cobaltstrike | 6427c602930905a8a5c4649b34f0c73a488a812a488581bdede18a9d5843f5e8

Analysis

max time kernel
142s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
Size

5.9MB
MD5

e987dd7bf4c7fd31d2ed7d00f5bb2fa4
SHA1

9664f94b72399b5bf7679ebd5f61a5b2f899d210
SHA256

6427c602930905a8a5c4649b34f0c73a488a812a488581bdede18a9d5843f5e8
SHA512

041588b3ffa3956d72cce634a7765d86edc57708c332d62cf8ec603e22de6ea908dd6b7f08791a2acd249309466c9b1f0fae301904c14e8620783a751e7fafab
SSDEEP

98304:demTLkNdfE0pZ3u56utgpPFotBER/mQ32lUz:E+b56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f96-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016009-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-40.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd0-72.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de4-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da7-48.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164db-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d58-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-94.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001613e-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2792-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000b000000012281-3.dat	xmrig
behavioral1/files/0x0008000000015ed2-15.dat	xmrig
behavioral1/files/0x0007000000015f96-14.dat	xmrig
behavioral1/files/0x0007000000016009-13.dat	xmrig
behavioral1/files/0x0007000000016210-40.dat	xmrig
behavioral1/files/0x000600000001746a-88.dat	xmrig
behavioral1/files/0x0006000000017400-80.dat	xmrig
behavioral1/files/0x0006000000016edb-76.dat	xmrig
behavioral1/files/0x0006000000016de8-74.dat	xmrig
behavioral1/files/0x0006000000016dd0-72.dat	xmrig
behavioral1/files/0x000600000001707c-70.dat	xmrig
behavioral1/files/0x0006000000016eb8-63.dat	xmrig
behavioral1/memory/2792-56-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de4-54.dat	xmrig
behavioral1/files/0x0006000000016da7-48.dat	xmrig
behavioral1/files/0x00090000000164db-47.dat	xmrig
behavioral1/files/0x0006000000016db5-45.dat	xmrig
behavioral1/files/0x0006000000016d58-38.dat	xmrig
behavioral1/memory/1548-115-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2856-114-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2792-112-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2412-111-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2256-110-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1004-109-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2016-104-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2612-103-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2792-101-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0006000000017488-100.dat	xmrig
behavioral1/memory/2684-99-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-95.dat	xmrig
behavioral1/files/0x00060000000173f3-94.dat	xmrig
behavioral1/memory/2748-85-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2704-34-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000700000001613e-26.dat	xmrig
behavioral1/memory/2696-24-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2792-133-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2696-136-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2704-138-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2856-137-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/1548-139-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2748-140-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2684-141-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2412-146-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2256-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1004-144-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2612-142-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2016-143-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2696	LACMFPL.exe
2856	godWPSF.exe
2704	ZBbSdzE.exe
2748	AxMscGm.exe
1548	gmaCQFS.exe
2684	Jhlnhvw.exe
2612	QeRPYPO.exe
2016	xwHqEql.exe
1004	gOVVWdJ.exe
2256	JrUXbxZ.exe
2412	JKAtkSr.exe
780	QjgwcpG.exe
2896	PWlRBgt.exe
2648	POWserQ.exe
1356	KunZcnd.exe
1868	HKNoHFS.exe
3008	KoFIUDX.exe
2264	FJOYBJm.exe
2088	rgWglit.exe
2772	ABEwvsj.exe
2944	uazBank.exe

Loads dropped DLL 21 IoCs

pid	Process
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2792-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000b000000012281-3.dat	upx
behavioral1/files/0x0008000000015ed2-15.dat	upx
behavioral1/files/0x0007000000015f96-14.dat	upx
behavioral1/files/0x0007000000016009-13.dat	upx
behavioral1/files/0x0007000000016210-40.dat	upx
behavioral1/files/0x000600000001746a-88.dat	upx
behavioral1/files/0x0006000000017400-80.dat	upx
behavioral1/files/0x0006000000016edb-76.dat	upx
behavioral1/files/0x0006000000016de8-74.dat	upx
behavioral1/files/0x0006000000016dd0-72.dat	upx
behavioral1/files/0x000600000001707c-70.dat	upx
behavioral1/files/0x0006000000016eb8-63.dat	upx
behavioral1/files/0x0006000000016de4-54.dat	upx
behavioral1/files/0x0006000000016da7-48.dat	upx
behavioral1/files/0x00090000000164db-47.dat	upx
behavioral1/files/0x0006000000016db5-45.dat	upx
behavioral1/files/0x0006000000016d58-38.dat	upx
behavioral1/memory/1548-115-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2856-114-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2412-111-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2256-110-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1004-109-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2016-104-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2612-103-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0006000000017488-100.dat	upx
behavioral1/memory/2684-99-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0006000000017403-95.dat	upx
behavioral1/files/0x00060000000173f3-94.dat	upx
behavioral1/memory/2748-85-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2704-34-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000700000001613e-26.dat	upx
behavioral1/memory/2696-24-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2792-133-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2696-136-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2704-138-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2856-137-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1548-139-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2748-140-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2684-141-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2412-146-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2256-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1004-144-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2612-142-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2016-143-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\xwHqEql.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\LACMFPL.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\ZBbSdzE.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\QeRPYPO.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\KoFIUDX.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\JrUXbxZ.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\rgWglit.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\PWlRBgt.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\godWPSF.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\gmaCQFS.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\Jhlnhvw.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\POWserQ.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\gOVVWdJ.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\JKAtkSr.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\uazBank.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\KunZcnd.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\AxMscGm.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\HKNoHFS.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\FJOYBJm.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\QjgwcpG.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
File created	C:\Windows\System\ABEwvsj.exe	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2696	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2696	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2696	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	32
PID 2792 wrote to memory of 2704	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	33
PID 2792 wrote to memory of 2704	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	33
PID 2792 wrote to memory of 2704	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	33
PID 2792 wrote to memory of 2856	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	34
PID 2792 wrote to memory of 2856	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	34
PID 2792 wrote to memory of 2856	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	34
PID 2792 wrote to memory of 2748	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	35
PID 2792 wrote to memory of 2748	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	35
PID 2792 wrote to memory of 2748	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	35
PID 2792 wrote to memory of 1548	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	36
PID 2792 wrote to memory of 1548	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	36
PID 2792 wrote to memory of 1548	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	36
PID 2792 wrote to memory of 2684	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	37
PID 2792 wrote to memory of 2684	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	37
PID 2792 wrote to memory of 2684	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	37
PID 2792 wrote to memory of 2612	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	38
PID 2792 wrote to memory of 2612	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	38
PID 2792 wrote to memory of 2612	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	38
PID 2792 wrote to memory of 2648	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	39
PID 2792 wrote to memory of 2648	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	39
PID 2792 wrote to memory of 2648	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	39
PID 2792 wrote to memory of 2016	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	40
PID 2792 wrote to memory of 2016	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	40
PID 2792 wrote to memory of 2016	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	40
PID 2792 wrote to memory of 1868	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	41
PID 2792 wrote to memory of 1868	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	41
PID 2792 wrote to memory of 1868	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	41
PID 2792 wrote to memory of 1004	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	42
PID 2792 wrote to memory of 1004	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	42
PID 2792 wrote to memory of 1004	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	42
PID 2792 wrote to memory of 3008	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	43
PID 2792 wrote to memory of 3008	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	43
PID 2792 wrote to memory of 3008	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	43
PID 2792 wrote to memory of 2256	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	44
PID 2792 wrote to memory of 2256	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	44
PID 2792 wrote to memory of 2256	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	44
PID 2792 wrote to memory of 2264	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	45
PID 2792 wrote to memory of 2264	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	45
PID 2792 wrote to memory of 2264	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	45
PID 2792 wrote to memory of 2412	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	46
PID 2792 wrote to memory of 2412	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	46
PID 2792 wrote to memory of 2412	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	46
PID 2792 wrote to memory of 2088	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	47
PID 2792 wrote to memory of 2088	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	47
PID 2792 wrote to memory of 2088	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	47
PID 2792 wrote to memory of 780	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	48
PID 2792 wrote to memory of 780	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	48
PID 2792 wrote to memory of 780	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	48
PID 2792 wrote to memory of 2772	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	49
PID 2792 wrote to memory of 2772	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	49
PID 2792 wrote to memory of 2772	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	49
PID 2792 wrote to memory of 2896	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	50
PID 2792 wrote to memory of 2896	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	50
PID 2792 wrote to memory of 2896	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	50
PID 2792 wrote to memory of 2944	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	51
PID 2792 wrote to memory of 2944	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	51
PID 2792 wrote to memory of 2944	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	51
PID 2792 wrote to memory of 1356	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	52
PID 2792 wrote to memory of 1356	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	52
PID 2792 wrote to memory of 1356	2792	e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe	52

C:\Users\Admin\AppData\Local\Temp\e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e987dd7bf4c7fd31d2ed7d00f5bb2fa4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\System\LACMFPL.exe
  C:\Windows\System\LACMFPL.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZBbSdzE.exe
  C:\Windows\System\ZBbSdzE.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\godWPSF.exe
  C:\Windows\System\godWPSF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\AxMscGm.exe
  C:\Windows\System\AxMscGm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\gmaCQFS.exe
  C:\Windows\System\gmaCQFS.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\Jhlnhvw.exe
  C:\Windows\System\Jhlnhvw.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\QeRPYPO.exe
  C:\Windows\System\QeRPYPO.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\POWserQ.exe
  C:\Windows\System\POWserQ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\xwHqEql.exe
  C:\Windows\System\xwHqEql.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\HKNoHFS.exe
  C:\Windows\System\HKNoHFS.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\gOVVWdJ.exe
  C:\Windows\System\gOVVWdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\KoFIUDX.exe
  C:\Windows\System\KoFIUDX.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\JrUXbxZ.exe
  C:\Windows\System\JrUXbxZ.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\FJOYBJm.exe
  C:\Windows\System\FJOYBJm.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\JKAtkSr.exe
  C:\Windows\System\JKAtkSr.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\rgWglit.exe
  C:\Windows\System\rgWglit.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\QjgwcpG.exe
  C:\Windows\System\QjgwcpG.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\ABEwvsj.exe
  C:\Windows\System\ABEwvsj.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PWlRBgt.exe
  C:\Windows\System\PWlRBgt.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\uazBank.exe
  C:\Windows\System\uazBank.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\KunZcnd.exe
  C:\Windows\System\KunZcnd.exe
  2⤵
  - Executes dropped EXE
  PID:1356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxMscGm.exe

Filesize
5.9MB

MD5
e9db5f5fe58e387a3b31fd96e883e9ce

SHA1
a2f63c8e16ac64636563202ae57b3fa171a5d245

SHA256
62de79f77631ee2d3d4ff078fd6d0d1d74b1a5a19425fadd964c23f92e4ab5ec

SHA512
24095295da23e8c8f8dbbc40e7a17b63921303b1cd88573e25cd1e4cef4606007ccbb76d4b00101be06e8da14116a4d7d00c60640dec34d712d552a36dddbda7

Download Submit
C:\Windows\system\JKAtkSr.exe

Filesize
5.9MB

MD5
dd91834e47626b49f700fa23841286d8

SHA1
991c6abcd4bb040a169f4f676fd08234980536c8

SHA256
caf3d95e3bbfad2f949e48bd9eedf942a42ce5509cf750f8146fd16fcefa3bae

SHA512
a8608e903b9c8751dfed4931eb4845ce843938a977ffd67d9470e74be1d83e63cfd91cd94fbdbbb26011c6fe677a25e5dc46edcf84a145cf54bbf9fd1574e69f

Download Submit
C:\Windows\system\Jhlnhvw.exe

Filesize
5.9MB

MD5
a5da8b028b39a6f75f2c9b8ceb452ac8

SHA1
fa4a4042cf8c3536f88f944a66fed9729d625662

SHA256
3a74c2d02564d2571fd7c69b2a199d04dd908a22163361dd8849220628670926

SHA512
8d330362cf614e85022b3ad45873642827c429011025a78bc8ba31aef500ebab493dbaf419a7a09ffdcfb7e7e8c89cbf9988f3db364ade5d8cc2352c998980fc

Download Submit
C:\Windows\system\JrUXbxZ.exe

Filesize
5.9MB

MD5
13601deb167cb5aa674cade39c3aa976

SHA1
5a46f093cba0c2bb288711f39fa1324b681308bb

SHA256
0e1079d4352f4c34084993634d8e01396cc918e022b31be7ad33c02e21e24757

SHA512
6922f4d9bf723c6fcf32be26ead7c8eca9fe9b23c21055f7a6351313b8a2ff03d5e3586e18665b8a49825850755546b1e6c4779a097df772bbc214716178cea1

Download Submit
C:\Windows\system\KunZcnd.exe

Filesize
5.9MB

MD5
76dc5e2f1b995e0fb5ff7d1f94895400

SHA1
3ead43c2b6da5711eca391ab37202443e4700c15

SHA256
903aa8480aa7389688ce8745f2181e06f171e0a93f47895f78c0f21c0fdabf59

SHA512
ffc0f123f456256d45a3e8c16887d43c7881f5ebe7b87b8f06e8edab9fb69ba02ed1e2a8b129bafec595ded53a10e9dd3c0f8b0e23a551823668a7543513745d

Download Submit
C:\Windows\system\PWlRBgt.exe

Filesize
5.9MB

MD5
2a0daa128885333e09bb880e129c5f1c

SHA1
5f11ab62838d41ae81f5bc017ab7d91c4a5a15f9

SHA256
680e1c790ccb6fb56e8ecb915d365b1dacc88d5270c0d735f67c67937f95aacc

SHA512
f2a668908a1d1718149d8085632dae13a229aa053031ea730d9d0d1e8f56ad85f7d7f14ec052551eca9b3a841973ad017fea9644eeb1acff8c63a2907232db94

Download Submit
C:\Windows\system\QeRPYPO.exe

Filesize
5.9MB

MD5
c489670fad4ad473b69faa44617ebb8a

SHA1
84340a8fa5ef222463cd55c8b7581bd82b0b3f0d

SHA256
bb069cdf5bb8028d5cdef0f45ad929ebbcb5779412e11ef81dcce223d3cc7e51

SHA512
aa0645fe5c7d85d86b763ed609c40288c6246b38f64606184bea88e0eb177f47224a281401588af31813eb251b2b3169e9526c9dd717fa211fbe8baa957604f8

Download Submit
C:\Windows\system\QjgwcpG.exe

Filesize
5.9MB

MD5
72d7245107c44ab7f29c86fa85b35902

SHA1
85d7a0b001e3aa660ef07079f6dcc99d9eca8f73

SHA256
96436683635665ce567719d43ed16d6263ac824fafc0ffccaf18a5b4c549a858

SHA512
92f05bd901486eb406484d504476efc140c559526b3b926ea6fd9c766f21aad0d0433f00c01e9be5e8508818c8ffa0e59297575eced93153d261706a63ee00eb

Download Submit
C:\Windows\system\ZBbSdzE.exe

Filesize
5.9MB

MD5
2b73aa2108b55a1e0cd4f52f1330641b

SHA1
a027e720febf4f2170244d0abb375b6eb5a24c15

SHA256
5934a6c9bed0b1e9937d0eac6709ecb2ff16d3aac132f8ade777b0761f6b4f32

SHA512
6b23ad452c4d89f5611d1300e2d96e09fb5a071e52508786ab78e0057edaae3aae7bc92d851789c391be799df4e43aae1b48553434b9f1217e4fc818cef74e41

Download Submit
C:\Windows\system\gOVVWdJ.exe

Filesize
5.9MB

MD5
be82080aeae2986ba7a1c80f73db248a

SHA1
5aac6a4f4058b85a2ff5d33dcf0d2b8212f6cbf0

SHA256
9dcc1ef3f68a61a519adfb33ec292cd04b342fe013b5ec72fc80d8a1387537e8

SHA512
5c04c4d9c6c28fbe4c224e6a9953ec94388398c1f504528905b07a62a0fe6bb0db69367a2c07ef907b4562d2030baaf39dd10922d031a0129eaed93a61f4c80b

Download Submit
C:\Windows\system\gmaCQFS.exe

Filesize
5.9MB

MD5
bd1a55f7eaa70e38e575b9f72329b4c0

SHA1
2d3343f8be99804e2cc436ccbf8bc4c347c2ee1b

SHA256
48c693dc278f5b4c308a599f028807c550aaf5b6956a95bca68f2d4e55cd1786

SHA512
9551fd9b661a4fa57988ac39501155220c8e9ed389a5ab206c7c1ddb7ee50bc7fe18a868c13a8254c3b6a47fd6bbc968619996c45c0deb3410042fa27988696c

Download Submit
C:\Windows\system\godWPSF.exe

Filesize
5.9MB

MD5
d77ef598a17d01d83c42580c0210ea47

SHA1
e2c31c640ee9741489bab5e5e1a405c5232ccf65

SHA256
c2e6ba34895975758238c5aadb07230f001b320d485e7ecaf5c9d99192d288b4

SHA512
87ad28b70abc7bfb4ddb57cff0a6ddfe1d19cd72888396feaf9534d37b87ca33641595b8474e280db0e2fad0b9325e48fff22391b4d6396e1e88d724390febeb

Download Submit
C:\Windows\system\xwHqEql.exe

Filesize
5.9MB

MD5
ce4ab5a2dfebfac9c56fbb25b5f8af21

SHA1
786628226894abc1ed8dba590bba61269906e1c5

SHA256
77be7cb4cda703c76774c4a396fca6c3f3db51412793f367f1f54fc6b057c15f

SHA512
bf0bece1b50e21e02d08c95c26d35daced728d656380991510046a2a61527737f8d265644d5289413858e96c191d25413cc2769534153d71174c5a05bdc59edc

Download Submit
\Windows\system\ABEwvsj.exe

Filesize
5.9MB

MD5
980f2cb652e6aa75d1882c961274e7ce

SHA1
b20f76f2eea3322a06cfac48c6eafc2ff7caa156

SHA256
8a10f331256847943f6fbf937903a7a505519bfe137212a244e87db271d235f1

SHA512
1a9095eeb4d82998012d88fd575a6c124b9bc28815b4a3bad3d88bf33757dfd042842948053e6fb3341d1f964ba493de057a5b4ae479eedc6bcabb99814760de

Download Submit
\Windows\system\FJOYBJm.exe

Filesize
5.9MB

MD5
e3efd299c2cc4baad9b1ac48fcd1642c

SHA1
b223b8e90e623a40f6534d3f13f5e6a50559b35d

SHA256
983a62f78cd7c9d283a56280253379ad60cd9edc9b06395eacd8a202f5602aaf

SHA512
7796ba4cce8dd5e85f424d08e6599ba9c58867a82c30552c77995f074692249ad80e8727db7cdb3f94f99f154bbd7a11174ddab5b7b7abdd95386408966791ef

Download Submit
\Windows\system\HKNoHFS.exe

Filesize
5.9MB

MD5
7f864da4db8b5620eb5d67d25a713d2e

SHA1
bba32a169c8ad427f03b4a5c2fd59aaecab612fb

SHA256
e963c679b753dc23da2cc88389d87dd8d80e1b4804e71f66a82b612db564c659

SHA512
60b9c046e195f33fc221304c31c9c7a849dbc97dc6347c1dc63b74acf6f1ee77dcd48d396594ee773fd51056337736f7eba82eec133a587e7c610607e4737dd3

Download Submit
\Windows\system\KoFIUDX.exe

Filesize
5.9MB

MD5
55309823532a3da36f789f14e36b0b21

SHA1
0cd3731b6da2ceaa98775091016856962731a4c6

SHA256
e3abf4a5b08d41e7ed96d532bdc005e2327ed71aaa2297bc6f3818e9fece2438

SHA512
b8ce540db9114ba9fc7be68b2660f4e56ca105ba227c86eb47e9ea090f6ee20faf5f2c0d08045f30ed912c55e8a0388415fe0204de1ecdd36aa04d3824fde5b5

Download Submit
\Windows\system\LACMFPL.exe

Filesize
5.9MB

MD5
d1b08f6ee00984f0a8214315f5570107

SHA1
a5d81e970c4882cdd3659997b4125be3d240b2c6

SHA256
7590a2731e332b18aa06b2678631d00f814720ebd7d09b215a3f2c2b59cf844b

SHA512
0ad35f18686a6705dbf05eb6644b8cd7e5b85a341a258906a2930c55c0b480417c790157fecc0aa73bdc3bc172f6e7353732b6f25af8c41061a9ad07cdc7d5cd

Download Submit
\Windows\system\POWserQ.exe

Filesize
5.9MB

MD5
4a917fe7a391e4e96ad4b3a98a4e0169

SHA1
10c3c77971b482028918aec376b1318bbfaca4a4

SHA256
f2adf62ceee2ceeb6649243de13ef7b82f287e08148eff70a8dab4d7392cb4d3

SHA512
de5e6961f284b2d3e01c7974b4285f0ee831a05db9f4606ab13ed5f59962291ee5ce36348d307d4eb77fa4bf025466de5da938c7c2314a751248a0646c81ecf9

Download Submit
\Windows\system\rgWglit.exe

Filesize
5.9MB

MD5
b21e8d1625e53afc73f5649502272223

SHA1
43c869920f41e9daee4d802f5917c322074ed8ea

SHA256
3a826f0e2c7044c32d8443abc5a8606ec643cc5cd925eb0cdf68cb2b1b1c22f9

SHA512
2e99de342c74851029088c1e02f6ced02a618fa6de9fd8943c65a619e2908c281ebea9961ade418a83aacd34ef5569324cc473d92b989302abf61cc7e50e7b67

Download Submit
\Windows\system\uazBank.exe

Filesize
5.9MB

MD5
c1a3216024a4954fb37c54ff92bed094

SHA1
775bfa9021e01d5b31247cd4e68858fdd1f8d002

SHA256
196c2e37e8c42ffe38a90c924f9a6be3f3c87cff0800b3199ba9c389dadbe6a3

SHA512
4e95519e5b5a8cbf0ea6a1bae0524cc75bf81d7620ab31277f9a76b6340ea6da68d85b96d397f732e47b16cb39892fd870ed7b11a0c69b43a399e0bd5426ec18

Download Submit
memory/1004-109-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-144-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-139-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-115-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-143-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2016-104-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2256-110-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2256-145-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2412-111-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-146-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-142-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-103-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-99-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2684-141-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2696-136-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-24-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-138-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2704-34-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2748-85-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-140-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-134-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-56-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-105-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-112-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-102-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-30-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-66-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-135-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-106-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2792-117-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2792-118-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-133-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2792-0-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2792-116-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-101-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2792-107-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2792-108-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2792-113-0x0000000002210000-0x0000000002564000-memory.dmp

Filesize
3.3MB

Download
memory/2792-12-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2856-137-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-114-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download