Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 22:50

General

  • Target

    2024-05-29_af079aa3400563833efc3c4835e57a45_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    af079aa3400563833efc3c4835e57a45

  • SHA1

    86c04b90362093d66d885c86e052037a90d5ad61

  • SHA256

    ea08bb104b32bb812df7622bf24f990860b5ca7dab866d88eb9b7f69e13a0b63

  • SHA512

    09d95fdbedbb67f4bcf22f0ea8b5e5732eeb78c7865afb6a252f9d99dd4e0ce8920be9af210b8b7f90b4b025c7591d4975bec39ecc88e067c624dca3ed3001d6

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lY:RWWBibf56utgpPFotBER/mQ32lUk

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 38 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_af079aa3400563833efc3c4835e57a45_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_af079aa3400563833efc3c4835e57a45_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Windows\System\UuvZGKq.exe
      C:\Windows\System\UuvZGKq.exe
      2⤵
      • Executes dropped EXE
      PID:1980
    • C:\Windows\System\nMmyuqu.exe
      C:\Windows\System\nMmyuqu.exe
      2⤵
      • Executes dropped EXE
      PID:2192
    • C:\Windows\System\EiyCOev.exe
      C:\Windows\System\EiyCOev.exe
      2⤵
      • Executes dropped EXE
      PID:2604
    • C:\Windows\System\bGfvSWK.exe
      C:\Windows\System\bGfvSWK.exe
      2⤵
      • Executes dropped EXE
      PID:2556
    • C:\Windows\System\yfuffHC.exe
      C:\Windows\System\yfuffHC.exe
      2⤵
      • Executes dropped EXE
      PID:1344
    • C:\Windows\System\JJgCJJs.exe
      C:\Windows\System\JJgCJJs.exe
      2⤵
      • Executes dropped EXE
      PID:2564
    • C:\Windows\System\YqqYhII.exe
      C:\Windows\System\YqqYhII.exe
      2⤵
      • Executes dropped EXE
      PID:2740
    • C:\Windows\System\dzJBVFv.exe
      C:\Windows\System\dzJBVFv.exe
      2⤵
      • Executes dropped EXE
      PID:2404
    • C:\Windows\System\GXJQJwi.exe
      C:\Windows\System\GXJQJwi.exe
      2⤵
      • Executes dropped EXE
      PID:2456
    • C:\Windows\System\inJcDXF.exe
      C:\Windows\System\inJcDXF.exe
      2⤵
      • Executes dropped EXE
      PID:2872
    • C:\Windows\System\ZLXCvIA.exe
      C:\Windows\System\ZLXCvIA.exe
      2⤵
      • Executes dropped EXE
      PID:2692
    • C:\Windows\System\AlYpvZN.exe
      C:\Windows\System\AlYpvZN.exe
      2⤵
      • Executes dropped EXE
      PID:2748
    • C:\Windows\System\cCigySK.exe
      C:\Windows\System\cCigySK.exe
      2⤵
      • Executes dropped EXE
      PID:1812
    • C:\Windows\System\YVXVJtK.exe
      C:\Windows\System\YVXVJtK.exe
      2⤵
      • Executes dropped EXE
      PID:2864
    • C:\Windows\System\UZRuUQG.exe
      C:\Windows\System\UZRuUQG.exe
      2⤵
      • Executes dropped EXE
      PID:1768
    • C:\Windows\System\TarzKJG.exe
      C:\Windows\System\TarzKJG.exe
      2⤵
      • Executes dropped EXE
      PID:2288
    • C:\Windows\System\TVFSCJJ.exe
      C:\Windows\System\TVFSCJJ.exe
      2⤵
      • Executes dropped EXE
      PID:1624
    • C:\Windows\System\jlfcLVt.exe
      C:\Windows\System\jlfcLVt.exe
      2⤵
      • Executes dropped EXE
      PID:1464
    • C:\Windows\System\hJqtThQ.exe
      C:\Windows\System\hJqtThQ.exe
      2⤵
      • Executes dropped EXE
      PID:2128
    • C:\Windows\System\kaeabXr.exe
      C:\Windows\System\kaeabXr.exe
      2⤵
      • Executes dropped EXE
      PID:1260
    • C:\Windows\System\oIbbvak.exe
      C:\Windows\System\oIbbvak.exe
      2⤵
      • Executes dropped EXE
      PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\AlYpvZN.exe

    Filesize

    5.2MB

    MD5

    a6b8ee3626663e67afd9ba60176bc296

    SHA1

    a97f98f1702a312d7e4948e2a012f21830446a67

    SHA256

    9ea1d49b110e247303b712c2bc895ab5ef0ddecadc52d1f08e03a98334ca6aab

    SHA512

    e35088fa4fc36b418ab4a049f31d17e7a5809379bfce398c4e8b9aba8b93d00b9e7daa970a6098da3d194a782b136a8f9bf75e3f959862ce934ffcb3540aaf52

  • C:\Windows\system\EiyCOev.exe

    Filesize

    5.2MB

    MD5

    204a897f4f25be88a48a184cca569813

    SHA1

    266f532784f4b69fb42faf785ebda510e28ca8c9

    SHA256

    320e0eca289e85557571b89fc0138f475d67395e31c91017d290037e6e6874e5

    SHA512

    fd537893ee4219747e31ea8c84eb8d1759543a275a8222d24d4047edc1660453956d31eb2582016796a0f5cc686b8f44e2c2c27efa62941558e310708b541db4

  • C:\Windows\system\TVFSCJJ.exe

    Filesize

    5.2MB

    MD5

    796ed3c2257e5bd8a9edbebde5fcb8a5

    SHA1

    4ed8394af4048d28989b279ed0d5a09b16163ac2

    SHA256

    90f537bf97ce1b17db202ebf77f291868b518fed0dd477945657f8efea115d8f

    SHA512

    3cbbf548994f164ef3431dbde39da958d5b60375d9d933cb52ddce74d38d999ecfddcf271e320b50c94fec4f16d6c6ee3e2b11e7748adfc41fd8d470180b28ce

  • C:\Windows\system\TarzKJG.exe

    Filesize

    5.2MB

    MD5

    e90b89844bafbfcff7d799556ac58526

    SHA1

    60966695b75bc46bd3f5e9a957f427d558a3ba15

    SHA256

    4668b4622f5d9702621f6c621bd05727dd5b741cf74d63ee1051e508834d530c

    SHA512

    793490f5b6e466e498622be8af7a9f45671f15f0c95bf1e5eb969eda4448f676d681302b9ec9fbc16062acce4124b941bc70d0299f7129f873bd7846fcfd1433

  • C:\Windows\system\YVXVJtK.exe

    Filesize

    5.2MB

    MD5

    82cf58e3c009db7df303cfdfda852251

    SHA1

    2c05955e82979d9989842bf85744df8c33dcf266

    SHA256

    3e86be327591c82c55f761f15f862811c29d1ed71f78a300e6e785eccae81cf3

    SHA512

    96e426679db3f622ec39c2ed25fd0fd40734dbd35bb6094bba4fa69468cb9e0742039ce35fc37cecd55a382c7a1f1e1abc84c75a085af0854f965c3afede386b

  • C:\Windows\system\YqqYhII.exe

    Filesize

    5.2MB

    MD5

    67291b3f5e85e79e0bcf1711fa976d67

    SHA1

    ac9ad4f13629100a4f2e0b98823f758376a25cc9

    SHA256

    e4884909a8310118f52d4f7c956cd29719fa5bb7704c65e5c0cf6fdf7392e3a7

    SHA512

    9be7c4c01f9f035f4f46388ba65158fc2082dc1235cc011b7cbf0778d87503cf9411cd4b06fded267780e91c4619a076de9e1595da69eef9a48cee585d4dae2f

  • C:\Windows\system\ZLXCvIA.exe

    Filesize

    5.2MB

    MD5

    c902090eb84336a38c912f47d3acd99b

    SHA1

    265f6506fed4aaf52c4faad83bae204453fdf0ea

    SHA256

    a3da49163aec0fd9a73d20285c295a98f2268067eade3a107550acdc6b876591

    SHA512

    73e4c295f37c0725b75a242dbcb3d665d33b5bd1dba7e29bbd31c0d2941961dce392911bd9b50773144f739b380651d0852e3763ad92028e84fd632c364fe5e8

  • C:\Windows\system\bGfvSWK.exe

    Filesize

    5.2MB

    MD5

    e590f816213f4cb4b7bcae197988140f

    SHA1

    d4d7a044aec08c2f79502648decb9a1f38d37961

    SHA256

    f0093f406f2e464bb2e8e17c19d02b91f5f03c2afca8326abe1a65caf0556364

    SHA512

    4824b0bfcfce809398393e313dfd55962bb237a0aac17a07784ab580a710e3d1fbe6f7c9006fd958048d140ef1dd0d4a0944502f165e2d2fc1e056b15bc71137

  • C:\Windows\system\cCigySK.exe

    Filesize

    5.2MB

    MD5

    3dd7aebb0796a29c65968773c064d943

    SHA1

    cb0353afc5b86925fc10555669aec3b107a62ddc

    SHA256

    8afc514b6c86749e1f7095a97fe7ad2f12886e2cd0d0ba2ce6ee559f50db7a17

    SHA512

    3f8e08346f0869347ec5cf49a9b263a4ad410b3766823516060720da97db77704aa5640439434fd5f53992b4b0476d581c881510b07168afd3a520f5d2ed253d

  • C:\Windows\system\dzJBVFv.exe

    Filesize

    5.2MB

    MD5

    be34652434e6d15fecd680db20d6e760

    SHA1

    979e08402a786bfdf0539ea8c4c7a5bc1af92648

    SHA256

    0ad13e55ba564531affafb1e56b7b3ca15002f33c2dd956bd5c82eb3febe506a

    SHA512

    037af29ea135a8de1a4227c8f75c81fd90a320cbc790c256f1ee9d3c1fdc654d84eb9c2d88f846aaa1559c34569a67eded1cd180fc758d5a83a35ae38c08b8b6

  • C:\Windows\system\inJcDXF.exe

    Filesize

    5.2MB

    MD5

    4e4010fa9fbd18cd2c08887e12b5a278

    SHA1

    8d149de33b90fb61ca9b7885befca8876b886c6e

    SHA256

    0900535ae3af05a537ddcb96879a9b7791f306a607d785db0e8c6a6eb06d8c21

    SHA512

    22054aacdf06d02e234b7978584a5d7b119119fed9136d441de9ef4b6a97ae7dcee2131207964f6d405f803fb12949ccb8a9db92f936b8e656ef2a5abc4be9ea

  • C:\Windows\system\jlfcLVt.exe

    Filesize

    5.2MB

    MD5

    51bffa6f923b361cef9ac20b7d7321c1

    SHA1

    7237c49d77932ef6bd0754ad7a7d031e7a3e1456

    SHA256

    af7a51b8c5f8df067d08cd3ff9c9f4f10d54c1bf76f47023da768dce82a65556

    SHA512

    bacc64f9b6e4a2ac023c2ed93b838b56dd0f01ca6a241b76a9034928806c85c1ea50d58c3324bf35f67671841f6bda409f1aa1458f53a8327c60623bef0371f0

  • C:\Windows\system\kaeabXr.exe

    Filesize

    5.2MB

    MD5

    3b1baf30b742a51a514f26bc898e43ce

    SHA1

    0bb1d312021e15ae579333d625d0dd9245d15649

    SHA256

    4491a94cb1f3f50dc351cb0060a68296a96a9dd605c3b1bf6d6c7a15c279f4eb

    SHA512

    e26da4aa87098d2706b185bd3e60328a965dec12d2c3d9a0125f1a318b0866111059dc2b3189580240dcc6ee4ce152b4948179e431ab0aa06e98a497ee5779c4

  • C:\Windows\system\yfuffHC.exe

    Filesize

    5.2MB

    MD5

    7dbbd1f93db6270ac490019a7992c1bb

    SHA1

    d20bccddf392bc3d0a2eb4280866562d4de1c688

    SHA256

    aeea98626e453aa21b3610e7c410ab9d06669804cc5eaedd89a4ad11b577d986

    SHA512

    145074c04effe458a807dc7a60c8ff5043e23475b49a5de23ee364e3c02e60a91a464c4e8cd50870ad5b60d114d4df991880879e8fd18764d30cdc1926da7a42

  • \Windows\system\GXJQJwi.exe

    Filesize

    5.2MB

    MD5

    7ce660f919d7ca1fca12e0896a2c0e1a

    SHA1

    2150d758f729e8768b2758e02c6b9647fd79a2a2

    SHA256

    34cc844f6091e494a98e96eb946c0ec44ce3cc8d29bb4ac34687afa9df7a6148

    SHA512

    6547d30e6892c71628608259ce35575869a480bb1b85b2baef5bb9e23e0621f44ebdb9e749d57be31ddcb136e9827909a8706c808e6e1372bd58007bf368ddae

  • \Windows\system\JJgCJJs.exe

    Filesize

    5.2MB

    MD5

    9f2976ad0724a32e84eb119801fce850

    SHA1

    fcd4554c57a7fa8a5f8f61b38bcfce11bad65c94

    SHA256

    f236b65693293711260b96bc3ed0d86cf09d60cf6a64ea6a8c0ad6eec7edbf82

    SHA512

    bf2d298cace5a53c8ae8a42203ff0052ce8a3e831373b420d87c6c1f2a85bb3cc617245c3915e982b756cc87c2b87d18474676f6d2c7f234087a2a131e53cd79

  • \Windows\system\UZRuUQG.exe

    Filesize

    5.2MB

    MD5

    6c7a72e6af7088fb7d7598ce02983372

    SHA1

    5a337ccc1ec4823183dce41d70c9930d129b29ba

    SHA256

    99ec096b25e65b4c98c35085e129dc6a533965618efeaa7a5b82f843bf61ee23

    SHA512

    cd9d1d4aeb5a2baf24bc3c3838ba824a6e54c97f397a7c1b8cf7fac3629ef74513a7ef1aa9cb4133a0c8451f97a474e42b8a0ceca8b3d6bdf76b7d455759ae28

  • \Windows\system\UuvZGKq.exe

    Filesize

    5.2MB

    MD5

    137476a7edec52f60a47a9392e485944

    SHA1

    5f994d3c491f3dd056f9e591af2b36ea41d34eee

    SHA256

    fa8068e3b32a28c2fa4dd1ca597b347b65fa5278416023de2def1fdd2f86de09

    SHA512

    69333a01515992958f59d07f7107fdd8223347845186df5836b4b871ef4ab13baf4f8959ebde98ecb6fb124fce92a9819782547780053b9feb2c683077a90cbb

  • \Windows\system\hJqtThQ.exe

    Filesize

    5.2MB

    MD5

    df3339a162803453bba1dd4ee34beb1e

    SHA1

    820ebd5e27292e60b838518be61dc4a0b92ea0fe

    SHA256

    539f92bc2aebdab803dffc1baa973fd478a9112dce876485b45225f749ccf22d

    SHA512

    9e44fefdec218bf17afae6541c187009630af75f6ed1ba1ccefe3ecec5d56fc87e386d53a72ea1e9550a63e0e189cf0e5e02837bc6fd6202b3044857bb004ac4

  • \Windows\system\nMmyuqu.exe

    Filesize

    5.2MB

    MD5

    30cb41265a4975d5ed6c4a3249568c3f

    SHA1

    3396d48cf786a9e146f64c7e57111edb518ded0a

    SHA256

    69edd98ea57062862dc5c5c08f857e24d13d0077b954f092390cb2d8f0302fc1

    SHA512

    00b52ca4835862a854c348880011df77b0fb5b7389ccb1b0f87a4c09c92afdc4f5ceff3408dfb340538e0c60f3506684ef01a6737f2828c669281c1cf8491da4

  • \Windows\system\oIbbvak.exe

    Filesize

    5.2MB

    MD5

    1dd2a5b496b3d5d052fa9e6c3787d7f8

    SHA1

    930b75eaa1063fa4fe856a785c837a680e547de0

    SHA256

    42e6ab6e2c957c6094f54e832947d027f21d1d4286017fbb2635fa1965473156

    SHA512

    d35715f95c0de9b417ce19ed99695ecce0f0576d0acbb73356c3e767cfea7b13c83d739c9c1178561f5923ce1fab4d04ab512c3f4c2546f53181007e50b93eed

  • memory/1260-162-0x000000013F890000-0x000000013FBE1000-memory.dmp

    Filesize

    3.3MB

  • memory/1344-228-0x000000013F6D0000-0x000000013FA21000-memory.dmp

    Filesize

    3.3MB

  • memory/1344-118-0x000000013F6D0000-0x000000013FA21000-memory.dmp

    Filesize

    3.3MB

  • memory/1344-45-0x000000013F6D0000-0x000000013FA21000-memory.dmp

    Filesize

    3.3MB

  • memory/1380-163-0x000000013FE90000-0x00000001401E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1464-160-0x000000013FD80000-0x00000001400D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1624-159-0x000000013F1A0000-0x000000013F4F1000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-111-0x000000013FD80000-0x00000001400D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-176-0x000000013F930000-0x000000013FC81000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-74-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-187-0x000000013FD80000-0x00000001400D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-76-0x000000013F4D0000-0x000000013F821000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-47-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-48-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-84-0x000000013F930000-0x000000013FC81000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-69-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-20-0x000000013F840000-0x000000013FB91000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-164-0x000000013F4D0000-0x000000013F821000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-103-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-41-0x000000013FFF0000-0x0000000140341000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-55-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-0-0x000000013F4D0000-0x000000013F821000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-144-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-140-0x000000013F4D0000-0x000000013F821000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-13-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-1-0x0000000000200000-0x0000000000210000-memory.dmp

    Filesize

    64KB

  • memory/1660-116-0x000000013F920000-0x000000013FC71000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-115-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-113-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-34-0x00000000022D0000-0x0000000002621000-memory.dmp

    Filesize

    3.3MB

  • memory/1768-157-0x000000013F920000-0x000000013FC71000-memory.dmp

    Filesize

    3.3MB

  • memory/1812-253-0x000000013FD80000-0x00000001400D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1812-112-0x000000013FD80000-0x00000001400D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1980-211-0x000000013F4F0000-0x000000013F841000-memory.dmp

    Filesize

    3.3MB

  • memory/1980-93-0x000000013F4F0000-0x000000013F841000-memory.dmp

    Filesize

    3.3MB

  • memory/1980-11-0x000000013F4F0000-0x000000013F841000-memory.dmp

    Filesize

    3.3MB

  • memory/2128-161-0x000000013F570000-0x000000013F8C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2192-106-0x000000013F780000-0x000000013FAD1000-memory.dmp

    Filesize

    3.3MB

  • memory/2192-213-0x000000013F780000-0x000000013FAD1000-memory.dmp

    Filesize

    3.3MB

  • memory/2192-14-0x000000013F780000-0x000000013FAD1000-memory.dmp

    Filesize

    3.3MB

  • memory/2288-158-0x000000013F410000-0x000000013F761000-memory.dmp

    Filesize

    3.3MB

  • memory/2404-139-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2404-232-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2404-61-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2456-147-0x000000013F480000-0x000000013F7D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2456-234-0x000000013F480000-0x000000013F7D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2456-62-0x000000013F480000-0x000000013F7D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2556-224-0x000000013F7F0000-0x000000013FB41000-memory.dmp

    Filesize

    3.3MB

  • memory/2556-36-0x000000013F7F0000-0x000000013FB41000-memory.dmp

    Filesize

    3.3MB

  • memory/2564-49-0x000000013FFF0000-0x0000000140341000-memory.dmp

    Filesize

    3.3MB

  • memory/2564-227-0x000000013FFF0000-0x0000000140341000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-22-0x000000013F840000-0x000000013FB91000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-215-0x000000013F840000-0x000000013FB91000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-153-0x000000013F7F0000-0x000000013FB41000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-77-0x000000013F7F0000-0x000000013FB41000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-250-0x000000013F7F0000-0x000000013FB41000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-230-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-50-0x000000013F450000-0x000000013F7A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2748-85-0x000000013F930000-0x000000013FC81000-memory.dmp

    Filesize

    3.3MB

  • memory/2748-251-0x000000013F930000-0x000000013FC81000-memory.dmp

    Filesize

    3.3MB

  • memory/2864-156-0x000000013F490000-0x000000013F7E1000-memory.dmp

    Filesize

    3.3MB

  • memory/2872-236-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2872-70-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB