Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 22:01

General

  • Target

    2024-05-29_c5df1ecbb3db5173724dd9be7a082f2c_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    c5df1ecbb3db5173724dd9be7a082f2c

  • SHA1

    64ccc0032b66050722bdcf9a0ff9b2fefec3cd97

  • SHA256

    399a0ec2fcb54cb0c481c572ba4d321c04e455fc5103b2fba1adf0525e0981b4

  • SHA512

    79159268c735c2d66a4dd44612593a2779789ae55c2aa10f8ecc975c3125136767e2c574a6e742427ed58729fc2dbdd03a9d92ef621f76a701cfed0ada3b9291

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lL:RWWBibf56utgpPFotBER/mQ32lUP

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 45 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_c5df1ecbb3db5173724dd9be7a082f2c_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_c5df1ecbb3db5173724dd9be7a082f2c_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Windows\System\NkCgtGs.exe
      C:\Windows\System\NkCgtGs.exe
      2⤵
      • Executes dropped EXE
      PID:64
    • C:\Windows\System\YTVUtlc.exe
      C:\Windows\System\YTVUtlc.exe
      2⤵
      • Executes dropped EXE
      PID:4600
    • C:\Windows\System\TCTMJQs.exe
      C:\Windows\System\TCTMJQs.exe
      2⤵
      • Executes dropped EXE
      PID:1544
    • C:\Windows\System\JSfBQPc.exe
      C:\Windows\System\JSfBQPc.exe
      2⤵
      • Executes dropped EXE
      PID:4916
    • C:\Windows\System\OXAAeJO.exe
      C:\Windows\System\OXAAeJO.exe
      2⤵
      • Executes dropped EXE
      PID:4324
    • C:\Windows\System\giGiaUy.exe
      C:\Windows\System\giGiaUy.exe
      2⤵
      • Executes dropped EXE
      PID:2592
    • C:\Windows\System\zXHLjEq.exe
      C:\Windows\System\zXHLjEq.exe
      2⤵
      • Executes dropped EXE
      PID:1020
    • C:\Windows\System\zqoDnrC.exe
      C:\Windows\System\zqoDnrC.exe
      2⤵
      • Executes dropped EXE
      PID:4092
    • C:\Windows\System\WDuqChN.exe
      C:\Windows\System\WDuqChN.exe
      2⤵
      • Executes dropped EXE
      PID:732
    • C:\Windows\System\JJerXRV.exe
      C:\Windows\System\JJerXRV.exe
      2⤵
      • Executes dropped EXE
      PID:4060
    • C:\Windows\System\fdgzivV.exe
      C:\Windows\System\fdgzivV.exe
      2⤵
      • Executes dropped EXE
      PID:992
    • C:\Windows\System\BXFmkyx.exe
      C:\Windows\System\BXFmkyx.exe
      2⤵
      • Executes dropped EXE
      PID:3032
    • C:\Windows\System\QfeJhGW.exe
      C:\Windows\System\QfeJhGW.exe
      2⤵
      • Executes dropped EXE
      PID:4036
    • C:\Windows\System\isXFKMv.exe
      C:\Windows\System\isXFKMv.exe
      2⤵
      • Executes dropped EXE
      PID:1712
    • C:\Windows\System\BvnBbFQ.exe
      C:\Windows\System\BvnBbFQ.exe
      2⤵
      • Executes dropped EXE
      PID:2360
    • C:\Windows\System\lbckSTS.exe
      C:\Windows\System\lbckSTS.exe
      2⤵
      • Executes dropped EXE
      PID:2032
    • C:\Windows\System\MZjoCLb.exe
      C:\Windows\System\MZjoCLb.exe
      2⤵
      • Executes dropped EXE
      PID:2932
    • C:\Windows\System\CRPzXLc.exe
      C:\Windows\System\CRPzXLc.exe
      2⤵
      • Executes dropped EXE
      PID:3772
    • C:\Windows\System\FnNZMew.exe
      C:\Windows\System\FnNZMew.exe
      2⤵
      • Executes dropped EXE
      PID:3324
    • C:\Windows\System\RlbtPwF.exe
      C:\Windows\System\RlbtPwF.exe
      2⤵
      • Executes dropped EXE
      PID:4840
    • C:\Windows\System\ZydCZLz.exe
      C:\Windows\System\ZydCZLz.exe
      2⤵
      • Executes dropped EXE
      PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\BXFmkyx.exe

    Filesize

    5.2MB

    MD5

    70a2433a1e0593ef15674f16598a6417

    SHA1

    978e38c5d74f66d7abf6c80f5a239400a7cef7ad

    SHA256

    988b9d7231749fb22e0fe3e3ed540df0bd424a0f828b59ab0b4cf10fbbe02d6a

    SHA512

    cddcbbe62215750089638abc32fdfaf48e2f46c10a73805cdbf5624fec77b7c9e35279bd2428d9a4dda4fc71b8b28a065ad5eea1f7af3798368d6a268b19f26c

  • C:\Windows\System\BvnBbFQ.exe

    Filesize

    5.2MB

    MD5

    f6e3f820152dabcdb658d2cbe2a9563f

    SHA1

    0b312f14cacd2e449029fb695c3dfd6c4508875e

    SHA256

    bdf637d46dca2a14edef29619de08575f8d77e3c254a9d8c0ccdd9607b7dfb31

    SHA512

    09c51315e4bf1df921cf450325e9d91d0d68cbb3898c28b129e28a210358e7b6d771e63cb72631770f694412d56fd4444d56dc1b1cc45050364533dcf5b8d630

  • C:\Windows\System\CRPzXLc.exe

    Filesize

    5.2MB

    MD5

    0a451739471457a3e89581f9fef700b5

    SHA1

    1cebf4fabbd3fdc015ebecbb45ed4bc520de4ccb

    SHA256

    251b668626baa383fbd3025d79dbfb55be2eec37270a7a6f0cf5a5216c39e72f

    SHA512

    69e002a0a718d2f5475aff0f873e674999bdaeaa7f54f57404e0e481eba0261c6ec2da08bafab1c0bc8a654389148539be1ad1e623927b7b7d11a874299d84d9

  • C:\Windows\System\FnNZMew.exe

    Filesize

    5.2MB

    MD5

    91792ea02e2b32834667fc566277504d

    SHA1

    230a5510c05ab95ad906e538cb8f9c247a431a61

    SHA256

    175ef208ab40b998dd17ff6b0d032e78b6d37b9725ef1c38612edee2063687cd

    SHA512

    4adfcc7e7dd908a940607dc313aa508ae5fb7158e9631a6826d5cfb8a36b129a0347116d5f2ec39e2a8a5ad2fb363da22f7c200ba80be813c2b47b27a3fe9a11

  • C:\Windows\System\JJerXRV.exe

    Filesize

    5.2MB

    MD5

    1ef535470e3191b18c1c97f3a131c30e

    SHA1

    e43a11aa0c49faaec307a08d00501194aa58ab99

    SHA256

    89343e0dbba48ecbb84302ff95ba984551b5864f3e3987bbeeb8253002df28d2

    SHA512

    5d5b6149bf4f717f8b2f9c12f95246bde709349c8124c328bd730458106e329857fb1511f4876e8ec9eb55153f574e703613635b6cf8c1a76a52b401438256a6

  • C:\Windows\System\JSfBQPc.exe

    Filesize

    5.2MB

    MD5

    81e2929b75563211c1a50459e3381f8e

    SHA1

    c0e3cc0d53ababb6a6b1c52c81e23009e016c583

    SHA256

    744562ffe4d78d45cb867d8b360243ef34dcefec52f11260a82ec358c7e80bde

    SHA512

    faa26b00f78064536f7adc5c712d743738d6dc78d184255142e9aee23689c53d1a716acf7c532cfcb920be03769551ecf8f83772029e77074b5d6874dd30f9df

  • C:\Windows\System\JSfBQPc.exe

    Filesize

    5.1MB

    MD5

    91df922314a4caab432bba0c590ca3c0

    SHA1

    b91e20ca4d9be7c8e6fd75ac2830eb878c22eb76

    SHA256

    0cf813b51717aab8d4bf85c804cd17451a9e8a3cc11f9cb8db55a7f62fc7b809

    SHA512

    41834d81c15003ab88fdc17f65dd4d58bf778aa7f748c1778b8b4cf1f00ba4e25cbf41434779e3783c6b2862972c82761d5a6dbf80e22770db840e6a09a40184

  • C:\Windows\System\MZjoCLb.exe

    Filesize

    5.2MB

    MD5

    e4a475a2956bf1ccf47323230587339e

    SHA1

    37f9143dab12940d1746a09f383190caa85cd43f

    SHA256

    3de9afca2561c1ad7e35de39651552502096010d7775545f69deb7e9fe6306d7

    SHA512

    a13803183fa08942f08dc22f8c079a233e6be92927235ab7aca3ff17f1a9ce5ef418239007ad65711cfbf94ddda837ade7f257d2a01372069fbee98b2f0d97dd

  • C:\Windows\System\NkCgtGs.exe

    Filesize

    5.2MB

    MD5

    834afd1150f6f5583fc9eb45217b6ac5

    SHA1

    470e15e27969675e6b5e9d2eef56dd6f1ce47cbb

    SHA256

    fd395abaf6ef142d40802b05e56593905aeb5705d0245a87c018a90a6daa37e7

    SHA512

    54cfcc04d084516c2e9add81a1adf0c89cf80322b317c5a7752cf21ae875bfa88520c4ed8cf868c86525b84533327566f1fcb053f7f78a9e832e960e55f1cb90

  • C:\Windows\System\OXAAeJO.exe

    Filesize

    5.2MB

    MD5

    d5c476113d41c256ebc21297344af4bb

    SHA1

    2406941bff47a6fae37ab9e34aed0254fd87b98f

    SHA256

    9400a71c7e11a253c9360a6bc3a3273b6ed0c1c5e4774e32dd4b64ce456a4e33

    SHA512

    20ef62a57060384613ce7458b8cfa3da487cb7622db132a14125a490b2e9ef3f36d2c322e4325f7ca4a112e8c335f9d750f2431c1528cfe1e43866de3f29b5ef

  • C:\Windows\System\QfeJhGW.exe

    Filesize

    5.2MB

    MD5

    b6921bdf45c9be045a1a4aca3b2fab2d

    SHA1

    17f7068a0c52eda278b79c762710cd0bdd351661

    SHA256

    bb4591c1f99b62f6d3e12432e95255f5fc9d8a112f5e284d7f845a45833e1707

    SHA512

    15a78d97e4531d19065a6fbf79855e8cd7da68ff5b93f62eb91f979c299ed5e57f2d9cdc9c123ad87eb9e8dbe814e5fe736b0c8df10ef97d131d43334ae1c774

  • C:\Windows\System\RlbtPwF.exe

    Filesize

    5.2MB

    MD5

    7e05c8b2fb0feeab1efbec8d54fd2034

    SHA1

    19532590ef80ddbf974ba79ad0bf53f1157628ec

    SHA256

    5d7e3ddf154b0a8167d6fe031d71a5b1a8ef81c747bbc85438a938053e266833

    SHA512

    9e0c1cc1ee88c4fdb3e561d4f6be0ae3a8fccd045401c5107168976d099d4a150d31a525d960b549294a4429f8fe476dfaa269efde80b444f14718a911e47c7e

  • C:\Windows\System\TCTMJQs.exe

    Filesize

    5.2MB

    MD5

    019ddcf396cd93c990aa49d4c0033455

    SHA1

    d3e7a5d035f42ec9689294f0dc7bdb3c289f050f

    SHA256

    aec148d5630b74d8211a1561f3d66744328305fa12d51536534705e629d3df98

    SHA512

    8079e3acfc8ddb061e05d81a3ec5e2a36105812bc55a12faa5961a91cdcdecf7ed8facac7dd2fe610a91a9c673efd64bd3710908bf1cd394ac6a27688ba86101

  • C:\Windows\System\WDuqChN.exe

    Filesize

    5.2MB

    MD5

    945ff60fda5ba3daa8cfea70f362b9d4

    SHA1

    02579ddefa461d950cf1422a6d546a34bf5f0850

    SHA256

    0130cddde078ae99d5e6f091fb7ee9103610608e24a3c6245902ae275fb4692a

    SHA512

    66123bb61af2e4c8246580bc441a6185aec2e33d03aa20c4375ab9410e17855d93b871ed318bd2ff3d3647e20923a9ad850f4d764972d97c52e916cfbbd74851

  • C:\Windows\System\YTVUtlc.exe

    Filesize

    5.2MB

    MD5

    0ebe35220881669986b3c7b932010b2d

    SHA1

    7d9c717b18dd47a8583808010682980f298b5419

    SHA256

    839f23845ff5649b7c833d0381f9cc881d4cc43ceab9aab6f1854640444ad48e

    SHA512

    751f96100d0f54f7325dbc3b2b361bafd4b49a4e4a4a5dab9fe7b6ed956e6d0f5a13754dc65793e2678ca3f3bc9ef4eeaa7ffaf96c8ea98e5262990e1850a1eb

  • C:\Windows\System\ZydCZLz.exe

    Filesize

    5.2MB

    MD5

    8f40f22096882c05916004a5ecefed03

    SHA1

    0047794ccad9fbcd12d8ce6ba66aaf7f814e4baf

    SHA256

    bad785dbf83d980d59f896a2d2d7baf1881d561e1465504ff36a70b0f43d70f6

    SHA512

    2e0d5fdea93f304515b05f6696a1e21a49bf450311b9ff59d750d6d4fc3aa55788c825108b8e0975ba0190c0a883ceb8d71e0460a649a670056c5c001638f333

  • C:\Windows\System\fdgzivV.exe

    Filesize

    5.2MB

    MD5

    19706a86f897175c5888bbf351da42a0

    SHA1

    c3ffaebd6c326825a4d46cff1ced9c0954477879

    SHA256

    a3bd6aa4a4ec199fbbb0d4967ffc15fb569125bea2500600e90f6227d9ba03fd

    SHA512

    d4e562641f026203f74ff649853eb1d6b927d7c79c50f1dd53778ae10841985af0edd6aed0daf787eece7e319601f82f0321e778f6a5147c981ad4e29c81585f

  • C:\Windows\System\giGiaUy.exe

    Filesize

    5.2MB

    MD5

    493b922c6681f141b7f8b638c8caba2b

    SHA1

    2aabf57925d08d4e0e0827448e156c04400f458a

    SHA256

    20b7321e969f9f2b1e9ac68ba68ea78ef32370022f1d0e7e9e9958cc19796264

    SHA512

    de022f04cd1f0e62b2fd2a8161882a82c487d7bde5aecdbc0abfe83b79184f8c8dd947d5a20b311a8b570f48d1aa5c16e4c44365e4192a9a1bf7b8d99b857871

  • C:\Windows\System\isXFKMv.exe

    Filesize

    5.2MB

    MD5

    feb045a32085a1f34e58f30fda1695e7

    SHA1

    4bf7c50178395779b614a17bf10cff5239514c8e

    SHA256

    c78a5fd68f9713c32af40a1a511f2f69402367c42702e9f85c0bacb262f874bb

    SHA512

    55818cec08b455c43d1cddb282f26a2f7816dc53579143072dd50e09f7c545088a1f7a7409683f89f7d55be6fe0606552a127c9d514c431f42ce08e5f1bb13c3

  • C:\Windows\System\lbckSTS.exe

    Filesize

    5.2MB

    MD5

    5ebfc77ec0168868b1e4c96e57a61dd7

    SHA1

    599584eaa4d7f84e0b5b578326b805d407e28d77

    SHA256

    edd4576ae412d8d7f883d66db9a4eabc3be3fb5329312f33c06091d613ca2b92

    SHA512

    2ece8589a57b80df7efa8e9b170d27f179b761e688768e225b167aa3c31c69cb5c8a2e978cabfe0b44d9e47f57f97aca6ed9456f9e3cad588ff08a4e38acaf39

  • C:\Windows\System\zXHLjEq.exe

    Filesize

    5.2MB

    MD5

    a088c8c47bb5a2d948c6bc7ebe271edb

    SHA1

    d7a031eb65e9ea603ae4af06ea3e9e1c384d589b

    SHA256

    b48b028981f773182978cc3aa230f3fc61f75f8abb154846cd38efbb113def3d

    SHA512

    a0c54f85249a34d233c6680edaab330849ec71bc1a4715307f465a30e92e8311022de103391097cd3d19092305607edd35678473bfc252c2fb2e818bbc98f36c

  • C:\Windows\System\zqoDnrC.exe

    Filesize

    5.2MB

    MD5

    5964b58059889dd9859491f96bd10d8d

    SHA1

    69197c11984b535cd20c8bcc09ea32dab72123cd

    SHA256

    0eb24c85af0ced3d774af6420787f28be7fd78dfae18310c977a948a3104b6bf

    SHA512

    715abd74760a8056af3e38e64d77dc59bbe887a35340efe1ad3cfc3f801a5e8afd453a39bace57b12f44e7d1d33399aabf7cb283534ece4c7f5c9dc46c225bbb

  • memory/64-203-0x00007FF718410000-0x00007FF718761000-memory.dmp

    Filesize

    3.3MB

  • memory/64-8-0x00007FF718410000-0x00007FF718761000-memory.dmp

    Filesize

    3.3MB

  • memory/64-74-0x00007FF718410000-0x00007FF718761000-memory.dmp

    Filesize

    3.3MB

  • memory/732-61-0x00007FF6C8F10000-0x00007FF6C9261000-memory.dmp

    Filesize

    3.3MB

  • memory/732-133-0x00007FF6C8F10000-0x00007FF6C9261000-memory.dmp

    Filesize

    3.3MB

  • memory/732-234-0x00007FF6C8F10000-0x00007FF6C9261000-memory.dmp

    Filesize

    3.3MB

  • memory/992-75-0x00007FF7F8770000-0x00007FF7F8AC1000-memory.dmp

    Filesize

    3.3MB

  • memory/992-238-0x00007FF7F8770000-0x00007FF7F8AC1000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-230-0x00007FF67F0E0000-0x00007FF67F431000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-42-0x00007FF67F0E0000-0x00007FF67F431000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-125-0x00007FF67F0E0000-0x00007FF67F431000-memory.dmp

    Filesize

    3.3MB

  • memory/1320-158-0x00007FF6BB7C0000-0x00007FF6BBB11000-memory.dmp

    Filesize

    3.3MB

  • memory/1320-1-0x0000025489A30000-0x0000025489A40000-memory.dmp

    Filesize

    64KB

  • memory/1320-136-0x00007FF6BB7C0000-0x00007FF6BBB11000-memory.dmp

    Filesize

    3.3MB

  • memory/1320-62-0x00007FF6BB7C0000-0x00007FF6BBB11000-memory.dmp

    Filesize

    3.3MB

  • memory/1320-0-0x00007FF6BB7C0000-0x00007FF6BBB11000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-23-0x00007FF6FF7E0000-0x00007FF6FFB31000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-79-0x00007FF6FF7E0000-0x00007FF6FFB31000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-207-0x00007FF6FF7E0000-0x00007FF6FFB31000-memory.dmp

    Filesize

    3.3MB

  • memory/1712-242-0x00007FF6C4E30000-0x00007FF6C5181000-memory.dmp

    Filesize

    3.3MB

  • memory/1712-89-0x00007FF6C4E30000-0x00007FF6C5181000-memory.dmp

    Filesize

    3.3MB

  • memory/2032-248-0x00007FF7C2F60000-0x00007FF7C32B1000-memory.dmp

    Filesize

    3.3MB

  • memory/2032-107-0x00007FF7C2F60000-0x00007FF7C32B1000-memory.dmp

    Filesize

    3.3MB

  • memory/2360-105-0x00007FF7615D0000-0x00007FF761921000-memory.dmp

    Filesize

    3.3MB

  • memory/2360-246-0x00007FF7615D0000-0x00007FF761921000-memory.dmp

    Filesize

    3.3MB

  • memory/2592-39-0x00007FF70BDE0000-0x00007FF70C131000-memory.dmp

    Filesize

    3.3MB

  • memory/2592-213-0x00007FF70BDE0000-0x00007FF70C131000-memory.dmp

    Filesize

    3.3MB

  • memory/2932-250-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2932-153-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2932-108-0x00007FF718CA0000-0x00007FF718FF1000-memory.dmp

    Filesize

    3.3MB

  • memory/3032-77-0x00007FF7C5B00000-0x00007FF7C5E51000-memory.dmp

    Filesize

    3.3MB

  • memory/3032-244-0x00007FF7C5B00000-0x00007FF7C5E51000-memory.dmp

    Filesize

    3.3MB

  • memory/3032-148-0x00007FF7C5B00000-0x00007FF7C5E51000-memory.dmp

    Filesize

    3.3MB

  • memory/3324-155-0x00007FF629850000-0x00007FF629BA1000-memory.dmp

    Filesize

    3.3MB

  • memory/3324-119-0x00007FF629850000-0x00007FF629BA1000-memory.dmp

    Filesize

    3.3MB

  • memory/3324-254-0x00007FF629850000-0x00007FF629BA1000-memory.dmp

    Filesize

    3.3MB

  • memory/3772-154-0x00007FF6DFC70000-0x00007FF6DFFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/3772-252-0x00007FF6DFC70000-0x00007FF6DFFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/3772-115-0x00007FF6DFC70000-0x00007FF6DFFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-240-0x00007FF66ABD0000-0x00007FF66AF21000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-149-0x00007FF66ABD0000-0x00007FF66AF21000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-82-0x00007FF66ABD0000-0x00007FF66AF21000-memory.dmp

    Filesize

    3.3MB

  • memory/4060-68-0x00007FF7D2CB0000-0x00007FF7D3001000-memory.dmp

    Filesize

    3.3MB

  • memory/4060-236-0x00007FF7D2CB0000-0x00007FF7D3001000-memory.dmp

    Filesize

    3.3MB

  • memory/4092-131-0x00007FF779160000-0x00007FF7794B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4092-232-0x00007FF779160000-0x00007FF7794B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4092-49-0x00007FF779160000-0x00007FF7794B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4324-114-0x00007FF60BB00000-0x00007FF60BE51000-memory.dmp

    Filesize

    3.3MB

  • memory/4324-30-0x00007FF60BB00000-0x00007FF60BE51000-memory.dmp

    Filesize

    3.3MB

  • memory/4324-212-0x00007FF60BB00000-0x00007FF60BE51000-memory.dmp

    Filesize

    3.3MB

  • memory/4600-205-0x00007FF7DE820000-0x00007FF7DEB71000-memory.dmp

    Filesize

    3.3MB

  • memory/4600-19-0x00007FF7DE820000-0x00007FF7DEB71000-memory.dmp

    Filesize

    3.3MB

  • memory/4788-135-0x00007FF75F710000-0x00007FF75FA61000-memory.dmp

    Filesize

    3.3MB

  • memory/4788-258-0x00007FF75F710000-0x00007FF75FA61000-memory.dmp

    Filesize

    3.3MB

  • memory/4840-127-0x00007FF772690000-0x00007FF7729E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4840-156-0x00007FF772690000-0x00007FF7729E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4840-257-0x00007FF772690000-0x00007FF7729E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4916-27-0x00007FF67EE50000-0x00007FF67F1A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4916-209-0x00007FF67EE50000-0x00007FF67F1A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4916-88-0x00007FF67EE50000-0x00007FF67F1A1000-memory.dmp

    Filesize

    3.3MB