cobaltstrike | 749422a937a8cc1664d64ee7581550c952b55b73b6c54ce81c5264ceee10a963

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

7c2d9039386e17e2420393b5bcf60669
SHA1

62e50c7fc99c877973e2220bd5fb6b93fdb66f9f
SHA256

749422a937a8cc1664d64ee7581550c952b55b73b6c54ce81c5264ceee10a963
SHA512

2be5f15522a32083b2148e170514170199c6d1fd3bbbbf8f55e04652dd8192661ca7d52c7d6575ca0c60cdd6f9f83a31911bd8c114a721e57e0aaf5060a35a2e
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUr:j+R56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-17.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-95.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000017530-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-66.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral1/memory/1756-0-0x000000013F9C0000-0x000000013FD0D000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/memory/2732-18-0x000000013F920000-0x000000013FC6D000-memory.dmp	xmrig
behavioral1/files/0x00070000000186ca-11.dat	xmrig
behavioral1/files/0x0007000000018710-21.dat	xmrig
behavioral1/files/0x00070000000186d9-17.dat	xmrig
behavioral1/memory/2160-12-0x000000013FFD0000-0x000000014031D000-memory.dmp	xmrig
behavioral1/memory/2152-7-0x000000013F080000-0x000000013F3CD000-memory.dmp	xmrig
behavioral1/memory/2852-25-0x000000013FC40000-0x000000013FF8D000-memory.dmp	xmrig
behavioral1/memory/2840-31-0x000000013F400000-0x000000013F74D000-memory.dmp	xmrig
behavioral1/memory/3024-37-0x000000013F8C0000-0x000000013FC0D000-memory.dmp	xmrig
behavioral1/memory/2800-43-0x000000013FB90000-0x000000013FEDD000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-56.dat	xmrig
behavioral1/files/0x0005000000019667-77.dat	xmrig
behavioral1/memory/2476-85-0x000000013FE40000-0x000000014018D000-memory.dmp	xmrig
behavioral1/memory/1268-115-0x000000013F360000-0x000000013F6AD000-memory.dmp	xmrig
behavioral1/memory/2568-126-0x000000013F070000-0x000000013F3BD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cba-125.dat	xmrig
behavioral1/memory/2708-121-0x000000013F6E0000-0x000000013FA2D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c57-120.dat	xmrig
behavioral1/memory/2964-109-0x000000013F940000-0x000000013FC8D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-108.dat	xmrig
behavioral1/files/0x0005000000019c3e-113.dat	xmrig
behavioral1/memory/1148-103-0x000000013F6F0000-0x000000013FA3D000-memory.dmp	xmrig
behavioral1/memory/2084-97-0x000000013F4B0000-0x000000013F7FD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c34-101.dat	xmrig
behavioral1/files/0x0005000000019926-95.dat	xmrig
behavioral1/memory/2500-91-0x000000013F770000-0x000000013FABD000-memory.dmp	xmrig
behavioral1/files/0x0035000000017530-89.dat	xmrig
behavioral1/files/0x00050000000196a1-84.dat	xmrig
behavioral1/memory/1748-73-0x000000013FDD0000-0x000000014011D000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-71.dat	xmrig
behavioral1/memory/2688-61-0x000000013F0C0000-0x000000013F40D000-memory.dmp	xmrig
behavioral1/memory/2660-67-0x000000013F860000-0x000000013FBAD000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-66.dat	xmrig
behavioral1/memory/2776-55-0x000000013FF60000-0x00000001402AD000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-53.dat	xmrig
behavioral1/memory/2128-49-0x000000013F530000-0x000000013F87D000-memory.dmp	xmrig
behavioral1/files/0x0009000000018bf3-48.dat	xmrig
behavioral1/files/0x0007000000018b62-42.dat	xmrig
behavioral1/files/0x0006000000018780-35.dat	xmrig
behavioral1/files/0x0006000000018766-30.dat	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2152	InbLYPk.exe
2160	RAFXGyl.exe
2732	SyIaqmV.exe
2852	rSeVpEI.exe
2840	CuKdZzx.exe
3024	SYGJqUM.exe
2800	hsQpQlm.exe
2128	WOKXUWo.exe
2776	jMYEoqg.exe
2688	RBrSvEd.exe
2660	dAfaCXY.exe
1748	kyTpwHH.exe
2180	sXYFRmx.exe
2476	wpGoeOG.exe
2500	VPBnZwQ.exe
2084	FdEZjOJ.exe
1148	ELCOCYJ.exe
2964	kTEgMDw.exe
1268	PDccWlw.exe
2708	sMaFiUO.exe
2568	eRhyUfm.exe

Loads dropped DLL 21 IoCs

pid	Process
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\InbLYPk.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBrSvEd.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpGoeOG.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPBnZwQ.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELCOCYJ.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAFXGyl.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYGJqUM.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDccWlw.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMaFiUO.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyIaqmV.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSeVpEI.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOKXUWo.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMYEoqg.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FdEZjOJ.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTEgMDw.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRhyUfm.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuKdZzx.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsQpQlm.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAfaCXY.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyTpwHH.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXYFRmx.exe	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2152	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1756 wrote to memory of 2152	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1756 wrote to memory of 2152	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1756 wrote to memory of 2160	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 2160	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 2160	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1756 wrote to memory of 2732	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 2732	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 2732	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1756 wrote to memory of 2852	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 2852	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 2852	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1756 wrote to memory of 2840	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 2840	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 2840	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1756 wrote to memory of 3024	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 3024	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 3024	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1756 wrote to memory of 2800	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2800	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2800	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1756 wrote to memory of 2128	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2128	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2128	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1756 wrote to memory of 2776	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2776	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2776	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1756 wrote to memory of 2688	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2688	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2688	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1756 wrote to memory of 2660	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 2660	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 2660	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1756 wrote to memory of 1748	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 1748	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 1748	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1756 wrote to memory of 2180	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2180	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2180	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1756 wrote to memory of 2476	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 2476	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 2476	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1756 wrote to memory of 2500	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 2500	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 2500	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1756 wrote to memory of 2084	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 2084	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 2084	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1756 wrote to memory of 1148	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 1148	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 1148	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1756 wrote to memory of 2964	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 2964	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 2964	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1756 wrote to memory of 1268	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 1268	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 1268	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1756 wrote to memory of 2708	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 2708	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 2708	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1756 wrote to memory of 2568	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1756 wrote to memory of 2568	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1756 wrote to memory of 2568	1756	2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_7c2d9039386e17e2420393b5bcf60669_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\System\InbLYPk.exe
  C:\Windows\System\InbLYPk.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\RAFXGyl.exe
  C:\Windows\System\RAFXGyl.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\SyIaqmV.exe
  C:\Windows\System\SyIaqmV.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\rSeVpEI.exe
  C:\Windows\System\rSeVpEI.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\CuKdZzx.exe
  C:\Windows\System\CuKdZzx.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\SYGJqUM.exe
  C:\Windows\System\SYGJqUM.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\hsQpQlm.exe
  C:\Windows\System\hsQpQlm.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\WOKXUWo.exe
  C:\Windows\System\WOKXUWo.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jMYEoqg.exe
  C:\Windows\System\jMYEoqg.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\RBrSvEd.exe
  C:\Windows\System\RBrSvEd.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\dAfaCXY.exe
  C:\Windows\System\dAfaCXY.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\kyTpwHH.exe
  C:\Windows\System\kyTpwHH.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\sXYFRmx.exe
  C:\Windows\System\sXYFRmx.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\wpGoeOG.exe
  C:\Windows\System\wpGoeOG.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\VPBnZwQ.exe
  C:\Windows\System\VPBnZwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\FdEZjOJ.exe
  C:\Windows\System\FdEZjOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ELCOCYJ.exe
  C:\Windows\System\ELCOCYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\kTEgMDw.exe
  C:\Windows\System\kTEgMDw.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\PDccWlw.exe
  C:\Windows\System\PDccWlw.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\sMaFiUO.exe
  C:\Windows\System\sMaFiUO.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\eRhyUfm.exe
  C:\Windows\System\eRhyUfm.exe
  2⤵
  - Executes dropped EXE
  PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CuKdZzx.exe

Filesize
5.7MB

MD5
1e85f4a27a919da6bed155d941d667bb

SHA1
eadc036bcd66a69dc330390dfb3cd8e971ad7f21

SHA256
b60a44f67eee87a5be247c568c6f9ea2daf0cba0ed5308056cb6f9d5a44cd222

SHA512
c8513f756d78bb3a0eb3032e158b925f9b87692931bdb07934715d105ed2ecdee4d89e5ce30891d3811cfdae3121af0ec82a5d5d0f15afa4aed8bf9f1f877034

Download Submit
C:\Windows\system\ELCOCYJ.exe

Filesize
5.7MB

MD5
c0d27759252e24be31399b6bb6a4fada

SHA1
1e3961d8a5dccc7107d2af78cd47767375c69e92

SHA256
c8a57ab9134cbdfdea03947c0e5c4bcc556cd7f177fc0b95df5361e443a929b0

SHA512
5d71936f346d050b4608f2b76637d5fb83f30fdd61e9a71ea6622f59a85d978e726c8cc98a453a3c3b5df7050aca28b6944967cc4e13f6fb3c30fd915b5dd0b6

Download Submit
C:\Windows\system\FdEZjOJ.exe

Filesize
5.7MB

MD5
4f8ee6f8ff300ccc1407c7646dccaa89

SHA1
1dc12fcb36d288e1988f73ad684f11f845d187f1

SHA256
b9eb3f7f031b9c71ca57f65b2b416651e6b579208e1b1d7d3d9cfd9cd982c1f4

SHA512
fcc9255f5d4880f985f791ddb5afa162ec0fde8a91fbf1f68b9502da69bc2e93746392b4134b316be80f1e2abf6d344d96461bd749ac63b028340c8836b6f6c6

Download Submit
C:\Windows\system\InbLYPk.exe

Filesize
5.7MB

MD5
cd950505b9adb28db86d5bfce21eae92

SHA1
7e40686d6ac56a5a1f4a655cfdc97f38d02c35d6

SHA256
c546972e47d3b251ae0c25502722aa03c81d299745b40dbed487d082643ef20a

SHA512
f1dfb596109b160ed364d1634f1418105bb25ed06c473345b009a99c5cb3f50efa02f7fd1701be7afe95398002f774a6982a008aae33ef2b60845f131dc634f5

Download Submit
C:\Windows\system\PDccWlw.exe

Filesize
5.7MB

MD5
ac72cbdf389222c0598e09b2ecd046b3

SHA1
a684db4e90086566613e00a45bbc219e85e0f559

SHA256
ea210fccbad8e53390f8e8f5779be973a53d2319fa22d5df2ee2c9fd8aaf7ae9

SHA512
b63f78c489487c0d531be99f2a3b56279b0cd10f7e0f7fc0ffb655b58e7b528c324f54fbbc14117772f421ce9c4cd70d5eb2734253cb0067f2c359bcf1e2f9fe

Download Submit
C:\Windows\system\RAFXGyl.exe

Filesize
5.7MB

MD5
fdd427bdbc05784bfabc6ae7d0467a32

SHA1
6c661306cebf89b1fc740d0d0049b6acdc78984d

SHA256
99ab9fabf22334d6709b3b15e951f74a126000d033c42aac6fa42ef14366ed20

SHA512
9ded6b320ee8c38a702607c670e931d56106d123b1da65ce199f87c271cf07f9f11bf2f15ee366df90d31d1791231128ee90cd7ea8c4fd238c537f3369278fb6

Download Submit
C:\Windows\system\SYGJqUM.exe

Filesize
5.7MB

MD5
7eae5c31435773a3693c6dd3177b1839

SHA1
455150925e49d9a543d8394cb02b09b177aea971

SHA256
ccec4dd24fafcc70ef1707eefadfdcc3f5b9eb45cdc15c21e78cff04b278344d

SHA512
018bd2ba9c2789ae778f3ee33e4a1bbe86634c5197600d3516708f4b3bcba50d6993be1b0d0bdb98dd7f71e17a42c8af54bf5220a42f62277b3fc1b02e6d080d

Download Submit
C:\Windows\system\SyIaqmV.exe

Filesize
5.7MB

MD5
acbc333b1cdcc50d9c93180f8048d748

SHA1
0cf2eb51f2e6aa98d823e3142342d6335e9eb2f3

SHA256
a9a5a648b430e1354ef9d21dc477b281ba762a50b4280cc6d5c358051aa25bbd

SHA512
03fa39b50ed4e0b4e16cc85a3e43ee66fa1a51c59fb998f1e2f56ffcf05ffe3863d874c5ed097a6ed791a37295ba69338a0e10133e286ef48182b817be7b50c8

Download Submit
C:\Windows\system\VPBnZwQ.exe

Filesize
5.7MB

MD5
a2b6e44f6cda7fcc2c61dbc2fdcbfa46

SHA1
203d710f40dfa9b76334009d1103534fa60295ff

SHA256
d143a8a644cd39cc8311e1d8ea69111aa4c919f764ddc62e1be29bd703784bdd

SHA512
6abefeeaf527edbd7b6c850671a79e48272d7e78dfde32ae301c6000967a39b9aaca8758eafcd9a637bf9db67140d2cbad308c7df2167ebb9cfba06d032ab9aa

Download Submit
C:\Windows\system\WOKXUWo.exe

Filesize
5.7MB

MD5
2b0f336738f1eedd68fa245d81a39a0f

SHA1
25284831d1987569c814a712da6148ca830a0468

SHA256
4f5dbcfce3bc8a4293ffd527a42bee9f8c6e4669aaaf2a00071ef41b01aecb68

SHA512
ae5c9126c1f2daa5dcc12f96f04c2ba585daacdd4c5b0c7eb6772c824debf6c7960b67d5e7b2415f455355c869c6036dc37933343bac8da83c85adc0c70c38e9

Download Submit
C:\Windows\system\dAfaCXY.exe

Filesize
5.7MB

MD5
56c2388ac8323e2fdd055c2c867bca09

SHA1
3239526714d8bd8578bec670ee08fe11f00d2ee8

SHA256
1ff51c22ecb37b0d3cfd647bed0418fce59bcfdf88b94c333546cef5d33ce767

SHA512
de679d25509847641ea93b3ff9ded3fb5b7437adb5c32edf6ecd5d4b2f2b78e5fa534dbc7ace2b2bc2509830b11330170edc43d6f1f7f15988fb8da01794b65d

Download Submit
C:\Windows\system\eRhyUfm.exe

Filesize
5.7MB

MD5
f0c06902c1f1b6112e4db555e6b2ed01

SHA1
06d7b7b9e7e7e6ce029cebc6d0bbf5507f5af68e

SHA256
063413b41b3f6c653a4f549d36c7281021d688f71fce61527460f3573b4a9bfe

SHA512
cdd6e1ac97651da318d38d728831762d57e834d5f009c9cf3c288e64189c93a58a7e501b385deac0262940ee1684f3d8f03d6d27db6f1e33c07c5274c38bf90d

Download Submit
C:\Windows\system\hsQpQlm.exe

Filesize
5.7MB

MD5
52fa286df9275315b7b3eac0b6370b41

SHA1
ff59b5c3ca9835269fbb8666df9c26ef37b73a29

SHA256
0008e6ce3155221f25762961ff14acf892006f1f9ea7837ad88318d812b0e021

SHA512
dbc884fa2804564f5dc99005ab65a14004fff332772e56c8ce18a0fc9df9c77af6f9418f1371e5a692eda00972e6961178cb8e186467095b25f12e831e3b0fb8

Download Submit
C:\Windows\system\jMYEoqg.exe

Filesize
5.7MB

MD5
965a354cf8bdb5d27f6a53397510786c

SHA1
3dd2402d184ef1f5b6b489bfbdd4ad6ab589d419

SHA256
2a5bbffb6b51baf28486b127f2709a91b51cd81fdda4b131d28a537f8295d34f

SHA512
1468afd285037ec1783113e541bec7435a4c08a318cc1f26d567a94b1e893c20e43e33a445020ffaabdb950c81bd8848769401ab6026fa5b0f6d85e51c06e735

Download Submit
C:\Windows\system\kTEgMDw.exe

Filesize
5.7MB

MD5
2266d9085af8da03d0b4444bf78122d8

SHA1
be4b3c9684e4924184e67677abb1c3025dd1a333

SHA256
11e120432ed1794c653493b329291d0b07969362fd801507267b3ba0bfb2557c

SHA512
8e1fa27cd7a992525615b98671e06436e255adda470ca9e1c4aac287c02738f5e47ba9aa5d204b55c11f5527ae810df1c2c4afa71cc149604ccde9b86915d09f

Download Submit
C:\Windows\system\kyTpwHH.exe

Filesize
5.7MB

MD5
24580495c95673f8823e9d31a16a2f9c

SHA1
6846000f1e30fd1f96f2826fe595508ee5d31b2e

SHA256
6a60855eefe3808dc55001c45fa261a0e115e817f5d4ea33b8b7d4f7bbb9f6c4

SHA512
ef27896b332df93ac464c4fdd9e1d6c12257d5a9e2e75d436c2eea8a9e17a835ecce100cdbcdaa0d14e5d36d4cf6d28effd30d67242af0b0a491387399921cc1

Download Submit
C:\Windows\system\sMaFiUO.exe

Filesize
5.7MB

MD5
ed79a3946401b4f546f053738d469352

SHA1
4b124dfa3b0d6a529b6c924cda45b80627ab0600

SHA256
35489ad43d6535c333d958263ba257a2d7e9c9c2120cfa8b4fe430c99722ecc9

SHA512
14d566fc133fa85cf38391f783e59f8b96ffbdcd25798775ef41751ab4dc2782a17f9d2f194010c9876de30fc2adbe0096fe2f9e38239562077629c0ade3ab29

Download Submit
C:\Windows\system\sXYFRmx.exe

Filesize
5.7MB

MD5
26a3ddb44c836e4321c1d478dd3b1cf2

SHA1
a3aa8015b7ea8ff70454bd1f0b2b0a78fb462d8b

SHA256
830275726e6aadf7eaf80203f84cf3a071b814d40e527d4d43d5d8ab6b279a38

SHA512
e332564350cd9b262d23eecda5c493cdd9784c8f7cc790413cd67d7e078bf3900c1810647326be4093c88708016f37acb86660b6724ca1d86a68144eea2dd158

Download Submit
C:\Windows\system\wpGoeOG.exe

Filesize
5.7MB

MD5
0fbe09602103bc20b76c6e22215a36ac

SHA1
b5ae617e8f8abcf3161a51fc79b62e26587788dd

SHA256
66b68e09b4b411bbfe6547480101637c3796154871ab9938a50d94832023234b

SHA512
79186257982ad46fdedcac69e8efbb22407f8b90ab683ba4bb5726cab62ca2e716896508f235bbef938468c44c467e706f5c9730f4769fee4ac5fd196bfad20a

Download Submit
\Windows\system\RBrSvEd.exe

Filesize
5.7MB

MD5
dee6fede76211a1e29065fb22fcd044a

SHA1
dcb3deac1d362c4b10bb711c979a231129e1dae8

SHA256
2b64d4759cbc4b397bf0a3f5eb0de53225f71faa358e710064c3db890e077644

SHA512
2316b53748362974d62e153b06b260e9820987fb33c09ed2632f3c2a9d54a9306d7aa719277526ad594958a73e820b64c175bb040ef12471a65edbfe65ab5540

Download Submit
\Windows\system\rSeVpEI.exe

Filesize
5.7MB

MD5
30c2ad835e9a143366fbaeb3f4fbcaf2

SHA1
55fc23a46ba5c2e557157c29c7230fc36d0a8c4e

SHA256
a12cf62f97e7ccd70e76e78d4001311008573c8723e372b960c5b0e34e3c5b38

SHA512
b5964a6c4dd85a0814b01557a12b3e5efcefba9b4269f846a9180fce8ab8104c005949547c215f6d82cf49e818988a981f1a276eef09fdde13b324d209ce3877

Download Submit
memory/1148-103-0x000000013F6F0000-0x000000013FA3D000-memory.dmp

Filesize
3.3MB

Download
memory/1268-115-0x000000013F360000-0x000000013F6AD000-memory.dmp

Filesize
3.3MB

Download
memory/1748-73-0x000000013FDD0000-0x000000014011D000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1756-0-0x000000013F9C0000-0x000000013FD0D000-memory.dmp

Filesize
3.3MB

Download
memory/2084-97-0x000000013F4B0000-0x000000013F7FD000-memory.dmp

Filesize
3.3MB

Download
memory/2128-49-0x000000013F530000-0x000000013F87D000-memory.dmp

Filesize
3.3MB

Download
memory/2152-7-0x000000013F080000-0x000000013F3CD000-memory.dmp

Filesize
3.3MB

Download
memory/2160-12-0x000000013FFD0000-0x000000014031D000-memory.dmp

Filesize
3.3MB

Download
memory/2476-85-0x000000013FE40000-0x000000014018D000-memory.dmp

Filesize
3.3MB

Download
memory/2500-91-0x000000013F770000-0x000000013FABD000-memory.dmp

Filesize
3.3MB

Download
memory/2568-126-0x000000013F070000-0x000000013F3BD000-memory.dmp

Filesize
3.3MB

Download
memory/2660-67-0x000000013F860000-0x000000013FBAD000-memory.dmp

Filesize
3.3MB

Download
memory/2688-61-0x000000013F0C0000-0x000000013F40D000-memory.dmp

Filesize
3.3MB

Download
memory/2708-121-0x000000013F6E0000-0x000000013FA2D000-memory.dmp

Filesize
3.3MB

Download
memory/2732-18-0x000000013F920000-0x000000013FC6D000-memory.dmp

Filesize
3.3MB

Download
memory/2776-55-0x000000013FF60000-0x00000001402AD000-memory.dmp

Filesize
3.3MB

Download
memory/2800-43-0x000000013FB90000-0x000000013FEDD000-memory.dmp

Filesize
3.3MB

Download
memory/2840-31-0x000000013F400000-0x000000013F74D000-memory.dmp

Filesize
3.3MB

Download
memory/2852-25-0x000000013FC40000-0x000000013FF8D000-memory.dmp

Filesize
3.3MB

Download
memory/2964-109-0x000000013F940000-0x000000013FC8D000-memory.dmp

Filesize
3.3MB

Download
memory/3024-37-0x000000013F8C0000-0x000000013FC0D000-memory.dmp

Filesize
3.3MB

Download