Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 20:54

General

  • Target

    2024-05-29_7f334cfdc9773fc0f97955dca8a860a2_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    7f334cfdc9773fc0f97955dca8a860a2

  • SHA1

    8147e1316da0c4f71070c2ce927e9a5ea8944874

  • SHA256

    875402486c494101baa0b535acb3fb9ee73d4e55be9094327427592172fd65d8

  • SHA512

    c769ace7b5ed29c0bdce1664813bcfd4a8e52261d261d85a0be9b22a7c9d772d5f6ca705d2cb51f4bd86a67fbaca9bdd8fd78669394060d32fdbfdc166dcf8df

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l9:RWWBibf56utgpPFotBER/mQ32lUp

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 46 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-29_7f334cfdc9773fc0f97955dca8a860a2_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-29_7f334cfdc9773fc0f97955dca8a860a2_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\System\ogLydMJ.exe
      C:\Windows\System\ogLydMJ.exe
      2⤵
      • Executes dropped EXE
      PID:4604
    • C:\Windows\System\FCiOZbv.exe
      C:\Windows\System\FCiOZbv.exe
      2⤵
      • Executes dropped EXE
      PID:2524
    • C:\Windows\System\WbzbEej.exe
      C:\Windows\System\WbzbEej.exe
      2⤵
      • Executes dropped EXE
      PID:400
    • C:\Windows\System\FzupgGq.exe
      C:\Windows\System\FzupgGq.exe
      2⤵
      • Executes dropped EXE
      PID:2940
    • C:\Windows\System\cHLptxM.exe
      C:\Windows\System\cHLptxM.exe
      2⤵
      • Executes dropped EXE
      PID:3980
    • C:\Windows\System\SiFdHRG.exe
      C:\Windows\System\SiFdHRG.exe
      2⤵
      • Executes dropped EXE
      PID:2504
    • C:\Windows\System\mFekmPY.exe
      C:\Windows\System\mFekmPY.exe
      2⤵
      • Executes dropped EXE
      PID:5100
    • C:\Windows\System\mKmYvEn.exe
      C:\Windows\System\mKmYvEn.exe
      2⤵
      • Executes dropped EXE
      PID:1548
    • C:\Windows\System\XTaKVPf.exe
      C:\Windows\System\XTaKVPf.exe
      2⤵
      • Executes dropped EXE
      PID:5036
    • C:\Windows\System\qZmstFD.exe
      C:\Windows\System\qZmstFD.exe
      2⤵
      • Executes dropped EXE
      PID:2680
    • C:\Windows\System\ldBwevM.exe
      C:\Windows\System\ldBwevM.exe
      2⤵
      • Executes dropped EXE
      PID:1596
    • C:\Windows\System\ZyqaGcP.exe
      C:\Windows\System\ZyqaGcP.exe
      2⤵
      • Executes dropped EXE
      PID:4036
    • C:\Windows\System\JEYHItk.exe
      C:\Windows\System\JEYHItk.exe
      2⤵
      • Executes dropped EXE
      PID:840
    • C:\Windows\System\WUuOzlP.exe
      C:\Windows\System\WUuOzlP.exe
      2⤵
      • Executes dropped EXE
      PID:2576
    • C:\Windows\System\BSAcfwo.exe
      C:\Windows\System\BSAcfwo.exe
      2⤵
      • Executes dropped EXE
      PID:2108
    • C:\Windows\System\gSyuQuV.exe
      C:\Windows\System\gSyuQuV.exe
      2⤵
      • Executes dropped EXE
      PID:4452
    • C:\Windows\System\WRrcnbE.exe
      C:\Windows\System\WRrcnbE.exe
      2⤵
      • Executes dropped EXE
      PID:932
    • C:\Windows\System\zliRDKW.exe
      C:\Windows\System\zliRDKW.exe
      2⤵
      • Executes dropped EXE
      PID:4532
    • C:\Windows\System\TbrkopN.exe
      C:\Windows\System\TbrkopN.exe
      2⤵
      • Executes dropped EXE
      PID:2988
    • C:\Windows\System\kqaBemO.exe
      C:\Windows\System\kqaBemO.exe
      2⤵
      • Executes dropped EXE
      PID:4808
    • C:\Windows\System\UUJerys.exe
      C:\Windows\System\UUJerys.exe
      2⤵
      • Executes dropped EXE
      PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\BSAcfwo.exe

    Filesize

    5.2MB

    MD5

    8aa45d876fb81ee3d0435e98da0b4f9c

    SHA1

    2ad30ea7ac8af8223f5c39c30945a84554fa2b51

    SHA256

    e530f8207fcde8e52d39f08de111a99294187b1154a1e978bfcce652ce2776ef

    SHA512

    4f7ede61d2daffde3e452424f5efb31a3a94cce5a1ed4c31b73484343745635c45ff14f130bfa0a2d11fb5d8b0c4838f5d5554b150ba50e14e9db5da26233b86

  • C:\Windows\System\FCiOZbv.exe

    Filesize

    5.2MB

    MD5

    27365a44384057989f57b91cf2728531

    SHA1

    97bb72718a2336fbcc1384f9ce1777a8088c00c0

    SHA256

    327af3b7c75cdd1a3715dc175f2bc06e2b6c2be5bc10f36bfe5f3cad659b79b7

    SHA512

    6736c6e88f3e9297903aedc68597e64368ed493bd4f0158478a35319e662aac9e5ea735a025a62c0caf0a6a9c2848668e63f5ac3fede7552f17f4a508de43c7c

  • C:\Windows\System\FzupgGq.exe

    Filesize

    5.2MB

    MD5

    00862a608af64b39768b54522a4f0d78

    SHA1

    2eeadee677efd837987dcc1263128b662a65f8f8

    SHA256

    f10c3a6cf72f197f9b060dd23060598468e8460ff6856e47be377b280c973fca

    SHA512

    f6aebde56feab7cd59e45fc29beaf54e9f56d18299a1211afced75f0ab3451c0b98cd38b18605794e301030dc938312a68c1e3346352331adb31f2635d737d36

  • C:\Windows\System\JEYHItk.exe

    Filesize

    5.2MB

    MD5

    ce70868610aee82b3271df848f1eb24a

    SHA1

    e288baca20002bba998af6a8f22c0e9a74157825

    SHA256

    6702c0941eceb437aca560713a842cba061d73e9f05fd293f8cc7c03738dfef9

    SHA512

    8ab0391353a65df54560a620fe94528bff08d860640a37c6d7b7b50f8a39bcb0383a6407dbae014e0e58e7bb01b6024e2e357dc5600ff48131fb4b2868eae8a1

  • C:\Windows\System\SiFdHRG.exe

    Filesize

    5.2MB

    MD5

    35952b90b5103f011c68c9ce595e813f

    SHA1

    5ce7dc4cf8afee8ae492483764a3a7b70a9691b1

    SHA256

    94c914fc87335a9615b7fa8bad2978d5c15ec0f99075586b373f83947d6631d3

    SHA512

    b75321a7dd515fe4444273288b1f156dfdc6a841807c4323b6cde9a12c0f88075069f8d5ca3e23626c2400ca3a763ddce927922270db99a8196e5b285e04e5b6

  • C:\Windows\System\TbrkopN.exe

    Filesize

    5.2MB

    MD5

    3ed894aff6c3974a0674e7dac10ba92d

    SHA1

    e4febc6b6df5aeda5c6422c2edc6b04735bee8f6

    SHA256

    2a4387bc4299ed24d662b7f414cb8f15dc8f8a161f02fafe018fda80b338012e

    SHA512

    4dc222565f40253e768660852ea0ab731ccb6b57bfbb78edabfafb831ddcb0f218aeed25a938772c3879f3e9affefe8a4b0336b251b82cba1c3a819f9667a46a

  • C:\Windows\System\UUJerys.exe

    Filesize

    5.2MB

    MD5

    ec5c76fa91c4d0c50918fd22acfa4fc5

    SHA1

    2a0ace0bdcb4b8c4d0097138af78d3615c7e2133

    SHA256

    a0b145f2fee3ca14910e1de9632b716d02658136a994c0de6e983da41a3cf9ce

    SHA512

    a8aee27f8831a1f7892915e9e921c8b8c468bcea1f9fa96d88474a8dd2f107c178ad7fcada85dabbdd1ba7d4cdbeceefc887b1e5540cbba8388f37c3c1d85bd0

  • C:\Windows\System\WRrcnbE.exe

    Filesize

    5.2MB

    MD5

    41bbb08ac49ade1a8fd7c312ecfc0507

    SHA1

    fdf5f85acbedf649a26defd128044a7bd791a190

    SHA256

    cd90405a29879ff06d4b46587a0cf9bffdce7be77814c3c9df4acc5a01cd76d4

    SHA512

    2518c83ab649441ae093feca27e6be514f8797f26d66ca4719e5f6a1acc38cd4d8f370ca5398d0b630cca992a186c9891bb6e26722732c746eae4567e44f2ec1

  • C:\Windows\System\WUuOzlP.exe

    Filesize

    5.2MB

    MD5

    b232b05c0f6891d6375f69c9442bd06a

    SHA1

    ab399343b5486ecca952fb55a138a415b26a2a2e

    SHA256

    526285f63a210f8f62d94440244176e1906d90502909a45fa6bf1bb1da8d6ebf

    SHA512

    9fce5e14432444403784fa284d4b12deb3357f7b7d718d6032b35c52ed3d458e39e1ca2f641cda838c7a0657020ebebcf92399ac1aefc36f9ff8cfeb0597b2c6

  • C:\Windows\System\WbzbEej.exe

    Filesize

    5.2MB

    MD5

    9c16d803a7c590e5b742bc59bb1078c3

    SHA1

    b2032d75520d75bb87eba99b3cdce119a30699ff

    SHA256

    20374d95e56a8b74bd60c1f7f2cadf719534c22be5d3e0ca3f1e2bd3410b477a

    SHA512

    a7129fb7ce4f30656264ada5d8993faea359be152f9befe0acb9b359a72028155a8f97aec04a739bcd076f81d1899fb57086ab10e2e8ea672d832236eb69220e

  • C:\Windows\System\XTaKVPf.exe

    Filesize

    5.2MB

    MD5

    e1c825090657e3f5b600596b9e58510f

    SHA1

    a05683d293f7112fef53590c384f2c2696a2d5ec

    SHA256

    cb36bd63317dee56bd5aaee959ddedb622926067a6ad1469dea6b498f10dd787

    SHA512

    efe97e5ceeb59d9c09c625a79909a3f681433b440a18d9337e181bc9ca79333ba62cafc3f42d3395f2d90780759f8d4c821f1a3475111082f2b60a1ffb71b0de

  • C:\Windows\System\ZyqaGcP.exe

    Filesize

    5.2MB

    MD5

    a287527eeff9c17f58c7ef2c75d5f980

    SHA1

    c538fb442b63c6fbbc4d5f6c6e61d3f60eda87b1

    SHA256

    c096b875cea312d3124082f6be45e48da1f36547b2ea5cc797d125a9bc57cca1

    SHA512

    0ee619696b9d0178a89f031ed4dff8b22d4e0f5a9f20cf0880a47d0545046d9b63d1d7dec8af95c834b2e1738b187507a1d10b98cfed71a3c091e538bbf5cfdc

  • C:\Windows\System\cHLptxM.exe

    Filesize

    5.2MB

    MD5

    5a4452f1095cf2d4e872499a358b18ff

    SHA1

    c959b2e6802847215647314bd09fc55b4691d17f

    SHA256

    2f290466bd6fcbaa96ffc04730363e8fbb62313326664ded79ae223d611fb6da

    SHA512

    251227406fd8b661640801a675ff5d5fee76157d01d25d411eb44fc22c1cea4edb2fe1cf26e7234e7f0dfc957ccf01d5df29fb2434d6991132c60bfb37099777

  • C:\Windows\System\gSyuQuV.exe

    Filesize

    5.2MB

    MD5

    b37bf14797121b9f67f339842618ef2a

    SHA1

    1d73c0678aa4368ba2ee7a0628fd59370e93472a

    SHA256

    82dc37c5140cd3c60ae630222e2a91c8a985edf149eb76c47cdc1f3d429450dd

    SHA512

    561e301552777158753d1663616d1ef122248253078976e5e171e1be795f99b911827c305a288b3ac36c59c1425a98bc8904da288ef53b571f64d4d54e9e3d3f

  • C:\Windows\System\kqaBemO.exe

    Filesize

    5.2MB

    MD5

    1ff84e07c04b60ec169719e9313fb480

    SHA1

    8ec28e7fa8a82edb6c204ee859f77c9a4d7c4af6

    SHA256

    4b86e43b79e561cbf295d2ee520eca1c5f7026189daa961e484842e94db16a0f

    SHA512

    01a6bfd78f8d475f3f013c3967521c086eae5c5070d67d8f12ee12cf409291e65099989980e3e79f5422ed7a2e9a26cbee07dcaff579cdf08243df7d51cfd0c9

  • C:\Windows\System\ldBwevM.exe

    Filesize

    5.2MB

    MD5

    e5d5f4ea41207ed141e733d6f3e9c488

    SHA1

    63d865599960af56b3e793d0a1f8d6e6272f3f71

    SHA256

    221812bcdc7b8c9841f0efa617e954c7e964f8c18d7b8a5bea1423cc1d9982a5

    SHA512

    2d1f163beb1f06f6b54f2122f6499ac54496e672e8495b941be9e14542a05aea836d038d782c79ed6f6d2384580a716186102e8c50b3e1b3e5d108a826a47563

  • C:\Windows\System\mFekmPY.exe

    Filesize

    5.2MB

    MD5

    6f882a8a76639f0902dde88362fd0081

    SHA1

    61d4baa7ad68bca631440e257ed351a05e57c722

    SHA256

    8235de2a932da140afcfc73e1715d277deefb85a118f6df0b0fe6a6fafe9d744

    SHA512

    7167a47914cbd5710c9a2b461fda9928993106536f239f60014778a816d95c22f30efecfa9d76fe50a8c711a87cbd7deea568c73bd032f8c2f3d05b7beca76f6

  • C:\Windows\System\mKmYvEn.exe

    Filesize

    5.2MB

    MD5

    4c542877b55d03a4ea4ffe9d7576ad00

    SHA1

    9d4273d527a5504006e39342fbff32d30103a5b4

    SHA256

    91804fe21389e927a356842f7a988cef9ed19214f46e17102e45fdd17e2d223a

    SHA512

    ab249255382140cc2cb9b720def5144ed5a6af83842de0539b402018309ae594f15e2a6c08b69e2a1dce79beb7d63613e43d4cb2f6cb21647e0e60bb72d3c1c5

  • C:\Windows\System\ogLydMJ.exe

    Filesize

    5.2MB

    MD5

    d431712c669fdda2a9efa1899d53f7f5

    SHA1

    682ec5556905b0380edca28cce5ada164f75a012

    SHA256

    cd9c6816381c86c6744486549e4379ea8315646d694ca99bc347988f26d20013

    SHA512

    4e9a8aeff091d00fc744e4bf93a274e03fde47114e06cf9313304f36faacb8c7a68dda7934b40ec31a71660270d7e3e2861a27e6eef626af4e7fd46d6721e821

  • C:\Windows\System\qZmstFD.exe

    Filesize

    5.2MB

    MD5

    5d3fe28b64395aa6f0be09badaed7047

    SHA1

    e680b989ac8604053648968b60c983e9e48bf55c

    SHA256

    3194f4cb839c5d558e8e4377edf58bd97c63837c42ead5d650d4879c2ac6af02

    SHA512

    c640fcf2aeb96f19d1bc00e3e7f034b831b1de778688fb7ee2b8a493463111f73dbc83f6c9ce951cb967f348032f673f27d837789f2f805267efb99ededfe633

  • C:\Windows\System\zliRDKW.exe

    Filesize

    5.2MB

    MD5

    5a4a47704c7282ddb4cd188a9745a0a9

    SHA1

    decabda3a76ae06b5626fbdf5b11e923fb88b2fb

    SHA256

    92d009cbd27f5c55b7d4e3dbd5342e30d7b4c9bac6bc1508fd4764588c1f9c03

    SHA512

    057ec4bfe7377793171eae7f7638d915705c7f34fa3f3cce54bfe1e9dc6cec0147ee5cea75b387ce761d611f61adec583b4680fe22ce16c16dd78fc0411b7432

  • memory/400-202-0x00007FF63CA00000-0x00007FF63CD51000-memory.dmp

    Filesize

    3.3MB

  • memory/400-22-0x00007FF63CA00000-0x00007FF63CD51000-memory.dmp

    Filesize

    3.3MB

  • memory/400-131-0x00007FF63CA00000-0x00007FF63CD51000-memory.dmp

    Filesize

    3.3MB

  • memory/840-141-0x00007FF6BF090000-0x00007FF6BF3E1000-memory.dmp

    Filesize

    3.3MB

  • memory/840-117-0x00007FF6BF090000-0x00007FF6BF3E1000-memory.dmp

    Filesize

    3.3MB

  • memory/840-234-0x00007FF6BF090000-0x00007FF6BF3E1000-memory.dmp

    Filesize

    3.3MB

  • memory/932-122-0x00007FF731520000-0x00007FF731871000-memory.dmp

    Filesize

    3.3MB

  • memory/932-230-0x00007FF731520000-0x00007FF731871000-memory.dmp

    Filesize

    3.3MB

  • memory/1548-210-0x00007FF731430000-0x00007FF731781000-memory.dmp

    Filesize

    3.3MB

  • memory/1548-136-0x00007FF731430000-0x00007FF731781000-memory.dmp

    Filesize

    3.3MB

  • memory/1548-55-0x00007FF731430000-0x00007FF731781000-memory.dmp

    Filesize

    3.3MB

  • memory/1596-71-0x00007FF7BEBF0000-0x00007FF7BEF41000-memory.dmp

    Filesize

    3.3MB

  • memory/1596-216-0x00007FF7BEBF0000-0x00007FF7BEF41000-memory.dmp

    Filesize

    3.3MB

  • memory/1596-139-0x00007FF7BEBF0000-0x00007FF7BEF41000-memory.dmp

    Filesize

    3.3MB

  • memory/2108-91-0x00007FF69BE70000-0x00007FF69C1C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2108-143-0x00007FF69BE70000-0x00007FF69C1C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2108-226-0x00007FF69BE70000-0x00007FF69C1C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-151-0x00007FF65A1D0000-0x00007FF65A521000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-1-0x0000024AA0390000-0x0000024AA03A0000-memory.dmp

    Filesize

    64KB

  • memory/2436-150-0x00007FF65A1D0000-0x00007FF65A521000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-128-0x00007FF65A1D0000-0x00007FF65A521000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-0-0x00007FF65A1D0000-0x00007FF65A521000-memory.dmp

    Filesize

    3.3MB

  • memory/2504-48-0x00007FF6695D0000-0x00007FF669921000-memory.dmp

    Filesize

    3.3MB

  • memory/2504-212-0x00007FF6695D0000-0x00007FF669921000-memory.dmp

    Filesize

    3.3MB

  • memory/2504-134-0x00007FF6695D0000-0x00007FF669921000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-200-0x00007FF6463D0000-0x00007FF646721000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-12-0x00007FF6463D0000-0x00007FF646721000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-130-0x00007FF6463D0000-0x00007FF646721000-memory.dmp

    Filesize

    3.3MB

  • memory/2576-225-0x00007FF790D40000-0x00007FF791091000-memory.dmp

    Filesize

    3.3MB

  • memory/2576-118-0x00007FF790D40000-0x00007FF791091000-memory.dmp

    Filesize

    3.3MB

  • memory/2680-112-0x00007FF6CF9A0000-0x00007FF6CFCF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2680-218-0x00007FF6CF9A0000-0x00007FF6CFCF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2940-36-0x00007FF638F30000-0x00007FF639281000-memory.dmp

    Filesize

    3.3MB

  • memory/2940-132-0x00007FF638F30000-0x00007FF639281000-memory.dmp

    Filesize

    3.3MB

  • memory/2940-204-0x00007FF638F30000-0x00007FF639281000-memory.dmp

    Filesize

    3.3MB

  • memory/2988-228-0x00007FF742BE0000-0x00007FF742F31000-memory.dmp

    Filesize

    3.3MB

  • memory/2988-124-0x00007FF742BE0000-0x00007FF742F31000-memory.dmp

    Filesize

    3.3MB

  • memory/3980-206-0x00007FF77D370000-0x00007FF77D6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/3980-103-0x00007FF77D370000-0x00007FF77D6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-83-0x00007FF722E00000-0x00007FF723151000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-140-0x00007FF722E00000-0x00007FF723151000-memory.dmp

    Filesize

    3.3MB

  • memory/4036-215-0x00007FF722E00000-0x00007FF723151000-memory.dmp

    Filesize

    3.3MB

  • memory/4452-233-0x00007FF748560000-0x00007FF7488B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4452-126-0x00007FF748560000-0x00007FF7488B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4532-123-0x00007FF793B50000-0x00007FF793EA1000-memory.dmp

    Filesize

    3.3MB

  • memory/4532-237-0x00007FF793B50000-0x00007FF793EA1000-memory.dmp

    Filesize

    3.3MB

  • memory/4604-198-0x00007FF662090000-0x00007FF6623E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4604-8-0x00007FF662090000-0x00007FF6623E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4616-127-0x00007FF7D5660000-0x00007FF7D59B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4616-238-0x00007FF7D5660000-0x00007FF7D59B1000-memory.dmp

    Filesize

    3.3MB

  • memory/4808-125-0x00007FF684240000-0x00007FF684591000-memory.dmp

    Filesize

    3.3MB

  • memory/4808-223-0x00007FF684240000-0x00007FF684591000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-221-0x00007FF7CFFA0000-0x00007FF7D02F1000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-66-0x00007FF7CFFA0000-0x00007FF7D02F1000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-137-0x00007FF7CFFA0000-0x00007FF7D02F1000-memory.dmp

    Filesize

    3.3MB

  • memory/5100-208-0x00007FF62DF70000-0x00007FF62E2C1000-memory.dmp

    Filesize

    3.3MB

  • memory/5100-104-0x00007FF62DF70000-0x00007FF62E2C1000-memory.dmp

    Filesize

    3.3MB