Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 19:13

General

  • Target

    2024-05-29_8ea5a5df1b891761afd3492604045726_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    8ea5a5df1b891761afd3492604045726

  • SHA1

    99eb1e918146a57993e1352183862099e7ca6cac

  • SHA256

    a31e6f960916f228578c969131c3e6b02c3ef93319df8f9d056bc00d3feec737

  • SHA512

    b076d1d2f501c24395026c2b260fbcf5d9c1fea82d375fab58b689608247c7b7514b8d3a58b265ebf69fd70fb29af4ae263237eb9370975ddd01d025b1293ae8

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lO:RWWBibf56utgpPFotBER/mQ32lUa

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 47 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_8ea5a5df1b891761afd3492604045726_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_8ea5a5df1b891761afd3492604045726_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3968
    • C:\Windows\System\EfyIBAx.exe
      C:\Windows\System\EfyIBAx.exe
      2⤵
      • Executes dropped EXE
      PID:4744
    • C:\Windows\System\HNcdTWa.exe
      C:\Windows\System\HNcdTWa.exe
      2⤵
      • Executes dropped EXE
      PID:4552
    • C:\Windows\System\IpXynEh.exe
      C:\Windows\System\IpXynEh.exe
      2⤵
      • Executes dropped EXE
      PID:1636
    • C:\Windows\System\GstcBTc.exe
      C:\Windows\System\GstcBTc.exe
      2⤵
      • Executes dropped EXE
      PID:3340
    • C:\Windows\System\vpvmsuh.exe
      C:\Windows\System\vpvmsuh.exe
      2⤵
      • Executes dropped EXE
      PID:716
    • C:\Windows\System\cpQMhBs.exe
      C:\Windows\System\cpQMhBs.exe
      2⤵
      • Executes dropped EXE
      PID:2176
    • C:\Windows\System\kCiQxEX.exe
      C:\Windows\System\kCiQxEX.exe
      2⤵
      • Executes dropped EXE
      PID:2500
    • C:\Windows\System\dPLwJVQ.exe
      C:\Windows\System\dPLwJVQ.exe
      2⤵
      • Executes dropped EXE
      PID:4356
    • C:\Windows\System\XDtKHxd.exe
      C:\Windows\System\XDtKHxd.exe
      2⤵
      • Executes dropped EXE
      PID:1148
    • C:\Windows\System\KXjxzPB.exe
      C:\Windows\System\KXjxzPB.exe
      2⤵
      • Executes dropped EXE
      PID:400
    • C:\Windows\System\KTlgMHC.exe
      C:\Windows\System\KTlgMHC.exe
      2⤵
      • Executes dropped EXE
      PID:2096
    • C:\Windows\System\zEAstpe.exe
      C:\Windows\System\zEAstpe.exe
      2⤵
      • Executes dropped EXE
      PID:1616
    • C:\Windows\System\xiTyTSj.exe
      C:\Windows\System\xiTyTSj.exe
      2⤵
      • Executes dropped EXE
      PID:4808
    • C:\Windows\System\yXauqxo.exe
      C:\Windows\System\yXauqxo.exe
      2⤵
      • Executes dropped EXE
      PID:2448
    • C:\Windows\System\sdgVuJl.exe
      C:\Windows\System\sdgVuJl.exe
      2⤵
      • Executes dropped EXE
      PID:1360
    • C:\Windows\System\JxpjJoG.exe
      C:\Windows\System\JxpjJoG.exe
      2⤵
      • Executes dropped EXE
      PID:5104
    • C:\Windows\System\sFzZhQS.exe
      C:\Windows\System\sFzZhQS.exe
      2⤵
      • Executes dropped EXE
      PID:4296
    • C:\Windows\System\mGsYmEJ.exe
      C:\Windows\System\mGsYmEJ.exe
      2⤵
      • Executes dropped EXE
      PID:2436
    • C:\Windows\System\ZaHlpaY.exe
      C:\Windows\System\ZaHlpaY.exe
      2⤵
      • Executes dropped EXE
      PID:1624
    • C:\Windows\System\rKzMNSn.exe
      C:\Windows\System\rKzMNSn.exe
      2⤵
      • Executes dropped EXE
      PID:2488
    • C:\Windows\System\xyHjZDf.exe
      C:\Windows\System\xyHjZDf.exe
      2⤵
      • Executes dropped EXE
      PID:224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\EfyIBAx.exe

    Filesize

    5.2MB

    MD5

    48573d70f3a5ffa08b133989a82c75f6

    SHA1

    61e9b45dbf7b87cb13534766afc7fa5b94d21321

    SHA256

    6f6a785131dbe0f1f23a925804cd5f333472e0d16929fb3247d362e989592ead

    SHA512

    d69a124c8c0c3c396381544639c4b9484dd6e5e92dd0d7eb32da5b3d42ceb4a35c805fab89f1113486be50f0225ad1a45800ad2d50700873e259142174cf7e6f

  • C:\Windows\System\GstcBTc.exe

    Filesize

    5.2MB

    MD5

    c6405e50eedd4d146f2e87622ee24e5e

    SHA1

    049ba33ce77eff12e08b5ffe35f632f5f14fe3b5

    SHA256

    5b9e0fd8a96b4eb73988439eecfaffc944ae055077945d0a00a14489ab9fca24

    SHA512

    6017cc445b8b21e7be91bc2395a78c028925f5f4bd11814f013b17e79bc6a31d103fa9d9b18be7b6da8ef137ea3f8cd6877f9bd3babedd92cdcdc18f9e290aca

  • C:\Windows\System\HNcdTWa.exe

    Filesize

    5.2MB

    MD5

    354cf1fe2e182266fb11951799f65e14

    SHA1

    43f67f90223d708139ab17a6c0df549bd82f6257

    SHA256

    d990c8fe93bb75cc2c9f7b1ff424d7653e281b052616c7422df8f702ce83aff8

    SHA512

    9880622b50bf60fe30dd2ba04d8d548f068aa6f755eea807d821107fb069928cb058d6d40f725988cc8568899193855d62d649eb9375444fd02f54af56bf9c1c

  • C:\Windows\System\IpXynEh.exe

    Filesize

    5.2MB

    MD5

    29082e1fc238a298e49046a4fcb86dd5

    SHA1

    8bc6c0122de1a8147594608499550068dd25a27a

    SHA256

    f844b0e9274a7fd9fc5bc0f2ed0d7e9e73a51e5c30394e29fceafb9121a33af7

    SHA512

    830a5f5ee3c3bdbb9607ec1d6eff54626df0cb3e02d6f5a0deb90225936d5a3919e64783fcbf3d367446de1a3c979886450198104d7b70d50ebd85cc8a555f03

  • C:\Windows\System\JxpjJoG.exe

    Filesize

    5.2MB

    MD5

    4b41db534805d6427691cd503ca25257

    SHA1

    2d3ffd562d5a0b12c738ce85bdeb3b93537f7387

    SHA256

    62173e412a5cf5abb1ad6136518a04e4522a694fa27193766690f8d933353cef

    SHA512

    7565baa91bc2e014279aa3d3b765c6864ab821da9dba629510c51289860af73432d077bb600882618d4e2781c521c559076fad792053db5a9d6b2d2e3d736db4

  • C:\Windows\System\KTlgMHC.exe

    Filesize

    5.2MB

    MD5

    cbcfeb2417d3edfe97d978c81480dbb6

    SHA1

    efa8b4ee560117ccb390e0bdbba402e8f400d73f

    SHA256

    62c79046a7a7d753b2701e625b6d61c95b22c6e088896069063922203263a932

    SHA512

    f26a1bd91e315d3add6fa60339c67f800b4388265b8cee4aa1a88c78fc34494dadcd3485e52c198881ed30e44b97423f5fdbcafc504907618099b6005cd6b7c2

  • C:\Windows\System\KXjxzPB.exe

    Filesize

    5.2MB

    MD5

    6068364602d9ba621572f92918bb21d8

    SHA1

    7f8f45ce31e904ab826b4f3cc52173838fa710a5

    SHA256

    46c2448adaf081051e9ce4b6394f841bec0b1f2cff77bbf7c9fc78746915f8a6

    SHA512

    3e1931043eda482c98efe55aaf0fa55dec60f0245dd19242d3b9d37257a1fb70b6b43cd93b4282a83ae8ad45137f101b9dd782452fd7a73f0fb8fa7a879f1d4a

  • C:\Windows\System\XDtKHxd.exe

    Filesize

    5.2MB

    MD5

    e8a2f18bf65b04d574aa6cf9d0fca142

    SHA1

    31fa975a4bd60ab9cd9623f4a8a9f6330bb7215d

    SHA256

    d0f6ae35f952c700bb4eeb72631b1e5083baa79952cbd14f87b1b6177ffc3e35

    SHA512

    950e40074a784bd81c119a1c3c36fff0c9f31a9933fd7771cb28cf2d7d0199f981f20d674a187bd1aa27a3a41cf6ce7e745c83f3b5b16fa7cdcb10c4fde338ad

  • C:\Windows\System\ZaHlpaY.exe

    Filesize

    5.2MB

    MD5

    4bf021db857b3eb08713c593ddb30d6d

    SHA1

    e9711c142d32015865a263a9645fb3a60e0554d0

    SHA256

    6ced2260d06f84fe74dd657846d0b10ff8b9648d31632a1012adbe368b3ea761

    SHA512

    3f5a8b542851c1f79f5a6066d593a7a399a3175b0e193b842ea9b80cc36729e0cdaeeb00aea5039de7e800a546536a4d3c2cdef670d0623a796ef47c86f61f4d

  • C:\Windows\System\cpQMhBs.exe

    Filesize

    5.2MB

    MD5

    089df0051435fa7bf3a0df639a1312b9

    SHA1

    6763df5bf161fdd94740faf786789233b362e053

    SHA256

    02742d6ed106cb88c291b62f544ef0dff93031f33ed18db651adbeac72123600

    SHA512

    c62c7c4baa3b7b5f926738f75dec1829c96781790d7036f6f809bacaf6b7a11aa1b9f9226117387d178fd85683bfa3f69ae578fc7d8ac7d7aa43e75bcabcd5c7

  • C:\Windows\System\dPLwJVQ.exe

    Filesize

    5.2MB

    MD5

    2328caeaabbccecdb9e682bc40ea7491

    SHA1

    3a25968a5eba555b9d5c1d4ec7a0a61cf34f0d6f

    SHA256

    28d2445edde920a23bf7eb6e725d3398716d463fe7821534cfbcc2c5f47e008e

    SHA512

    2f0d82e20d9fac620b6ba3d2893cf2bc6599794d7a244596272645df0e5fdacf388f406b958e349e0fc6b6d06cfaca5b78cc9b2ec2256906aa1da6d518da95f1

  • C:\Windows\System\kCiQxEX.exe

    Filesize

    5.2MB

    MD5

    0095fd13162ff2a9e2c9a8c5fde54521

    SHA1

    242fafe4427b422e5a7346ba3a22fca9bd497589

    SHA256

    6b5befb509d4b6124e85565524c8d27aaef429faab95b848adb78863b8a0f91e

    SHA512

    6583edf64ef6bddadb3c10dcb2f5b99f0e1626c06a257c9e618076c2c82306669e107aee3a0885cbd5688248c1a6f5ff74ca9c8234e288368286342ab4523ad9

  • C:\Windows\System\mGsYmEJ.exe

    Filesize

    5.2MB

    MD5

    663dc9130aed7d5f0ec3ff638fcf88df

    SHA1

    0560ca5dd399eddd38566b70e228c0c4d30a4cc2

    SHA256

    45eca7f98589ddaba885402143a3a0bfb83f97bfde8afad1a773e7a0aaa5899c

    SHA512

    c6b48c90637508c74a39dc8ceac796687874c099ac02c73fe61e4a6defe3a61305566c6f81385b53565aec62ab163450d0900392eedae4fcf4215172eeb38b95

  • C:\Windows\System\rKzMNSn.exe

    Filesize

    5.2MB

    MD5

    46cc25a61b4ee3051539bc13f251a492

    SHA1

    7678ca6c2d24b50f95641e07f1b18593f2ca4072

    SHA256

    88d4e0cfee1568310d35599c8329ecbd4fe20df45cdd50defca35a80d42f7272

    SHA512

    8cd0283062f7308eff47b361dbc277d2751e1fafb6f7f295ff485291d68d5509f0e1d1c93a8b3d1b3091b2be2b943da15d2bf7bf84b10a2f41e5f8847e07de6f

  • C:\Windows\System\sFzZhQS.exe

    Filesize

    5.2MB

    MD5

    0d8e336d30dd5cb88a56683fed71a9c2

    SHA1

    534adeed634e0c6d8ab41346c9a346608786f671

    SHA256

    8c710019cbc0f6ee48c7a4d14e7962f4254041bd8906d520f56c04f9d723ff47

    SHA512

    7bf6dd6cab6c0a138d55b5fa2c92b437170467a4125637be7bfe44c50992db22543f6c0a5abfa692fe81afe243f1d57a67f244c1ae220c556a08a7ef032bf171

  • C:\Windows\System\sdgVuJl.exe

    Filesize

    5.2MB

    MD5

    56345fc73ed4c798afdadd44663e5455

    SHA1

    f8f337dfc521bdf4d8ca7516b07904bef60e53af

    SHA256

    6eee89480e8c56c4f258d79ae958f58b70c9d26d4a99fe30fd28d378e2059ca0

    SHA512

    a95d4466f209574990e887d5076cb74f0c5eea8b75eaa97366f1d834f9fdb62131c4460617dbb992b00bafab5b0bcd2b89ef776c69a41b0827ad75df776ca990

  • C:\Windows\System\vpvmsuh.exe

    Filesize

    5.2MB

    MD5

    9bf1674b0a9d87b73cd4e4b9a9d2d601

    SHA1

    64d401cd2759c7bdeb04f5f68dc72ba14c3fcb81

    SHA256

    3ee673f2b3df1ab3e4eb15f3572d52a7204c41e0860b39b68c11bf7e84caa193

    SHA512

    c72854f6b75b93a63cba965a019e99150ecf8451623faa2da7160d3a42961e90100fdc01533fb824601cd568add57ede5cd4ca48a9a47d5534a46bc2cc299c01

  • C:\Windows\System\xiTyTSj.exe

    Filesize

    5.2MB

    MD5

    a81aaecec24dd6f789b2810427488303

    SHA1

    3385d6bb57bcf48901dc38007a85c5035a4e1207

    SHA256

    b8090c5ae310ec100149b8ba15dd775bd2430314d6ec0c2d1a568b5db7b60084

    SHA512

    cf704e47518fda321fc8c860369a78685784c5d9afeb305d3095c31ea80c51da1348f02ba031bfe99a28194624e1ab5d7337e45289ccaac650d49803a2fdcdc3

  • C:\Windows\System\xyHjZDf.exe

    Filesize

    5.2MB

    MD5

    745403f0e0218b44a640930d96d2050a

    SHA1

    250f72aee2b17b0130917f110479a2a972de2502

    SHA256

    4ba2a99f3437fbf8fd0e45313eaa41887f18a1ae19f1e0d1dcb9347b7c20c274

    SHA512

    a43ea1bc76b843b3f27d630930efd5fffc9a2395c7861f565f44f5185d7ebc0e2c11a341291eec39e111578ced1321638806287f7424d0f638764fca26df720e

  • C:\Windows\System\yXauqxo.exe

    Filesize

    5.2MB

    MD5

    c1c82a237edfb43fca15ca9d46e4f447

    SHA1

    924430a5356de1a834407eefb2cefd67d247f9b0

    SHA256

    f15cee2ef8c94b16b4d2cbcc67eb6d17c8605e4aeb8bc01efd0ac1a649699b72

    SHA512

    18efd3f4f27fbe4d3a65c61f9b208f4ca2e702fccbaed8c187fd7990a556ff8145cc55b38aa34dc8a6fe7abe9fae91456946d0145986eabfe97f585be3b20dfd

  • C:\Windows\System\zEAstpe.exe

    Filesize

    5.2MB

    MD5

    cc63e2363d654dfb3a4703c3e6a273d3

    SHA1

    de7eef1120489a593ee9d39feebd510ed1ff110b

    SHA256

    037c6ebd317f12af91897bee489922492e38b5b0690435fae8fb808c3f7d2c05

    SHA512

    09ba6d713b56336d2d925850d59a56a585e8453eb5a4f58825862fbae2fbaac6f515079db14b83a7313452bc422a6ded039a4c53b1ff15a0e28ac5fbfdd54298

  • memory/224-132-0x00007FF7121B0000-0x00007FF712501000-memory.dmp

    Filesize

    3.3MB

  • memory/224-236-0x00007FF7121B0000-0x00007FF712501000-memory.dmp

    Filesize

    3.3MB

  • memory/400-116-0x00007FF637D50000-0x00007FF6380A1000-memory.dmp

    Filesize

    3.3MB

  • memory/400-219-0x00007FF637D50000-0x00007FF6380A1000-memory.dmp

    Filesize

    3.3MB

  • memory/716-31-0x00007FF6DD490000-0x00007FF6DD7E1000-memory.dmp

    Filesize

    3.3MB

  • memory/716-211-0x00007FF6DD490000-0x00007FF6DD7E1000-memory.dmp

    Filesize

    3.3MB

  • memory/716-133-0x00007FF6DD490000-0x00007FF6DD7E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1148-115-0x00007FF7C3910000-0x00007FF7C3C61000-memory.dmp

    Filesize

    3.3MB

  • memory/1148-217-0x00007FF7C3910000-0x00007FF7C3C61000-memory.dmp

    Filesize

    3.3MB

  • memory/1360-122-0x00007FF75F3A0000-0x00007FF75F6F1000-memory.dmp

    Filesize

    3.3MB

  • memory/1360-229-0x00007FF75F3A0000-0x00007FF75F6F1000-memory.dmp

    Filesize

    3.3MB

  • memory/1616-118-0x00007FF698B00000-0x00007FF698E51000-memory.dmp

    Filesize

    3.3MB

  • memory/1616-223-0x00007FF698B00000-0x00007FF698E51000-memory.dmp

    Filesize

    3.3MB

  • memory/1624-129-0x00007FF7A4540000-0x00007FF7A4891000-memory.dmp

    Filesize

    3.3MB

  • memory/1624-240-0x00007FF7A4540000-0x00007FF7A4891000-memory.dmp

    Filesize

    3.3MB

  • memory/1636-126-0x00007FF67E3A0000-0x00007FF67E6F1000-memory.dmp

    Filesize

    3.3MB

  • memory/1636-200-0x00007FF67E3A0000-0x00007FF67E6F1000-memory.dmp

    Filesize

    3.3MB

  • memory/1636-18-0x00007FF67E3A0000-0x00007FF67E6F1000-memory.dmp

    Filesize

    3.3MB

  • memory/2096-221-0x00007FF643600000-0x00007FF643951000-memory.dmp

    Filesize

    3.3MB

  • memory/2096-117-0x00007FF643600000-0x00007FF643951000-memory.dmp

    Filesize

    3.3MB

  • memory/2176-134-0x00007FF7718A0000-0x00007FF771BF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2176-210-0x00007FF7718A0000-0x00007FF771BF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2176-38-0x00007FF7718A0000-0x00007FF771BF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-128-0x00007FF709D80000-0x00007FF70A0D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-241-0x00007FF709D80000-0x00007FF70A0D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2448-120-0x00007FF61E130000-0x00007FF61E481000-memory.dmp

    Filesize

    3.3MB

  • memory/2448-227-0x00007FF61E130000-0x00007FF61E481000-memory.dmp

    Filesize

    3.3MB

  • memory/2488-131-0x00007FF66E640000-0x00007FF66E991000-memory.dmp

    Filesize

    3.3MB

  • memory/2488-238-0x00007FF66E640000-0x00007FF66E991000-memory.dmp

    Filesize

    3.3MB

  • memory/2500-213-0x00007FF7E96A0000-0x00007FF7E99F1000-memory.dmp

    Filesize

    3.3MB

  • memory/2500-113-0x00007FF7E96A0000-0x00007FF7E99F1000-memory.dmp

    Filesize

    3.3MB

  • memory/3340-26-0x00007FF6D3770000-0x00007FF6D3AC1000-memory.dmp

    Filesize

    3.3MB

  • memory/3340-130-0x00007FF6D3770000-0x00007FF6D3AC1000-memory.dmp

    Filesize

    3.3MB

  • memory/3340-207-0x00007FF6D3770000-0x00007FF6D3AC1000-memory.dmp

    Filesize

    3.3MB

  • memory/3968-121-0x00007FF701EA0000-0x00007FF7021F1000-memory.dmp

    Filesize

    3.3MB

  • memory/3968-0-0x00007FF701EA0000-0x00007FF7021F1000-memory.dmp

    Filesize

    3.3MB

  • memory/3968-1-0x0000016178F30000-0x0000016178F40000-memory.dmp

    Filesize

    64KB

  • memory/3968-151-0x00007FF701EA0000-0x00007FF7021F1000-memory.dmp

    Filesize

    3.3MB

  • memory/3968-150-0x00007FF701EA0000-0x00007FF7021F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4296-233-0x00007FF645EA0000-0x00007FF6461F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4296-127-0x00007FF645EA0000-0x00007FF6461F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4356-215-0x00007FF763230000-0x00007FF763581000-memory.dmp

    Filesize

    3.3MB

  • memory/4356-114-0x00007FF763230000-0x00007FF763581000-memory.dmp

    Filesize

    3.3MB

  • memory/4552-124-0x00007FF743A60000-0x00007FF743DB1000-memory.dmp

    Filesize

    3.3MB

  • memory/4552-198-0x00007FF743A60000-0x00007FF743DB1000-memory.dmp

    Filesize

    3.3MB

  • memory/4552-17-0x00007FF743A60000-0x00007FF743DB1000-memory.dmp

    Filesize

    3.3MB

  • memory/4744-123-0x00007FF66A550000-0x00007FF66A8A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4744-8-0x00007FF66A550000-0x00007FF66A8A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4744-196-0x00007FF66A550000-0x00007FF66A8A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4808-225-0x00007FF735FD0000-0x00007FF736321000-memory.dmp

    Filesize

    3.3MB

  • memory/4808-119-0x00007FF735FD0000-0x00007FF736321000-memory.dmp

    Filesize

    3.3MB

  • memory/5104-231-0x00007FF60FB30000-0x00007FF60FE81000-memory.dmp

    Filesize

    3.3MB

  • memory/5104-125-0x00007FF60FB30000-0x00007FF60FE81000-memory.dmp

    Filesize

    3.3MB