Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 22:45

General

  • Target

    2024-05-29_6b2fd37e0351b8e06387dc846b1b6d08_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    6b2fd37e0351b8e06387dc846b1b6d08

  • SHA1

    346ebfadd478a182dce462c83f71c2286f4ef4dc

  • SHA256

    dec0a0b592694a6b013df76ee14ea042319b91cac64b202661023e3175b00b98

  • SHA512

    530ba5b83846b98246d8fcd9bee5729cd390625a506dc8a006ad7c76d51a074c14f4918b2ce43d989ae33ec7d40c8c5cbca1d6afa17926f2f966a4720a454adf

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lU9:Q+856utgpPF8u/79

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_6b2fd37e0351b8e06387dc846b1b6d08_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_6b2fd37e0351b8e06387dc846b1b6d08_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4736
    • C:\Windows\System\CEJnHeM.exe
      C:\Windows\System\CEJnHeM.exe
      2⤵
      • Executes dropped EXE
      PID:3820
    • C:\Windows\System\okklOPr.exe
      C:\Windows\System\okklOPr.exe
      2⤵
      • Executes dropped EXE
      PID:5076
    • C:\Windows\System\ylZyise.exe
      C:\Windows\System\ylZyise.exe
      2⤵
      • Executes dropped EXE
      PID:4728
    • C:\Windows\System\KdfCClI.exe
      C:\Windows\System\KdfCClI.exe
      2⤵
      • Executes dropped EXE
      PID:2012
    • C:\Windows\System\RGczIPS.exe
      C:\Windows\System\RGczIPS.exe
      2⤵
      • Executes dropped EXE
      PID:2624
    • C:\Windows\System\reUZveY.exe
      C:\Windows\System\reUZveY.exe
      2⤵
      • Executes dropped EXE
      PID:2116
    • C:\Windows\System\NKLkYJX.exe
      C:\Windows\System\NKLkYJX.exe
      2⤵
      • Executes dropped EXE
      PID:2732
    • C:\Windows\System\ZJQKSPt.exe
      C:\Windows\System\ZJQKSPt.exe
      2⤵
      • Executes dropped EXE
      PID:5028
    • C:\Windows\System\cNJYWJN.exe
      C:\Windows\System\cNJYWJN.exe
      2⤵
      • Executes dropped EXE
      PID:2076
    • C:\Windows\System\NwNNVsK.exe
      C:\Windows\System\NwNNVsK.exe
      2⤵
      • Executes dropped EXE
      PID:4504
    • C:\Windows\System\JBZHeDG.exe
      C:\Windows\System\JBZHeDG.exe
      2⤵
      • Executes dropped EXE
      PID:3076
    • C:\Windows\System\ZwlPLgD.exe
      C:\Windows\System\ZwlPLgD.exe
      2⤵
      • Executes dropped EXE
      PID:3408
    • C:\Windows\System\cQgFoNY.exe
      C:\Windows\System\cQgFoNY.exe
      2⤵
      • Executes dropped EXE
      PID:4588
    • C:\Windows\System\LFaNlAf.exe
      C:\Windows\System\LFaNlAf.exe
      2⤵
      • Executes dropped EXE
      PID:1144
    • C:\Windows\System\AmROnae.exe
      C:\Windows\System\AmROnae.exe
      2⤵
      • Executes dropped EXE
      PID:4916
    • C:\Windows\System\EaVDqPO.exe
      C:\Windows\System\EaVDqPO.exe
      2⤵
      • Executes dropped EXE
      PID:3868
    • C:\Windows\System\FjSIkup.exe
      C:\Windows\System\FjSIkup.exe
      2⤵
      • Executes dropped EXE
      PID:1792
    • C:\Windows\System\AgDQHUq.exe
      C:\Windows\System\AgDQHUq.exe
      2⤵
      • Executes dropped EXE
      PID:4948
    • C:\Windows\System\CYqNoMj.exe
      C:\Windows\System\CYqNoMj.exe
      2⤵
      • Executes dropped EXE
      PID:912
    • C:\Windows\System\tazGBZX.exe
      C:\Windows\System\tazGBZX.exe
      2⤵
      • Executes dropped EXE
      PID:3456
    • C:\Windows\System\tYbGRaW.exe
      C:\Windows\System\tYbGRaW.exe
      2⤵
      • Executes dropped EXE
      PID:4296
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1032,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
    1⤵
      PID:2760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\AgDQHUq.exe

      Filesize

      5.9MB

      MD5

      ac46aadca81e76338762c8ff2ee52af0

      SHA1

      1176e63d086a7dbed6b2f2bb91f53b6eb1285ab0

      SHA256

      1a58bd3dcd89f2c3371f28d7bae64005d18b46cc519b0af68c345f8bdff39a9b

      SHA512

      4eae6eb59624289b6132fc0da52144a0c0818b68f70b26a560c2e0eded0817211d220d271dd3659d4db695455ee0c07b0f7c4ecd0778efd3eb91fbb34585504f

    • C:\Windows\System\AmROnae.exe

      Filesize

      5.9MB

      MD5

      dff69bc335fcc35f6bc9da527aad8a8d

      SHA1

      99e7a8aa4beb29f7aa4f396e2baf7199e5821bb1

      SHA256

      c84e4844d93bfb94ae1ac85d04de576219da41bdb383b75b5b62de3c4e1b4246

      SHA512

      928ddb6ffdcd9fd0d092452e427e4aa6314fb7629220643b7c3f1edbb1907db4a9563e1667acfe8736091f632fab6b3b5d56d7e3ff0bcd7b34751f7d26ffdd1f

    • C:\Windows\System\CEJnHeM.exe

      Filesize

      5.9MB

      MD5

      144e4913c88fad57888358b69e86ddfe

      SHA1

      d424643536d296abf968c7e4c8dd2ae61f9c16df

      SHA256

      09b80626715f96160902bf04a76c4c52e04329ca3a5a9ec5f7884674004b0510

      SHA512

      04bb9779f304c65d8029d21ab15329551c961ded62b2e30eb5e72bcaa41cd1e6bc0baa5bfc1344f35509071f29dc439143fb291d1b1efe05f1937302a06846fc

    • C:\Windows\System\CYqNoMj.exe

      Filesize

      5.9MB

      MD5

      46f4348ea8f108babb2aab24196057a5

      SHA1

      c122cd9525edd67ef3d061f36f232ff4adebe4a4

      SHA256

      bf1b4dde70eb0b31a77db1edc4b22f0bfac1ccf4cb6df9d5b8b57f8f057aed10

      SHA512

      75cd3a8741b5f6535d88ef0c457fd5050b746ac1dc90984b95b3944ae859bc7928cd4b71706da555bcc0265be0976ccd944a963cfc9b68ef2f3a81968a60a786

    • C:\Windows\System\EaVDqPO.exe

      Filesize

      5.9MB

      MD5

      f28954eee5bddc5bdc6bb2880b2900fc

      SHA1

      3f6bd38d803139d1e85ee18e39ed84e19f2300b4

      SHA256

      f323e55b092d49cf8d96556e857a3fa4704c87d96951578a83845294f83cb984

      SHA512

      6040daafcf34aa16030c47d157877ea9a14f16dde252a82d306558764cdd1639800f3d7b9e1d32038c5b84b29bc708311037dfbc6b703263f7ce78b933186b45

    • C:\Windows\System\FjSIkup.exe

      Filesize

      5.9MB

      MD5

      5b33f95ef6d9aaae026b31d0e9d52532

      SHA1

      87b0f836dc485e593d9727dcd6f0d1c8ac1f69db

      SHA256

      aacfa67b94c58d4d495ba975e6840afea9b2efd55b2e549e7a05cd11223b1096

      SHA512

      a24068f6cbd9b66acd911a21f7d58c7a3255a199d306e94344407f9602f2b7f126676479f94de98d1c8b22a8f43cba03f3e8e097ed5a72f18bc614616b653943

    • C:\Windows\System\JBZHeDG.exe

      Filesize

      5.9MB

      MD5

      9784e8678878c99ff98b6c1005ddabff

      SHA1

      fede66b73ed6e5a7610d9364ef6fe75c8d5e0001

      SHA256

      5d9e3abc2d4ebffaca810a0738cfcf4d32cc466d137f7be484c4ff2364a7ac93

      SHA512

      1ec1739597287c889cdf4f5a78aff3100a328e34400ffd4491a510dadc10cf096b73214a8a26f5772f0896b99f1b86b584a30774a11faabea44e7eab9925291d

    • C:\Windows\System\KdfCClI.exe

      Filesize

      5.9MB

      MD5

      a58fc9c767e7cf4e3c9f2a62869346cc

      SHA1

      9f7cc1f4e29f4161b6530926b0522eeda3fb5f98

      SHA256

      2d763e57dfba2658c4ebc6bec9bc2b5fc38b854e54714bbc813c0607f5658bbd

      SHA512

      c5b6a413afcc73296b10f597cf029154493877abf980d900d9f3c5d78a1b84495dfc378c6b0c9400acf9c15b5f12042d06a1d0c2f1ca16b070454bf9502c5b6a

    • C:\Windows\System\LFaNlAf.exe

      Filesize

      5.9MB

      MD5

      df83a99f710ff43eb40488748730097e

      SHA1

      37ff0e3a79c3d1d8c9a75e9f60a64f13b6160cef

      SHA256

      33a623af17ee1eae0f766a2014ad004b0f0fc12b181ae0173c4de954206e5477

      SHA512

      e218eb03aff36d413dbcef3751ac68ea42e970a7abf738e7ec5cc8c0e9ef1eb7d439f2dc88b6ffcead4e1b2d8765c76cf73d1bbd9a4133c08624e6d4e54a97bd

    • C:\Windows\System\NKLkYJX.exe

      Filesize

      5.9MB

      MD5

      4a15f7b86cc4e748339d83edb3499e8e

      SHA1

      7deeb2570c212f9bdae3dd9e0ceb0a92b1b192fa

      SHA256

      b0405267919b69ad383369d32f887da5127015fd6357a556c8cb292da989cb60

      SHA512

      0f2d7324d18c4ef4117028b13fcca99134c681ed844632cce95e8ccafd9832c8dd7e90e52109db9dbc42beaa76586ce0d6b453520d7f864b2daa951605a3c181

    • C:\Windows\System\NwNNVsK.exe

      Filesize

      5.9MB

      MD5

      d3abe6fe87f697d983e22ea5328c564d

      SHA1

      93a8fff3399392f6417be74a49e334e41cd644e1

      SHA256

      4ebc8a7f6cd236ff0f45acbe508daf90ff72f7967be119b743e87ea91d7e771b

      SHA512

      f8928b7a134187fbfbcb2c75fdcb4792f705cdf8e03df81de9eab8ebb8cdb365212f05b0d606db4d01a3e0cf033b281b518309c2878d7f0572f1eb54033022c6

    • C:\Windows\System\RGczIPS.exe

      Filesize

      5.9MB

      MD5

      6b0f766581d17c6914d22eb733c0939b

      SHA1

      d7e15883d9f2b6e457f281462b08241a7bcfef05

      SHA256

      d710181e9179105cd48757f03ef5fa7474d4d90956af91315d7ac9fd9193511e

      SHA512

      9d14f338a70540998024608c05042fdcd537dc5b14622657de013b36a0e6cdd29ccac1c088d9393fe3957ccc5c066a0973d888343304a38f78b661cfd843271c

    • C:\Windows\System\ZJQKSPt.exe

      Filesize

      5.9MB

      MD5

      984fec1f6a899d1f67810f316d875ae1

      SHA1

      c84956ba8a2a87f3c073aeb5e67eb4d312cd7090

      SHA256

      4a736df6fba27483bde3571cb6a465dd15813244f718cf0e20b8acc3d53d493f

      SHA512

      c20e6f37dc1c0ea67beb056c4423d2082763557b807b1dd66f9095424ded7dc6860239439c2507e1fae6c1c92653b1868b1dae90b18843b9c5b4b78e6c06e9fc

    • C:\Windows\System\ZwlPLgD.exe

      Filesize

      5.9MB

      MD5

      50a02d1bd0c0c6366e62a04895df66f0

      SHA1

      697861008ccfd2eaad4e09ee57b9645b851a6c55

      SHA256

      8b8dd2f4cb036150379fac4d5e6d231f5aed872754c40572475dd1cc17b11095

      SHA512

      c600410737dfea43bcc22f77165e43781a65e11db2678fc64e30c4ffd0b320fb52c12022af18edf5f6b43990100af69fb3064bbd385f577e780a87ea71c7f25c

    • C:\Windows\System\cNJYWJN.exe

      Filesize

      5.9MB

      MD5

      db71198c6ff42530e325bd663c76c712

      SHA1

      11e000f8998e51a2b49cc1c905db8a540f4cea7e

      SHA256

      bad70c023df84f43d3f3c83ccebdcf34322cd7940409b5c9aeb9f9a22c934f59

      SHA512

      8ccfcb8cf258999f33da739edccf13586f66a17f1c7a399a517deb4cae6cf2d66381a8abb94e3b5bc82e5f2202d5f43dd776cd3378c41ba4965b6af24f761b0c

    • C:\Windows\System\cQgFoNY.exe

      Filesize

      5.9MB

      MD5

      77e87641c070a1316ddbfecb4bdd5993

      SHA1

      e198994a08c08986055bc7e91e4412a0b206c5dc

      SHA256

      532ff6b4143682d58ff90ddd276f667155a1ac7ca0d7c1db722b78da4503a31e

      SHA512

      ccb9f633a7660026f221d55843e33493ef7ab445b842e28d8ad858966c570c6edfbadf5294760f3664dc50406b95cf20b74171377f6eef8c4f83dfcc3ce48867

    • C:\Windows\System\okklOPr.exe

      Filesize

      5.9MB

      MD5

      c1ca5ceef3e34e923e09100554d88417

      SHA1

      5dfe17c5488e58413a4a7055604d83d0d9f70a9e

      SHA256

      1d7f36abf8a718355a5eb57d9cb5437bbd8e05e27339da110b4cd769e9e4fd01

      SHA512

      52d9414bf0dbf9f208c64f756e9a2ef14733fe322db23b08c19c1162a6b3148399b42da2d53d8f5e646b74ad10323cf6ea2341467c8c6fa778a5af922cb302ff

    • C:\Windows\System\reUZveY.exe

      Filesize

      5.9MB

      MD5

      403642163d1fadc4f96126dfd3407cf6

      SHA1

      b953e8d642ea716e6daf23961ab8e25e6b81ef1a

      SHA256

      558faf4f92b38b0ad070cba92e63954ae447c29942d9d8cf25e6700bef70d01c

      SHA512

      563c827c5b07ea7be846de74b1c4a614b1eb3bd7d2e9d30ff024c56511806c6182aa4484ad6f936ea8ba343ad383c2d0d60717a15c79ee7b519112d834d844e4

    • C:\Windows\System\tYbGRaW.exe

      Filesize

      5.9MB

      MD5

      99acee7f506ed6d66b3a8c5d5de8ad71

      SHA1

      d2fe8974d928da069bb191d096f0cb510e65ba1b

      SHA256

      4724de0fd2a9453e5003c751c50eb31e1ea791e68b24195ea655dcba9ff057c0

      SHA512

      4d76c7e9216b9cd0cad9a50a127c38e6fbc5663671106720c594937dda98660805928dbb88b3cd4f2224f6e1b4637ee8e62e1fa1ce99f94e362c3f4fc6dbd5b5

    • C:\Windows\System\tazGBZX.exe

      Filesize

      5.9MB

      MD5

      3e38f36e89eb56e61100f59f3f9afc68

      SHA1

      01d3c140ccc5b300252cd17ea8f144528a9a201d

      SHA256

      993bd3c431a6b402cbda436d0d3bf2bd3deb1cd81360615504049715d15413ba

      SHA512

      412eea99360e7f12b6f681b1e608b2d448365dfb8d4df4574000cfd250c3ac8579879048151d0333783d84c5af227a05a94946780b875bc43b0c3b843507b3f8

    • C:\Windows\System\ylZyise.exe

      Filesize

      5.9MB

      MD5

      e99f930ff8735729b3a0168f9d0cbe98

      SHA1

      5886ea9068a9be70dfddff22e19bd76d89da5a41

      SHA256

      0e70200c375d3fdd6007389ba687cc0140918637c91b80b6e5895aea77488754

      SHA512

      5b2327f49581ccf2ac97e14a07d6fd2df6e1192cafbf205dffabdc9a57cdbd691d5dceb21f72f034650a87f742bfb1fb620a0d2beae759349f0b3965f789b27e

    • memory/912-149-0x00007FF6148E0000-0x00007FF614C34000-memory.dmp

      Filesize

      3.3MB

    • memory/912-126-0x00007FF6148E0000-0x00007FF614C34000-memory.dmp

      Filesize

      3.3MB

    • memory/1144-144-0x00007FF609D30000-0x00007FF60A084000-memory.dmp

      Filesize

      3.3MB

    • memory/1144-121-0x00007FF609D30000-0x00007FF60A084000-memory.dmp

      Filesize

      3.3MB

    • memory/1792-151-0x00007FF7ACEC0000-0x00007FF7AD214000-memory.dmp

      Filesize

      3.3MB

    • memory/1792-124-0x00007FF7ACEC0000-0x00007FF7AD214000-memory.dmp

      Filesize

      3.3MB

    • memory/2012-30-0x00007FF7501D0000-0x00007FF750524000-memory.dmp

      Filesize

      3.3MB

    • memory/2012-135-0x00007FF7501D0000-0x00007FF750524000-memory.dmp

      Filesize

      3.3MB

    • memory/2076-54-0x00007FF6A3020000-0x00007FF6A3374000-memory.dmp

      Filesize

      3.3MB

    • memory/2076-140-0x00007FF6A3020000-0x00007FF6A3374000-memory.dmp

      Filesize

      3.3MB

    • memory/2076-131-0x00007FF6A3020000-0x00007FF6A3374000-memory.dmp

      Filesize

      3.3MB

    • memory/2116-137-0x00007FF6C5FC0000-0x00007FF6C6314000-memory.dmp

      Filesize

      3.3MB

    • memory/2116-38-0x00007FF6C5FC0000-0x00007FF6C6314000-memory.dmp

      Filesize

      3.3MB

    • memory/2624-136-0x00007FF79E8B0000-0x00007FF79EC04000-memory.dmp

      Filesize

      3.3MB

    • memory/2624-34-0x00007FF79E8B0000-0x00007FF79EC04000-memory.dmp

      Filesize

      3.3MB

    • memory/2732-138-0x00007FF71E190000-0x00007FF71E4E4000-memory.dmp

      Filesize

      3.3MB

    • memory/2732-43-0x00007FF71E190000-0x00007FF71E4E4000-memory.dmp

      Filesize

      3.3MB

    • memory/2732-130-0x00007FF71E190000-0x00007FF71E4E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3076-118-0x00007FF7734C0000-0x00007FF773814000-memory.dmp

      Filesize

      3.3MB

    • memory/3076-142-0x00007FF7734C0000-0x00007FF773814000-memory.dmp

      Filesize

      3.3MB

    • memory/3408-119-0x00007FF69B600000-0x00007FF69B954000-memory.dmp

      Filesize

      3.3MB

    • memory/3408-145-0x00007FF69B600000-0x00007FF69B954000-memory.dmp

      Filesize

      3.3MB

    • memory/3456-127-0x00007FF7DE590000-0x00007FF7DE8E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3456-148-0x00007FF7DE590000-0x00007FF7DE8E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3820-129-0x00007FF771B10000-0x00007FF771E64000-memory.dmp

      Filesize

      3.3MB

    • memory/3820-132-0x00007FF771B10000-0x00007FF771E64000-memory.dmp

      Filesize

      3.3MB

    • memory/3820-6-0x00007FF771B10000-0x00007FF771E64000-memory.dmp

      Filesize

      3.3MB

    • memory/3868-123-0x00007FF7DBA40000-0x00007FF7DBD94000-memory.dmp

      Filesize

      3.3MB

    • memory/3868-152-0x00007FF7DBA40000-0x00007FF7DBD94000-memory.dmp

      Filesize

      3.3MB

    • memory/4296-128-0x00007FF711E50000-0x00007FF7121A4000-memory.dmp

      Filesize

      3.3MB

    • memory/4296-147-0x00007FF711E50000-0x00007FF7121A4000-memory.dmp

      Filesize

      3.3MB

    • memory/4504-117-0x00007FF712BE0000-0x00007FF712F34000-memory.dmp

      Filesize

      3.3MB

    • memory/4504-141-0x00007FF712BE0000-0x00007FF712F34000-memory.dmp

      Filesize

      3.3MB

    • memory/4588-143-0x00007FF695D20000-0x00007FF696074000-memory.dmp

      Filesize

      3.3MB

    • memory/4588-120-0x00007FF695D20000-0x00007FF696074000-memory.dmp

      Filesize

      3.3MB

    • memory/4728-134-0x00007FF70C0C0000-0x00007FF70C414000-memory.dmp

      Filesize

      3.3MB

    • memory/4728-21-0x00007FF70C0C0000-0x00007FF70C414000-memory.dmp

      Filesize

      3.3MB

    • memory/4736-116-0x00007FF61D6F0000-0x00007FF61DA44000-memory.dmp

      Filesize

      3.3MB

    • memory/4736-1-0x00000163B2EA0000-0x00000163B2EB0000-memory.dmp

      Filesize

      64KB

    • memory/4736-0-0x00007FF61D6F0000-0x00007FF61DA44000-memory.dmp

      Filesize

      3.3MB

    • memory/4916-146-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp

      Filesize

      3.3MB

    • memory/4916-122-0x00007FF6C0720000-0x00007FF6C0A74000-memory.dmp

      Filesize

      3.3MB

    • memory/4948-125-0x00007FF795F50000-0x00007FF7962A4000-memory.dmp

      Filesize

      3.3MB

    • memory/4948-150-0x00007FF795F50000-0x00007FF7962A4000-memory.dmp

      Filesize

      3.3MB

    • memory/5028-51-0x00007FF6DEB60000-0x00007FF6DEEB4000-memory.dmp

      Filesize

      3.3MB

    • memory/5028-139-0x00007FF6DEB60000-0x00007FF6DEEB4000-memory.dmp

      Filesize

      3.3MB

    • memory/5076-133-0x00007FF6E8AD0000-0x00007FF6E8E24000-memory.dmp

      Filesize

      3.3MB

    • memory/5076-18-0x00007FF6E8AD0000-0x00007FF6E8E24000-memory.dmp

      Filesize

      3.3MB