Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 21:53

General

  • Target

    2024-05-29_4ed14aa33be29e505773e2372d9ccd80_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    4ed14aa33be29e505773e2372d9ccd80

  • SHA1

    63d72d751a4aa53f432c84a9bf55e8f91ee4fdea

  • SHA256

    19bbbabaca818038443d32fd552ce2d3f523fd9cae3c8d06606e679b40843301

  • SHA512

    aead0f83f1dd55d3893475e359031008803fe335debdbd8230a188167bada2fa9b568fc82289e12c12a53ea4a11650987f67b18f2c3318683c5f9d74ffe1a699

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l2:RWWBibf56utgpPFotBER/mQ32lUa

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 48 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_4ed14aa33be29e505773e2372d9ccd80_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_4ed14aa33be29e505773e2372d9ccd80_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Windows\System\NKMUSKR.exe
      C:\Windows\System\NKMUSKR.exe
      2⤵
      • Executes dropped EXE
      PID:1000
    • C:\Windows\System\dhQgAJV.exe
      C:\Windows\System\dhQgAJV.exe
      2⤵
      • Executes dropped EXE
      PID:404
    • C:\Windows\System\hIyPTPS.exe
      C:\Windows\System\hIyPTPS.exe
      2⤵
      • Executes dropped EXE
      PID:3932
    • C:\Windows\System\MqneBPp.exe
      C:\Windows\System\MqneBPp.exe
      2⤵
      • Executes dropped EXE
      PID:2688
    • C:\Windows\System\bEPLJlY.exe
      C:\Windows\System\bEPLJlY.exe
      2⤵
      • Executes dropped EXE
      PID:3040
    • C:\Windows\System\FfDyjZg.exe
      C:\Windows\System\FfDyjZg.exe
      2⤵
      • Executes dropped EXE
      PID:3928
    • C:\Windows\System\KlZtdXJ.exe
      C:\Windows\System\KlZtdXJ.exe
      2⤵
      • Executes dropped EXE
      PID:4388
    • C:\Windows\System\XGuEQik.exe
      C:\Windows\System\XGuEQik.exe
      2⤵
      • Executes dropped EXE
      PID:3516
    • C:\Windows\System\nSxgCdm.exe
      C:\Windows\System\nSxgCdm.exe
      2⤵
      • Executes dropped EXE
      PID:2776
    • C:\Windows\System\OilOVHm.exe
      C:\Windows\System\OilOVHm.exe
      2⤵
      • Executes dropped EXE
      PID:3748
    • C:\Windows\System\HWWpxgU.exe
      C:\Windows\System\HWWpxgU.exe
      2⤵
      • Executes dropped EXE
      PID:432
    • C:\Windows\System\LgJdXII.exe
      C:\Windows\System\LgJdXII.exe
      2⤵
      • Executes dropped EXE
      PID:3380
    • C:\Windows\System\cwsmGeS.exe
      C:\Windows\System\cwsmGeS.exe
      2⤵
      • Executes dropped EXE
      PID:724
    • C:\Windows\System\oydfXNO.exe
      C:\Windows\System\oydfXNO.exe
      2⤵
      • Executes dropped EXE
      PID:4516
    • C:\Windows\System\olsvaQO.exe
      C:\Windows\System\olsvaQO.exe
      2⤵
      • Executes dropped EXE
      PID:4976
    • C:\Windows\System\yWVOWnl.exe
      C:\Windows\System\yWVOWnl.exe
      2⤵
      • Executes dropped EXE
      PID:2316
    • C:\Windows\System\PaFyYmZ.exe
      C:\Windows\System\PaFyYmZ.exe
      2⤵
      • Executes dropped EXE
      PID:2128
    • C:\Windows\System\JZgVbrE.exe
      C:\Windows\System\JZgVbrE.exe
      2⤵
      • Executes dropped EXE
      PID:428
    • C:\Windows\System\kqAyAqh.exe
      C:\Windows\System\kqAyAqh.exe
      2⤵
      • Executes dropped EXE
      PID:452
    • C:\Windows\System\XskEfEe.exe
      C:\Windows\System\XskEfEe.exe
      2⤵
      • Executes dropped EXE
      PID:4912
    • C:\Windows\System\GONqUVV.exe
      C:\Windows\System\GONqUVV.exe
      2⤵
      • Executes dropped EXE
      PID:1556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\FfDyjZg.exe

    Filesize

    5.2MB

    MD5

    991cb4380e96d5e3a2db7a281ed2ac59

    SHA1

    cac68e097f41bb1003dc75b2155da6b4b987a2a4

    SHA256

    d1ff06cfabe403d5ad7c1f0a45ff4f2734a17e7970a255417a7612af23c44a1d

    SHA512

    2350bc36b0689be4ac36a20fd5fb69acf2ed6106f89f08b107f600007bec8f7b62f60a041157832aa55ef4e58e8f96f250e00b095ad4d78126a81226feee78eb

  • C:\Windows\System\GONqUVV.exe

    Filesize

    5.2MB

    MD5

    ac8224f710d2e3dd602766b144c9f75b

    SHA1

    714e51b6d18fe996832d03928917d9accca0d872

    SHA256

    2a5ccb68af1b165123fe8a75c41ad810b861f38141958c219891d5a55d2af341

    SHA512

    146aae6d0b2fab4426d0740e12508cb0ac6e816d38fe0459715c2ac4e4425b4369c4435cb7d000a231b952a529c728050e1173ef1a4b0c97a3169c356dbf9801

  • C:\Windows\System\HWWpxgU.exe

    Filesize

    5.2MB

    MD5

    5b78d9eb67ebf4cf497c1985a81568ee

    SHA1

    b084c23d2685a6d822d9a388ad4270928b3b454c

    SHA256

    cd5aab9d1b6cf3bfa71d00b89ea00faa5e232bb52d7e181efd210ef85025410b

    SHA512

    64edb5e2e2d8f2f4b80bd90b62e09e254b2f11b357994ac9b03b313f0c1ca6d75cf3a976007e19bb54fde8d3328c126ce6cb30d6ac3d62d026b19bc15dfd6b9c

  • C:\Windows\System\JZgVbrE.exe

    Filesize

    5.2MB

    MD5

    b5e23ae3aecafef664196e61795f3137

    SHA1

    f47e86ab57b049223f2bc4aa7b888e400936d77f

    SHA256

    cfc32e9580b024b04cfb8a8db275e75375b5bb9b901e7f7a7b466ea1d60abe2c

    SHA512

    5d9f59242522ccd06aeb1342c8851102434097dd8703ac18236052d23d2385096f06479564515da5434c3bb13a8188b267ba7bf9f83bd91a3ab9d6ec41b44c3b

  • C:\Windows\System\KlZtdXJ.exe

    Filesize

    5.2MB

    MD5

    72958c9c4305a8a1fac28fb766ae46d2

    SHA1

    25872ae05594d283299904067da0cb1b9151439c

    SHA256

    c38947899786c840074edb731e25f580caf2d9572a8a3f6d6e5b4ac7a74f571a

    SHA512

    1443017f229f0909c04b56cd609e10cd0d261f3f7763348699c9027b9bf431c3864d966d8b84e128b38e0c72825b7b91fe4c6543565d63aa9456ffe3d4aff3cb

  • C:\Windows\System\LgJdXII.exe

    Filesize

    5.2MB

    MD5

    8caf65d3d25a01cee8670480b575e406

    SHA1

    dd87728d138142cdb67b5f4ac4f5a692573f1148

    SHA256

    e2202db27441039d1012ff7e90365773f9fa6191a250ffe86f79c0c261803ba6

    SHA512

    146f19bcbc1d01874dd4c323455260a5a88854340d592609a8a972600e1ca91897be2fdde4b5e64fc9164d281fb2f3e95bc66e217396869816fd7c10a113d95d

  • C:\Windows\System\MqneBPp.exe

    Filesize

    5.2MB

    MD5

    32d3a9da77e52b10137d85ebb6cd813c

    SHA1

    ade0b2b6d52a5e97458cf3017ea8c510a9255fd7

    SHA256

    880df22c3176b1121746a6b46a70c95b513db622aba21faddbde71021804511c

    SHA512

    e6e38a802da15a0fc02b67f97c75c4042dcaccb5a0ed594f741ea751733c4179c0ce9565c4b8588733c56c1667ef8a9014de2909dab3cb18f00a333d860a17e1

  • C:\Windows\System\NKMUSKR.exe

    Filesize

    5.2MB

    MD5

    9b14219226907e53abe84d4ad6a3788b

    SHA1

    4e890d5f24f751e471aeb4e694ca814a5b3a8314

    SHA256

    33ed1d71c382ad9d81ae9c3db5f9a7ce9ca2093f3211e6c33785cf4c0a9fef14

    SHA512

    7b63455902b738c7b1be8acd977c2aa0c4eb3fb7fda4bd6c3772cafeea3f7223d4bb1b483f91d0cea8b9ca2fd8e87ae3faa783648a5243aae69221caa8108118

  • C:\Windows\System\OilOVHm.exe

    Filesize

    5.2MB

    MD5

    6345fec7acd13220d21cacc4ea34bdd7

    SHA1

    5bb5c808504cc59d5060dae1f8290cbbea7c3e55

    SHA256

    37b50e7adc120b3890f53bbbd68302c8e68b5ac5a3def1ce8511de95e602a3bb

    SHA512

    2359701835230332b9a609881d48342a788a3da2c0345dc7b6305722694cccfda61c3aa3196e8ad86ea03500297b12a19c349c0717fef16452c79ecf5b9e5c06

  • C:\Windows\System\PaFyYmZ.exe

    Filesize

    5.2MB

    MD5

    97cfde77a05c20f7663bcaf6730d37aa

    SHA1

    c1f26c333e57018f730f44dafd7370fc96f52eea

    SHA256

    9a6eb5ccac28de7a814ec39244b779100a6c1afd79413f197320b964d578cc05

    SHA512

    43beabfc4bde9429e8b83fcfa66bd5a4789e53c1105402c46aa7bddcb835d88ce728302ad0bb9da3466842413ba9975bf375ad09548b0091e85b179138ad4606

  • C:\Windows\System\XGuEQik.exe

    Filesize

    5.2MB

    MD5

    3b52bdf6792a0720a7c8159d1fc78fcf

    SHA1

    c94d78cd0bf7a45a86fedb426cc76bdd111d81e4

    SHA256

    9affbff4c254ad4ebe75ad5b958d4a9242622e06aecff9325357facd41f792b4

    SHA512

    785818dd16007ae1bf1f6e29af934e5de3968c01456bedaab865b52fd1686b3fcc1cb040b2cf59babb4946cabe37d99151fac35fdee4d289cdecac748a81b2d9

  • C:\Windows\System\XskEfEe.exe

    Filesize

    5.2MB

    MD5

    a7238f9c93f17d72d7dc5af6204f4558

    SHA1

    7efdefd6a4f032c7976ce5a27a9e3d50ee3b2eb9

    SHA256

    e211ad941b1190cd4657875237342afb29c09334e6733ee34b00fd99202df13a

    SHA512

    a5dc6fd11046f5e8fe4e590bd22664ec0db371dadb352f0cb89e2221c3cc395dbf064885ab6484df8f3d37165cbbbb79dd647c4aee8921e115fc6e1940b17735

  • C:\Windows\System\bEPLJlY.exe

    Filesize

    5.2MB

    MD5

    de108bf1c50d7b9780d8204aa249bad6

    SHA1

    9a510695993feb9eb5e598bf8ba7f44563f5fa8f

    SHA256

    62aa8ac62e03b7f1bcbc827fb86f3aebffc2d492e60c2a27a23f8702b7131555

    SHA512

    eb7415cbf378e461e635d753d23c96cdcd40a7d7f1d70680a13ad72a54772b46b11a3b7496c82ffc488b47e4e4b68e7290e451cec719c76b0fe73eb7b108c565

  • C:\Windows\System\cwsmGeS.exe

    Filesize

    5.2MB

    MD5

    c177c2324a722597e34e7053090ec860

    SHA1

    e876106c3f374c7855d76b0ebad1104ee46835a3

    SHA256

    4b9d2d4d57b9d7a4a3de87e2055217ed5bc2a0832cc3937e3d08b5b4e1672ed9

    SHA512

    18d3450a9a26b433c4eb5ab30bd5cd820669904ad86473c25820d30e34e9eb48bc33ec7e46617513a78932926f42b00bb192fd7462291521cee3ef7fc11fba84

  • C:\Windows\System\dhQgAJV.exe

    Filesize

    5.2MB

    MD5

    b5da2192c3e3fd0e8c707de4fd8b794b

    SHA1

    6ce7ba19e32c4df627997788c47c6881b581e383

    SHA256

    c901b42680a5f68e0177eb2efeba332f9c5477474b1f861a0d9955ff61807524

    SHA512

    0eb2bb8ab4f0dc7614c9b902cb57c77a72f6d1a1593a662d06a8810b68218cfb176b066added4f1efbf7d05566f07348accc66c5e678f07a2608f5ce38fa7682

  • C:\Windows\System\hIyPTPS.exe

    Filesize

    5.2MB

    MD5

    f2af9d12d21138eda68c3a9a39656254

    SHA1

    56c76f6d213257a048aa3720aa53ecdd76a53331

    SHA256

    7c836ab66a4a03750ff6566a4c840fd18dae4f3be3738e094ce2c4616f170de3

    SHA512

    860737255b7f9d970b79262a37cf83fa5b27a0aa7b7e977ec26655d1a42a051e74a7960c33ed11914a259a5374ff4f509b40572dbc219fac8384baf2e2b4d1d8

  • C:\Windows\System\kqAyAqh.exe

    Filesize

    5.2MB

    MD5

    600d3c55201becb3d98ba0cea4cb36a3

    SHA1

    0595b87bc40fb624a7f1af4e6306a6ac309ecc69

    SHA256

    927c03cdaa38ccdeee589c79ae368650de5a4c39bd864d1ef5d54f2c88770ab5

    SHA512

    f93e6e4754d7496f715b0391416252ed934160ea5aa0302f8bc796f5539d4264e2630b02d40df6a57efe61e6dce8dfce55364b49908d4b96f418a7882c959358

  • C:\Windows\System\nSxgCdm.exe

    Filesize

    5.2MB

    MD5

    ad1581a7317543390b7e778488a1de5e

    SHA1

    943c0f8ccc70aab8b16ab0e501f0fbd05411f4e0

    SHA256

    518fc1cbec49c22b1a4d07bc1176852f0473983fba86e24bbdc9e5c5bef2dca3

    SHA512

    9d778f9a484ee00ce9d96c470aa0a92579d2e0e76e839de4baa5bb00bff5c7a62c655a5e4fa37750c3e3568c32850a6621d26a00ff7526029185bdb4adc6369d

  • C:\Windows\System\olsvaQO.exe

    Filesize

    5.2MB

    MD5

    b7e4131d637e46535e89e89cdb7c96cd

    SHA1

    11fc38701696cbfbc6ea29b7fda096ef88c53051

    SHA256

    3a86d0790310ca1b85acfddd6d0f5fd1bb63903b26494cc308865d97abce379b

    SHA512

    d637d899a099248cbf40f38e02187cc56c9eb0f6c6b7c362cd15b7b6e1fbb644a9504be1a1139cdc18a221822304d6c5910d5718168513794c55dfd118e4b2c1

  • C:\Windows\System\oydfXNO.exe

    Filesize

    5.2MB

    MD5

    d3454536b29e150d5f8bcfc095c462f7

    SHA1

    1ebf0466b048a7f31c02119a51e5ffaa8226bab9

    SHA256

    b45a02443c0c66f011131bfb9d927e2bb90b88c09585f53b54defdc2bde026b5

    SHA512

    3801d435903faee1272cac55594b1f26bf72ac5c017d17c485f00067163defe51672182726ad839a960ea5334c365e4545d81286353cf1804a336ed3afdd701d

  • C:\Windows\System\yWVOWnl.exe

    Filesize

    5.2MB

    MD5

    7149a240048443f1a84b1a1d1a14f4c0

    SHA1

    39e44ec6e73cc1f4a9e1958a934ebc5d7eff77fb

    SHA256

    0801093b0c81b6ff2038ee9863d6b144f9e77c855c3e7a73d4bc1e3152f4ff9a

    SHA512

    230e48694b5c5a057bd82888d555c623c922dc7d7dedc40d351692aab607c347dd7396a7739d9322069abe09e6237e67fe3b6df42ea016ee31ad81891d221b94

  • memory/60-0-0x00007FF7AAE10000-0x00007FF7AB161000-memory.dmp

    Filesize

    3.3MB

  • memory/60-1-0x00000255FBC60000-0x00000255FBC70000-memory.dmp

    Filesize

    64KB

  • memory/60-149-0x00007FF7AAE10000-0x00007FF7AB161000-memory.dmp

    Filesize

    3.3MB

  • memory/60-62-0x00007FF7AAE10000-0x00007FF7AB161000-memory.dmp

    Filesize

    3.3MB

  • memory/60-119-0x00007FF7AAE10000-0x00007FF7AB161000-memory.dmp

    Filesize

    3.3MB

  • memory/404-196-0x00007FF666D20000-0x00007FF667071000-memory.dmp

    Filesize

    3.3MB

  • memory/404-14-0x00007FF666D20000-0x00007FF667071000-memory.dmp

    Filesize

    3.3MB

  • memory/428-241-0x00007FF770F90000-0x00007FF7712E1000-memory.dmp

    Filesize

    3.3MB

  • memory/428-138-0x00007FF770F90000-0x00007FF7712E1000-memory.dmp

    Filesize

    3.3MB

  • memory/432-71-0x00007FF77A1A0000-0x00007FF77A4F1000-memory.dmp

    Filesize

    3.3MB

  • memory/432-224-0x00007FF77A1A0000-0x00007FF77A4F1000-memory.dmp

    Filesize

    3.3MB

  • memory/432-132-0x00007FF77A1A0000-0x00007FF77A4F1000-memory.dmp

    Filesize

    3.3MB

  • memory/452-148-0x00007FF666330000-0x00007FF666681000-memory.dmp

    Filesize

    3.3MB

  • memory/452-242-0x00007FF666330000-0x00007FF666681000-memory.dmp

    Filesize

    3.3MB

  • memory/724-234-0x00007FF6401E0000-0x00007FF640531000-memory.dmp

    Filesize

    3.3MB

  • memory/724-131-0x00007FF6401E0000-0x00007FF640531000-memory.dmp

    Filesize

    3.3MB

  • memory/1000-194-0x00007FF70C0E0000-0x00007FF70C431000-memory.dmp

    Filesize

    3.3MB

  • memory/1000-120-0x00007FF70C0E0000-0x00007FF70C431000-memory.dmp

    Filesize

    3.3MB

  • memory/1000-8-0x00007FF70C0E0000-0x00007FF70C431000-memory.dmp

    Filesize

    3.3MB

  • memory/1556-147-0x00007FF75C8B0000-0x00007FF75CC01000-memory.dmp

    Filesize

    3.3MB

  • memory/1556-238-0x00007FF75C8B0000-0x00007FF75CC01000-memory.dmp

    Filesize

    3.3MB

  • memory/2128-236-0x00007FF6B04A0000-0x00007FF6B07F1000-memory.dmp

    Filesize

    3.3MB

  • memory/2128-137-0x00007FF6B04A0000-0x00007FF6B07F1000-memory.dmp

    Filesize

    3.3MB

  • memory/2316-233-0x00007FF6C7290000-0x00007FF6C75E1000-memory.dmp

    Filesize

    3.3MB

  • memory/2316-135-0x00007FF6C7290000-0x00007FF6C75E1000-memory.dmp

    Filesize

    3.3MB

  • memory/2688-26-0x00007FF660DC0000-0x00007FF661111000-memory.dmp

    Filesize

    3.3MB

  • memory/2688-198-0x00007FF660DC0000-0x00007FF661111000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-220-0x00007FF7CEF80000-0x00007FF7CF2D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-53-0x00007FF7CEF80000-0x00007FF7CF2D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-128-0x00007FF7CEF80000-0x00007FF7CF2D1000-memory.dmp

    Filesize

    3.3MB

  • memory/3040-32-0x00007FF745310000-0x00007FF745661000-memory.dmp

    Filesize

    3.3MB

  • memory/3040-205-0x00007FF745310000-0x00007FF745661000-memory.dmp

    Filesize

    3.3MB

  • memory/3380-226-0x00007FF6F43E0000-0x00007FF6F4731000-memory.dmp

    Filesize

    3.3MB

  • memory/3380-129-0x00007FF6F43E0000-0x00007FF6F4731000-memory.dmp

    Filesize

    3.3MB

  • memory/3516-127-0x00007FF7A8510000-0x00007FF7A8861000-memory.dmp

    Filesize

    3.3MB

  • memory/3516-49-0x00007FF7A8510000-0x00007FF7A8861000-memory.dmp

    Filesize

    3.3MB

  • memory/3516-218-0x00007FF7A8510000-0x00007FF7A8861000-memory.dmp

    Filesize

    3.3MB

  • memory/3748-65-0x00007FF601CD0000-0x00007FF602021000-memory.dmp

    Filesize

    3.3MB

  • memory/3748-130-0x00007FF601CD0000-0x00007FF602021000-memory.dmp

    Filesize

    3.3MB

  • memory/3748-222-0x00007FF601CD0000-0x00007FF602021000-memory.dmp

    Filesize

    3.3MB

  • memory/3928-125-0x00007FF685B80000-0x00007FF685ED1000-memory.dmp

    Filesize

    3.3MB

  • memory/3928-214-0x00007FF685B80000-0x00007FF685ED1000-memory.dmp

    Filesize

    3.3MB

  • memory/3928-38-0x00007FF685B80000-0x00007FF685ED1000-memory.dmp

    Filesize

    3.3MB

  • memory/3932-21-0x00007FF63ACC0000-0x00007FF63B011000-memory.dmp

    Filesize

    3.3MB

  • memory/3932-203-0x00007FF63ACC0000-0x00007FF63B011000-memory.dmp

    Filesize

    3.3MB

  • memory/3932-122-0x00007FF63ACC0000-0x00007FF63B011000-memory.dmp

    Filesize

    3.3MB

  • memory/4388-216-0x00007FF717D60000-0x00007FF7180B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4388-44-0x00007FF717D60000-0x00007FF7180B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4516-230-0x00007FF740BB0000-0x00007FF740F01000-memory.dmp

    Filesize

    3.3MB

  • memory/4516-133-0x00007FF740BB0000-0x00007FF740F01000-memory.dmp

    Filesize

    3.3MB

  • memory/4912-146-0x00007FF776470000-0x00007FF7767C1000-memory.dmp

    Filesize

    3.3MB

  • memory/4912-244-0x00007FF776470000-0x00007FF7767C1000-memory.dmp

    Filesize

    3.3MB

  • memory/4976-134-0x00007FF7DC3D0000-0x00007FF7DC721000-memory.dmp

    Filesize

    3.3MB

  • memory/4976-229-0x00007FF7DC3D0000-0x00007FF7DC721000-memory.dmp

    Filesize

    3.3MB