a9a5482e843a165a98721103

SHA1
8fcbb4428188363d4204c8edc3cc4bf524fee894

SHA256
7744526cc9c3698528a0a470437fafb0d5861965cb2484a25d6308feb2ef79eb

SHA512
6387e04735d9928deccb7bc0efaf905a00c1c5057d65a34fcbf4686ea2f2b0fdd20eef219b1a2ba04b7e6b097e86d03a4d0bc7d96c21a1a8f81a2e34c8694b22

Download Submit
C:\Windows\system\IcFUwcM.exe

Filesize
5.9MB

MD5
15d70692338783844539ac9bd8c63c12

SHA1
f0779ffac9be9c85292464c86abcdc3d998113a4

SHA256
e1039dec1be4d312fae874bd3b74ef3512c7b352d2c51e53102a329ecf08558e

SHA512
931b347ca068e5706581cc2113fbab5b5e52ab0856a45256a26c4ce28cd694c318c5ebeeac5eb909145895e1be60e1a90fe817e519e8768e3f413ddbce2dbc3d

Download Submit
C:\Windows\system\KBtSUDi.exe

Filesize
5.9MB

MD5
7c04235da3009440c8b2194cc9f447d8

SHA1
c11a35ac4311f93546e7be7231aa38ee7227bcc3

SHA256
08937131d1fd3aa74cbeae2edf31b822e5a9d8ba0f1618e99d1691efc83a7c3d

SHA512
894640251804bd98f25389db7d6a53ff2a7c16dcf21ca247b784e812df287ccbd4532d645bf21d6831c2a5cd3f3649deb770ddae5ae07d39060e92574d00f025

Download Submit
C:\Windows\system\MXOEnXi.exe

Filesize
5.9MB

MD5
ea40372c5d1d8cce09d46ca6efe412ec

SHA1
0d616ef9b83471fd3476a8d790c5c5f7b30a0516

SHA256
bdad1392cc4b601c1d1aa48ab570fca4d37dae1ec6829eb1506eb796e68b4be7

SHA512
500b41e70c4158de72d5abdf8ce1f0d3dfc77dbaedcae57a3fac52f843381b17a2d7212b585d6b9eef9c9173c30067c787b874ed89805c28a970260782e268de

Download Submit
C:\Windows\system\TjFlyQu.exe

Filesize
5.9MB

MD5
9474a66da39934ef0e4c14974a7e994b

SHA1
c15490a532f0c7067f314e3664874a8fdc12b81e

SHA256
437923d701072a725f3e68e541dfc4451e58c10132ec34175edce9b4772eaa0e

SHA512
925b44450a83dc33676c7902f47fd943dec84d969c06d8d20d209a2f3e2f476955f62651bbd6dc2beadeea74dc49ba8416244fa41363e17f8ee688aac123cb2d

Download Submit
C:\Windows\system\ZQjoREc.exe

Filesize
5.9MB

MD5
a1f35a45f2d7f107631199bd49ab9568

SHA1
3bc0292db7c782df0a808f54e215f08a97280a3b

SHA256
a8f1842ffe8678b0bf61274cc120d76f12091b52aba5da0e1f249596552881f1

SHA512
31d615ed22a8e21234f3c5a35cd8795c155cacdaf1421d7bd638612cb66d0fe39bbcea8ddf434d6e5feed6414cac825bff11d794a705d0f01383a5a84c7ec5c1

Download Submit
C:\Windows\system\dJfMuOc.exe

Filesize
5.9MB

MD5
a21cdebf51048405d2f99a0269ae359f

SHA1
b69047840999f2d59ef77afb8f4a16c333f2ba52

SHA256
0675e3e55af25a4540e2613ddac7abc3750065e083da94e017f5e7f2d6c4b561

SHA512
3b64c11c3a3f2f30f2243a9ba8afa6bd39e94026e2c3819253781ac9bc3b4cd815253216ac5ac45310415e4d1a8ee42ede1e435de4bffb49f5978cb0e42fbeb6

Download Submit
C:\Windows\system\rUVImfi.exe

Filesize
5.9MB

MD5
d6c586d9b4378c5d694a7b589a3e2000

SHA1
d8afc4fe0670c4e0ed359efe475ffd83b0c04930

SHA256
1050343b477a00ade8f522053991a7071fe27a8585e73ec29ab36088d12bdb58

SHA512
a550f0cdf8c1cb8b21f5ec362dacb61b951e89fd644245531382c73a8293e41ce12f70e9fa14c59bb522c72e5a99baa081e35feb8e810e22ac75a981145600cc

Download Submit
C:\Windows\system\safhytq.exe

Filesize
5.9MB

MD5
9f820c2ac86b44ca7aa4021315bf7c2f

SHA1
bb10102a2456632cb241300c8c29e5d18ebadb41

SHA256
2693e08462f8ea746a86680466cc5cb62ba85e0fb22460f394e1a6d1ef2330f7

SHA512
9d87335b6f5e6c7f7acedb90a6522540203198aa5e8c0fd478f91408747c78e8f18590df91b16b53ac706c2150fac42171ac911a090a76ca06b4180845a3cd1d

Download Submit
C:\Windows\system\vuznxcR.exe

Filesize
5.9MB

MD5
558398061d0864d449b70f682b7747a4

SHA1
5b2f6dd48ce31c07513497af3a96998b76140c3d

SHA256
253c282c42c4cf4d72902a21b82b2e30ae837b04a3c667eb965acb22a38f18cc

SHA512
1e1434a2f001d0b30403c7249792ab98cfc09c48a3831a5e0a9f3f2f239c4661814584f8da6b92a656f0691043c4d0ea6d3a7e6caab2718b89da7336a9a3fbcb

Download Submit
C:\Windows\system\wcTzZie.exe

Filesize
5.9MB

MD5
d0772899a16864816a54c0fc6ec860de

SHA1
418f80687af232d99feb13358b24d41cd36b7d5f

SHA256
92eb71fc0363dcb286e3bf0f50bedca2a45a380f34a8d7158fe08b737b284f34

SHA512
f39c1a2bb499f544e0a5e4625c3fe9a6241b5e654e654f8902be75704b568ea4f5cff8e0e1f0e68002ba7fcf0b9097ce96d5cef2921809fbb0b202afae0fe37e

Download Submit
\Windows\system\BxCAGgM.exe

Filesize
5.9MB

MD5
4e1eda885824b5bac666e4e738c1d945

SHA1
3cfb0743c80603f0a79b097ea9bd4ef1b2615dbd

SHA256
e624f86187b497695a51e528108a2560dbecc762e000af1441efb9be88c7fedc

SHA512
7a4f6d1c0089e026d56b673f1379fad892cb6f6f84375ec788c6d1980f1d067dc1cfa5751c68fc75e4c3f9aefa721dc229e5f820c446f99f335fb6af29cf8564

Download Submit
\Windows\system\GaROqqF.exe

Filesize
5.9MB

MD5
f6a28513fcb24b3bbe0841f87a9b6dad

SHA1
f91a9ba58055ba613b18ae8ae47c2dbefd75c13a

SHA256
bfe660948a32891b96cdbac3d362962170a07942221f2f0ce01dd16aefa74b72

SHA512
b74311aafdadcbc18a2b074ed9fccd2110155ff66730e758c298cbf0e6d8baecf825d96494f13e7942b2a0ac3a02609cd4f738baf26751da18650f991c35b257

Download Submit
\Windows\system\MbOZpsN.exe

Filesize
5.9MB

MD5
607ec67166bbfbbc961acdaf7c28b99d

SHA1
8bc44ceb96538a54481264cd24da3bdac1eecbf6

SHA256
8aa11f2b76a10d1714bac4c5d119812aed22326ef86fd9ba31149d83dd15370f

SHA512
7b5dcfc6cd329b4f875aafa35c55c474213edc3283d65cc73156d07e898ead58af91650f278a947c72e616718fd21d72350ded9bfdf6a7eb94cbf105a30d2272

Download Submit
\Windows\system\RdIFgkM.exe

Filesize
5.9MB

MD5
652aadf52a7e3c48671785e18b5598b7

SHA1
8ddff2be0d3196802e990f5d6c9eb785554f525a

SHA256
5fd82fb42f4526770754b3ba3e5224bdc8fb6acfa49c8b5f5510b1c697788afa

SHA512
29f2b447e31fee6ccbfa314e9444a4798a688b9ea33f27b0d8cb8a4b784ce1cf2e8b08954e726be77ea74b1b40d3bea509bc367c97832a5bff7651051bf16e53

Download Submit
\Windows\system\STDZpcX.exe

Filesize
5.9MB

MD5
2f5e418cf093627bb877ed26469f84ee

SHA1
790612d766b71d03d2d3d2757483c18cb4f8c882

SHA256
4f1c1ccbc903db741a8bcf1f9d92c351655de2fd0a1216120ba47080d975bd03

SHA512
73f080b7af7c63632777a897d943d43617bc56b8a954c2b5c15f74ae577e2292ca6f525eea5ef63e566225e6d83999ccd736f9f35b30592d7b8e56157bfe0225

Download Submit
\Windows\system\XTUmbck.exe

Filesize
5.9MB

MD5
b52a2c48fc10792902b3f0f5619d6b80

SHA1
39251195f0b51a1e0f6413e53862744951cef661

SHA256
89efea1f5d7db978d331e4e4375cb24a98072cdb0604f3d9494709a6267b82e4

SHA512
fc11549c32a01750084af6585e6bbc9f2a4f26158c346d05ac515399fd3fc6b33c05991b0e890b7acb2979ea4307d6adb214e5c06a8a61581d0b9ad628a45a91

Download Submit
\Windows\system\dJqqJqy.exe

Filesize
5.9MB

MD5
7223d32b8d251f74b91feab665460d8e

SHA1
140f20e7daa2bf458434a6a05d6e65674ae725bb

SHA256
fdcdf945e6f640bfd6b0126f269c8cfee9d412006a52445f895dda09e61138de

SHA512
27064c73f99ca357d3b492ff061f57234f894f2487ac670a1af3228f45027d332abf7f3161c565644660911325e8e8c96b33a4517fcad992eb935f42e64108af

Download Submit
\Windows\system\eENoxRi.exe

Filesize
5.9MB

MD5
0ef7f2f889f31d43231ea9788c2d140c

SHA1
dc9090f346616f237b34d34a3dceba7e9cd8f666

SHA256
e51192205e523031445cc9df6f60e634a7a6f1a04d28d4f6d8c7afe5d61e8e20

SHA512
32805ab062dbbd61ffce0a2b912e7811853e6eb5049fecc9e5a5cd29d2fda3d0d97a6b9c15419510e299747161be29df95928c6ad4ff6ef9be362a28e6e416cd

Download Submit
\Windows\system\hRwoiiK.exe

Filesize
5.9MB

MD5
0c6e0656fa25371106654162aace7f42

SHA1
e507604a2a44765fa2fd88d1ee775d167eef407d

SHA256
021dab1902a7a4b5e8c5e96d49f8b2ec7edc819ef418280e1b5e7b94b6ba5c1a

SHA512
da959d26d901052e3c1f3c8fdf57e27b8d3329e719f44bdb74e59d78072147d7a547a5b60cc1bbdcd909838b3fa875c44cdaee1bf8629bf7c8f97805b483c5fb

Download Submit
\Windows\system\nlhGBfT.exe

Filesize
5.9MB

MD5
73de0de4f66418367084c83565c8534b

SHA1
318834cb084282f170391850223efa9999515866

SHA256
5e9cf0fe69dff2787beed168fedd68ee72fb27facaf43f555f8b18023d749231

SHA512
d6c51d61db20fcf030fd5b567c10cc87934702495642e4f090814dcff960a504e3d5440657931863ccb219f15dcb776a875db1ddad276504e59374760f12730e

Download Submit
memory/332-135-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/332-31-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/332-142-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/840-97-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/840-14-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/840-140-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1344-110-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1344-137-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-113-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1344-112-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-111-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1344-0-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1344-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1344-136-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1344-27-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-21-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-12-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1344-39-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-81-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1344-103-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-34-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/1344-43-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1344-51-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1344-58-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-59-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1344-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1344-69-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2136-139-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2136-63-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2136-8-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2400-104-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-145-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-148-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2656-108-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2664-109-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2664-147-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2880-106-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-144-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-107-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2956-146-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3008-141-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/3008-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/3032-143-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/3032-105-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download