cobaltstrike | 67fe3542d2e6f742e1c3e541bd397485da0eb5e06700279cc7e9715a5c4a1a6a

Analysis

max time kernel
141s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

f2acf0ed7628ec37f9fc5cb5a45efa58
SHA1

8e4b3a363a2375f38e3750b1d5d4acd92db86862
SHA256

67fe3542d2e6f742e1c3e541bd397485da0eb5e06700279cc7e9715a5c4a1a6a
SHA512

29ac0a7a82cbb0b7ca2c6992ba0fb1825f1fd74b58e352500074bed48d750be731fd432cd335b01ee1ec2a5a21521afae15e976162d716a4f6bce180473b0be9
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUg:j+R56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 21 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707f-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174f8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016df8-28.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-31.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-82.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018683-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 42 IoCs

miner

resource	yara_rule
behavioral1/memory/2228-0-0x000000013F7F0000-0x000000013FB3D000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2520-7-0x000000013F960000-0x000000013FCAD000-memory.dmp	xmrig
behavioral1/files/0x000800000001707f-9.dat	xmrig
behavioral1/files/0x00080000000174b4-13.dat	xmrig
behavioral1/files/0x00080000000174f8-21.dat	xmrig
behavioral1/files/0x0034000000016df8-28.dat	xmrig
behavioral1/files/0x00070000000175f1-31.dat	xmrig
behavioral1/memory/2640-33-0x000000013F880000-0x000000013FBCD000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f7-38.dat	xmrig
behavioral1/memory/2416-50-0x000000013FDF0000-0x000000014013D000-memory.dmp	xmrig
behavioral1/memory/1068-71-0x000000013F140000-0x000000013F48D000-memory.dmp	xmrig
behavioral1/files/0x0007000000018706-56.dat	xmrig
behavioral1/memory/2912-78-0x000000013F0E0000-0x000000013F42D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019354-77.dat	xmrig
behavioral1/files/0x00050000000193cc-93.dat	xmrig
behavioral1/memory/2184-103-0x000000013F480000-0x000000013F7CD000-memory.dmp	xmrig
behavioral1/memory/480-115-0x000000013FD60000-0x00000001400AD000-memory.dmp	xmrig
behavioral1/memory/1320-126-0x000000013F350000-0x000000013F69D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019428-125.dat	xmrig
behavioral1/memory/2212-121-0x000000013F520000-0x000000013F86D000-memory.dmp	xmrig
behavioral1/files/0x0005000000019426-119.dat	xmrig
behavioral1/files/0x00050000000193f9-113.dat	xmrig
behavioral1/memory/2324-109-0x000000013FFB0000-0x00000001402FD000-memory.dmp	xmrig
behavioral1/files/0x00050000000193dc-107.dat	xmrig
behavioral1/files/0x00050000000193d0-101.dat	xmrig
behavioral1/memory/1440-97-0x000000013F820000-0x000000013FB6D000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-73.dat	xmrig
behavioral1/memory/2572-91-0x000000013FC80000-0x000000013FFCD000-memory.dmp	xmrig
behavioral1/memory/864-87-0x000000013FA10000-0x000000013FD5D000-memory.dmp	xmrig
behavioral1/memory/1048-84-0x000000013F9E0000-0x000000013FD2D000-memory.dmp	xmrig
behavioral1/memory/2900-64-0x000000013FDA0000-0x00000001400ED000-memory.dmp	xmrig
behavioral1/files/0x000500000001939f-82.dat	xmrig
behavioral1/memory/2524-45-0x000000013F5C0000-0x000000013F90D000-memory.dmp	xmrig
behavioral1/files/0x000e000000018683-44.dat	xmrig
behavioral1/files/0x0005000000019358-70.dat	xmrig
behavioral1/memory/2484-61-0x000000013F6A0000-0x000000013F9ED000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-59.dat	xmrig
behavioral1/files/0x0007000000018697-49.dat	xmrig
behavioral1/memory/2644-39-0x000000013FAE0000-0x000000013FE2D000-memory.dmp	xmrig
behavioral1/memory/2648-19-0x000000013F810000-0x000000013FB5D000-memory.dmp	xmrig
behavioral1/memory/2676-17-0x000000013F6F0000-0x000000013FA3D000-memory.dmp	xmrig

Executes dropped EXE 21 IoCs

pid	Process
2520	rNHdjCH.exe
2648	aSHdboh.exe
2676	PPxcdEB.exe
2544	aYitCXF.exe
2572	OHFRFNR.exe
2640	mpJwQpe.exe
2644	uYQtolh.exe
2524	CgzSkOP.exe
2416	WXhceoe.exe
2484	hVrIbGg.exe
2900	bvpBikQ.exe
1068	nnOvWGj.exe
2912	YtYqZbe.exe
1048	mJkGJik.exe
864	tDVDluk.exe
1440	WOXbFcF.exe
2184	ZcfeJGq.exe
2324	vbszmhu.exe
480	IZsxITJ.exe
2212	dCdLXYa.exe
1320	JRVMiYt.exe

Loads dropped DLL 21 IoCs

pid	Process
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\System\PPxcdEB.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uYQtolh.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtYqZbe.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcfeJGq.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rNHdjCH.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvpBikQ.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnOvWGj.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDVDluk.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbszmhu.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgzSkOP.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXhceoe.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZsxITJ.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRVMiYt.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHFRFNR.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYitCXF.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpJwQpe.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVrIbGg.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJkGJik.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOXbFcF.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCdLXYa.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSHdboh.exe	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
Token: SeLockMemoryPrivilege	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2520	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 2520	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 2520	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2228 wrote to memory of 2648	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2648	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2648	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2228 wrote to memory of 2676	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2676	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2676	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2228 wrote to memory of 2544	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2544	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2544	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2228 wrote to memory of 2572	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2572	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2572	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2228 wrote to memory of 2640	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2640	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2640	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2228 wrote to memory of 2644	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2644	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2644	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2228 wrote to memory of 2524	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2524	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2524	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2228 wrote to memory of 2416	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2416	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2416	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2228 wrote to memory of 2484	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2484	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2484	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2228 wrote to memory of 2900	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2900	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2900	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2228 wrote to memory of 2912	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2912	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 2912	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2228 wrote to memory of 1068	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 1068	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 1068	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2228 wrote to memory of 864	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 864	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 864	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2228 wrote to memory of 1048	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1048	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1048	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2228 wrote to memory of 1440	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 1440	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 1440	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2228 wrote to memory of 2184	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2184	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2184	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2228 wrote to memory of 2324	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2324	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 2324	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2228 wrote to memory of 480	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 480	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 480	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2228 wrote to memory of 2212	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2212	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 2212	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2228 wrote to memory of 1320	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 1320	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2228 wrote to memory of 1320	2228	2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_f2acf0ed7628ec37f9fc5cb5a45efa58_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\System\rNHdjCH.exe
  C:\Windows\System\rNHdjCH.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\aSHdboh.exe
  C:\Windows\System\aSHdboh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\PPxcdEB.exe
  C:\Windows\System\PPxcdEB.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\aYitCXF.exe
  C:\Windows\System\aYitCXF.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\OHFRFNR.exe
  C:\Windows\System\OHFRFNR.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\mpJwQpe.exe
  C:\Windows\System\mpJwQpe.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\uYQtolh.exe
  C:\Windows\System\uYQtolh.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\CgzSkOP.exe
  C:\Windows\System\CgzSkOP.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\WXhceoe.exe
  C:\Windows\System\WXhceoe.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\hVrIbGg.exe
  C:\Windows\System\hVrIbGg.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\bvpBikQ.exe
  C:\Windows\System\bvpBikQ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\YtYqZbe.exe
  C:\Windows\System\YtYqZbe.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\nnOvWGj.exe
  C:\Windows\System\nnOvWGj.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\tDVDluk.exe
  C:\Windows\System\tDVDluk.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\mJkGJik.exe
  C:\Windows\System\mJkGJik.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\WOXbFcF.exe
  C:\Windows\System\WOXbFcF.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ZcfeJGq.exe
  C:\Windows\System\ZcfeJGq.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\vbszmhu.exe
  C:\Windows\System\vbszmhu.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\IZsxITJ.exe
  C:\Windows\System\IZsxITJ.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\dCdLXYa.exe
  C:\Windows\System\dCdLXYa.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\JRVMiYt.exe
  C:\Windows\System\JRVMiYt.exe
  2⤵
  - Executes dropped EXE
  PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CgzSkOP.exe

Filesize
5.7MB

MD5
31a0206dc44720571878580718cc71f1

SHA1
7a182dd0f606a42545083cc24feef27d133fd52b

SHA256
dc88f3875ace561147725fec1cd17625d000747c7b510b534fc45817ca3efe49

SHA512
7211be2861bb473df371a3e3bc789a348dbadeae583757022c2133008ba2e123b5aa6dc0e03cbab388401496c63ed20b8a23a75ec4aded035e3a08cf22cfec6d

Download Submit
C:\Windows\system\IZsxITJ.exe

Filesize
5.7MB

MD5
846646d69a74f95ca921146facf7f2fc

SHA1
03cdd52ede5eef66f9cf96b83ee3c3ecafe76b36

SHA256
fcb1412e9ff0f1af0ebeaf82ebc9bc8033454358f0790e6f39d6f7cbcd97fffb

SHA512
244bef99b0df5eef730a9d0e36e02f43e64ddca5566a080063528073813dcf6faa12e40029dd75126f95d6866923d94671b25d54d36901ab62c368b45be8cc75

Download Submit
C:\Windows\system\JRVMiYt.exe

Filesize
5.7MB

MD5
bf5fae010bb94ab47f49e21141d4d695

SHA1
c638711d354117d0bc4c482d0fa9f59ea3cc8ef9

SHA256
28ecd1500a60c5ac76bb4d3a98f69b5cbbb3e13f04dc8fcd71802c2235318a71

SHA512
dc50f269fa7ae012fcd866824f47a4b759db2e34c11eecd0339675c9ef02950b0f2e46a17575ed237da7fee66974739555bc408f392af0362394a02442b955fb

Download Submit
C:\Windows\system\OHFRFNR.exe

Filesize
5.7MB

MD5
a4ebaccd76d87ce482874999154b81f8

SHA1
88563b4c2293a2ffb1354a186d49ef9e3dc649a9

SHA256
88ce0a966dbc259b68ea7c5d4ed590b5b16f433354381be3e59d8f38cc3528cc

SHA512
d583a56f1fe97b6b4309ccf766a6c795bd7b60a90ec9386ec3446051da8311d78f7cfec21553336c602d98c6fde03d1dd8b26ee8f732f6ef943bb8ee362beae0

Download Submit
C:\Windows\system\WXhceoe.exe

Filesize
5.7MB

MD5
4283099fabcf257e52e73525780fb3e2

SHA1
de8206334543d59baaee77de8fe9c22d4ae89dc5

SHA256
ffc6f9b5c19448b28c0baa4ded81b9602762af473341cc67dc5fd68d5a365e86

SHA512
11df1d523afc31bbad1791d531f27aadb2b11f322a9732ea3258159aa5e39af3c3f26814e812d1ee319b0cfc78850ebd969f827ad43ffb09764e47396aa6538e

Download Submit
C:\Windows\system\YtYqZbe.exe

Filesize
5.7MB

MD5
14781eb65ccf11b83c4013c953a46f50

SHA1
003e5478a2a147b07884060f6bec3328a3e56312

SHA256
c21b13e22478ba2def60ddb754a795be69e65b38e28a0073c09c624f4d08e04b

SHA512
5293cb067eb1596ec6784ca36004ccd89e738e6dec5556763ff7703133ddcdf57c6e8e1f50fddcaf96bbe84982b53d57a5ada947241b33156539267f76eb5c24

Download Submit
C:\Windows\system\ZcfeJGq.exe

Filesize
5.7MB

MD5
db8834392ae20a9d37866269cf5acd1a

SHA1
82b03b87d206d3c92b8b27e4bae347c965d95bbb

SHA256
58f5b93771646d50b5412ec054e7abedd0f57e729269d79840fffe52285dc54d

SHA512
237ff50395d0ed2eb460dabf825ac885c4ab6a31b03b1d2fab2f4e6058acf0fa9aae579339acb57de72fc70d6cb44d552613eb6adf05771020f8542b82e7c666

Download Submit
C:\Windows\system\bvpBikQ.exe

Filesize
5.7MB

MD5
780e2036629f3d97b1b30e8f40565172

SHA1
710e03868dd02b0d53552dbf134a57027baa870b

SHA256
15a0e3e1d20b452c942131fde34d80c875bea1a0bac6ade56fb727b44d38dc4b

SHA512
226a068e67d3fe0d495b444a7ff241c04a19da4f4fcf96e8d93f43437358b34d77de2c25112ace7b00532bacf5629f5a83b15476ed8c81302440ffb16ca2279a

Download Submit
C:\Windows\system\dCdLXYa.exe

Filesize
5.7MB

MD5
45c9bc42d071bc7f71ba5f883cdb36d6

SHA1
39827c026c3704c4099d35f13d0e52300e2cd073

SHA256
49a5ae806d439a64c08ef85c1200ce50ff648609fde73b1d8ebe239764d29e74

SHA512
8d23af2b4209668ab94a9be506b3cbc6311233d09abadc0b09d07b41a2b9bb55b9929f237a0931b1d2d99ee034a7a9184b73e4809ab361ad9753036a95a0fcd1

Download Submit
C:\Windows\system\hVrIbGg.exe

Filesize
5.7MB

MD5
77fc1c572967d97fd4e4a3596903b960

SHA1
4bb0de14345e3c17bc4cda0393c321b18e90ac67

SHA256
5e3c757c4bfbc0afc98bd871ff95df57eb40fd0d1dc184d1904c6ac0274e7e36

SHA512
4a126b09193c4474e2afd7f007644b04082aa95a76c1e90701ce187dc91f0b076b80337bcc79bea32c6fc27d3f67fb9a2ce152fc28ebf603d0c91f90634797c0

Download Submit
C:\Windows\system\mJkGJik.exe

Filesize
5.7MB

MD5
1a34953551d7ac29948962250b2f715d

SHA1
c0a0bb51ea9b9f4b7586a530cfabd3e080fb023e

SHA256
ee778be1bc3188cb0e905d5e0d0e7a1de78e11733faf539aeba16e19cc67f852

SHA512
6a4fc500b10568f03bb9ac27bb1ca99126564d209b2519ab7d1bee275964a704696b50ce4dba9911eb0f4621bf0358bb615ee496202c0f4c4a82e22c6395441b

Download Submit
C:\Windows\system\mpJwQpe.exe

Filesize
5.7MB

MD5
ad07cf3d9b962ce1fce7066ac490eca4

SHA1
387bd8b246ed11f67adcaf26286e3fab916eb634

SHA256
2bb92ac3589fcefb7258e9579b0bd899be2cfe26e664b1976949f418cec7963a

SHA512
25680c87555219037fd6f399a598f8bc47442683ff995056b79bb1979444d80b993c23fb0f291f74214da81630a9c1dd25e03db08c8d36922ccd6af87955f548

Download Submit
C:\Windows\system\nnOvWGj.exe

Filesize
5.7MB

MD5
e38a13a61897ec65b6b2adca6039ab92

SHA1
475b134528182c919fa88e94334b29c632530a10

SHA256
dab68607fd8131b84b367eb30bef8c7104e84a2c2cefbcc83ccaff2dd3833240

SHA512
bafc76b64da1d6d0c0b0f6cdbc449c126aba90470891257973d9e5a98bb97c5c9e1445b38fada6c2990c7de9954e0db4f43a790296a3da504ec6323ed6e48022

Download Submit
C:\Windows\system\uYQtolh.exe

Filesize
5.7MB

MD5
daff1571570e47a660e942c9cba90807

SHA1
6a5584e250de66a50ee3cd79bb4013c86b5e7dc3

SHA256
e24923b4a8136afb2ed31479842ba2004f8396f1a1d2b0111a546583466fb97c

SHA512
af493dd9b1aa21836f0f9daac932352ef6edff04819d715ea7967a13a33bf809a388d4ca20a3ae30c73b0b940d2abb14c06f891660c4a5c22175b33bcb1d1b96

Download Submit
C:\Windows\system\vbszmhu.exe

Filesize
5.7MB

MD5
04b5a79d2d6b4aa7ba0c0469562a6be1

SHA1
b1998ec945f013920fecb4c708e4110134f2d0c5

SHA256
0e5515db3ae1e9e8c4206c03ffd3fedbc0ec3fec98b1a9421fa2818a38e933af

SHA512
64c0b18e76065ed4c18716c68872932b313a5f2c8dd490f6740945d87ed3829521bed007fff61d853d05f379e401c0d3312d9ad9ee2ec9e2c297bb523b5c008e

Download Submit
\Windows\system\PPxcdEB.exe

Filesize
5.7MB

MD5
dfea10557bdaf73b8dd5b5df40b6bee1

SHA1
ec2b3238414498100436f3bc87e1e4980bde0d9e

SHA256
d348af5e4e19ef9de1f498402d4374a3c90bff9190bc8b4f67f46e7a63c7dc6e

SHA512
d0364627ba8b39cba4e307bb17eb8b01e56c46939c385d8429b997622cf60e6e06ab84f1ff43093013aa7da83c7d73582b49570d5895732a79cdade277ebf1d4

Download Submit
\Windows\system\WOXbFcF.exe

Filesize
5.7MB

MD5
4d93bfda1ea205e67ebe25e11dc337db

SHA1
21556343eb9195742476efc837519e3b8b1edbed

SHA256
85ddd75c8b30d82273d0426980d272f83e18699882f94ffdaba50baf0d612fad

SHA512
5207842f7b2f782822aa97857fd83be8a6660186c50ee61db9d36dfa87374286c73595fb66a037280c0a8fc6a41a1e430518064836af32f8383bcf1f8a62a362

Download Submit
\Windows\system\aSHdboh.exe

Filesize
5.7MB

MD5
eb7942beec900a85b72a92ecd7d0c45f

SHA1
ec4b66985c341701b57c1f0d67e9d4e2680b7045

SHA256
23012d712fa30d6a9f53556005a73c46c6d6b8ee331ca2e9514e31e41054e067

SHA512
701cdccac989d4be94b7398c5a5006e964671972d9588431659af8dc14c0366350211e968fed1609d8fd745442a734cc70ef5c0a44d27f33d61bb593294c394f

Download Submit
\Windows\system\aYitCXF.exe

Filesize
5.7MB

MD5
db3cb5dec536badb2e8444b87398d1fb

SHA1
b2f09f9dfea86d8ca838ddef5930202406f31749

SHA256
3b6881cef3c0f054ca4574dfad83164466afc2c3191cbbb8d1d14e6db3c6cdca

SHA512
2df65afdf885d4b35403f398a7a1fbb36584439f68619e9d3875e4fee956de1feccae35095acc6514409457ede95c6ad5819190cec6dbba422d7a641fb4b7a2c

Download Submit
\Windows\system\rNHdjCH.exe

Filesize
5.7MB

MD5
b2dd7ca00b98f55f1e9d7882919742f4

SHA1
90b4980ebe59b9b21d3976456d7b12ea5712f1a7

SHA256
9c2288930dcf64106c2a4abd1d25d13eea8c5b1c7314a5afb4e1f907f54e42c0

SHA512
3351e8fe9db39660d7ddf1152bcef9785a06e1e6bdf7e68d8bf4f879bd9f40f24597839b6fee277eb2abaa10391d4c2e20812ad0a9cbe2b73e135eda7f8bfc31

Download Submit
\Windows\system\tDVDluk.exe

Filesize
5.7MB

MD5
b3361b7811683ad8191a7ca57bc07ad3

SHA1
57bacb02dd536d10f35f0c302d50f26c4d20a3e7

SHA256
ff1b14711deb489b17dbc0f38fb9cb7165df5c37bc52deed410c12ddf5c222d0

SHA512
db419b9e829d2438a97c9632384200872928a7ec975179004a3dbdafaadb657f3e7e26cc943d286325ce5b169ada94a19b46172dc4e59c35f64b92de9a24c950

Download Submit
memory/480-115-0x000000013FD60000-0x00000001400AD000-memory.dmp

Filesize
3.3MB

Download
memory/864-87-0x000000013FA10000-0x000000013FD5D000-memory.dmp

Filesize
3.3MB

Download
memory/1048-84-0x000000013F9E0000-0x000000013FD2D000-memory.dmp

Filesize
3.3MB

Download
memory/1068-71-0x000000013F140000-0x000000013F48D000-memory.dmp

Filesize
3.3MB

Download
memory/1320-126-0x000000013F350000-0x000000013F69D000-memory.dmp

Filesize
3.3MB

Download
memory/1440-97-0x000000013F820000-0x000000013FB6D000-memory.dmp

Filesize
3.3MB

Download
memory/2184-103-0x000000013F480000-0x000000013F7CD000-memory.dmp

Filesize
3.3MB

Download
memory/2212-121-0x000000013F520000-0x000000013F86D000-memory.dmp

Filesize
3.3MB

Download
memory/2228-0-0x000000013F7F0000-0x000000013FB3D000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2324-109-0x000000013FFB0000-0x00000001402FD000-memory.dmp

Filesize
3.3MB

Download
memory/2416-50-0x000000013FDF0000-0x000000014013D000-memory.dmp

Filesize
3.3MB

Download
memory/2484-61-0x000000013F6A0000-0x000000013F9ED000-memory.dmp

Filesize
3.3MB

Download
memory/2520-7-0x000000013F960000-0x000000013FCAD000-memory.dmp

Filesize
3.3MB

Download
memory/2524-45-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/2572-91-0x000000013FC80000-0x000000013FFCD000-memory.dmp

Filesize
3.3MB

Download
memory/2640-33-0x000000013F880000-0x000000013FBCD000-memory.dmp

Filesize
3.3MB

Download
memory/2644-39-0x000000013FAE0000-0x000000013FE2D000-memory.dmp

Filesize
3.3MB

Download
memory/2648-19-0x000000013F810000-0x000000013FB5D000-memory.dmp

Filesize
3.3MB

Download
memory/2676-17-0x000000013F6F0000-0x000000013FA3D000-memory.dmp

Filesize
3.3MB

Download
memory/2900-64-0x000000013FDA0000-0x00000001400ED000-memory.dmp

Filesize
3.3MB

Download
memory/2912-78-0x000000013F0E0000-0x000000013F42D000-memory.dmp

Filesize
3.3MB

Download