Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 00:50

General

  • Target

    2024-05-30_4783f04d19b4ee0556d36574e4c0f8fb_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    4783f04d19b4ee0556d36574e4c0f8fb

  • SHA1

    ea929a8e854514ad338395448d67e4805fba747a

  • SHA256

    64e444e4fc45a6b5c7ca256d89cd9cab814b1a53117449cdcc03e58305e68444

  • SHA512

    31292ec83f89edc3ffcb481a8f284e7624d31bc91ca12f5e0975d8ae1bb98ecd16c10141c8cbf2f08d8d94e408ecb267aedc42462199356dcbf65374996c3785

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lk:RWWBibf56utgpPFotBER/mQ32lUw

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 61 IoCs
  • XMRig Miner payload 41 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 61 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_4783f04d19b4ee0556d36574e4c0f8fb_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_4783f04d19b4ee0556d36574e4c0f8fb_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Windows\System\LfNWWxw.exe
      C:\Windows\System\LfNWWxw.exe
      2⤵
      • Executes dropped EXE
      PID:2284
    • C:\Windows\System\rPrRTzm.exe
      C:\Windows\System\rPrRTzm.exe
      2⤵
      • Executes dropped EXE
      PID:2552
    • C:\Windows\System\ycTtMSh.exe
      C:\Windows\System\ycTtMSh.exe
      2⤵
      • Executes dropped EXE
      PID:1608
    • C:\Windows\System\EgfNaVn.exe
      C:\Windows\System\EgfNaVn.exe
      2⤵
      • Executes dropped EXE
      PID:2596
    • C:\Windows\System\TtSinwb.exe
      C:\Windows\System\TtSinwb.exe
      2⤵
      • Executes dropped EXE
      PID:2744
    • C:\Windows\System\DspnMWB.exe
      C:\Windows\System\DspnMWB.exe
      2⤵
      • Executes dropped EXE
      PID:2836
    • C:\Windows\System\Jlfvvvj.exe
      C:\Windows\System\Jlfvvvj.exe
      2⤵
      • Executes dropped EXE
      PID:2768
    • C:\Windows\System\xkMZaik.exe
      C:\Windows\System\xkMZaik.exe
      2⤵
      • Executes dropped EXE
      PID:2524
    • C:\Windows\System\eZzFXID.exe
      C:\Windows\System\eZzFXID.exe
      2⤵
      • Executes dropped EXE
      PID:2484
    • C:\Windows\System\IQUjlDE.exe
      C:\Windows\System\IQUjlDE.exe
      2⤵
      • Executes dropped EXE
      PID:2540
    • C:\Windows\System\wOxcwbS.exe
      C:\Windows\System\wOxcwbS.exe
      2⤵
      • Executes dropped EXE
      PID:2940
    • C:\Windows\System\olVUuIM.exe
      C:\Windows\System\olVUuIM.exe
      2⤵
      • Executes dropped EXE
      PID:2792
    • C:\Windows\System\JrQxnRd.exe
      C:\Windows\System\JrQxnRd.exe
      2⤵
      • Executes dropped EXE
      PID:2804
    • C:\Windows\System\aVzzSpY.exe
      C:\Windows\System\aVzzSpY.exe
      2⤵
      • Executes dropped EXE
      PID:2784
    • C:\Windows\System\lGhEZSQ.exe
      C:\Windows\System\lGhEZSQ.exe
      2⤵
      • Executes dropped EXE
      PID:2788
    • C:\Windows\System\sDagGRW.exe
      C:\Windows\System\sDagGRW.exe
      2⤵
      • Executes dropped EXE
      PID:2728
    • C:\Windows\System\GQkRqcM.exe
      C:\Windows\System\GQkRqcM.exe
      2⤵
      • Executes dropped EXE
      PID:2876
    • C:\Windows\System\TxwKpbt.exe
      C:\Windows\System\TxwKpbt.exe
      2⤵
      • Executes dropped EXE
      PID:3048
    • C:\Windows\System\qiNbWUD.exe
      C:\Windows\System\qiNbWUD.exe
      2⤵
      • Executes dropped EXE
      PID:2904
    • C:\Windows\System\bIsekyS.exe
      C:\Windows\System\bIsekyS.exe
      2⤵
      • Executes dropped EXE
      PID:2352
    • C:\Windows\System\EqAVjWg.exe
      C:\Windows\System\EqAVjWg.exe
      2⤵
      • Executes dropped EXE
      PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\DspnMWB.exe

    Filesize

    5.2MB

    MD5

    0f038550346496d93b9e54bde16c8dd2

    SHA1

    948fdd8358ffbe20a521e773ed837e7deae16650

    SHA256

    f381c9bf99e051a6c41d116e4c175ecb53addc89553e57aba2dd94d0b65861cc

    SHA512

    86812b7dba44e3018c3c64f4b1a82094cfa39c4f117fe024bc58cb4ba19b96d19422dff2b627415cfb00c4c3ac9a1b4d8c95afc94455b37af16ce32acdeac5c3

  • C:\Windows\system\GQkRqcM.exe

    Filesize

    5.2MB

    MD5

    67fb3bd0ccd83fbfaeb85553b48e8016

    SHA1

    977bcc6bd776111a783a32493ff052afe51da329

    SHA256

    d262b5b832a30297ba6b7a0d0ceb0a5220335e1eb1f5be55a7666984170048d7

    SHA512

    35d7ad2ffd28a8dd2046351ef66518fe2e410135c5239ee02c32b70e798f1586698fbbbc3e682e5ffffd404565a8b913c5acd3a19c8b9fc8ece8e8e1004113ea

  • C:\Windows\system\TxwKpbt.exe

    Filesize

    5.2MB

    MD5

    b0e0d7e4ceeb0b16f6441a433fd275e8

    SHA1

    c5b9b5eeb86c640f5166934f11277297f6a5245a

    SHA256

    250d49b2ef942e4091fc32875ce4471b4382bd839e7ccfd8f1a579865adcb4fa

    SHA512

    3fd2161ee7d3b5daa1335c99bf654653ffe1f088ddf1e4fa33bbbec28d3cbaacc116e42a6d524ab65dfeea6ea87933537cee4dc047559e53acf1ca786d57ffa7

  • C:\Windows\system\aVzzSpY.exe

    Filesize

    5.2MB

    MD5

    6c2b51d9046d15bae86b8afbffa37129

    SHA1

    9d7a868c5335bf5870bded16ba65a880d6fa4feb

    SHA256

    acc07fe7ef118eab04d5a4cfc4d5c6d14283ff245b2c6bac925d24d98cc8b8e1

    SHA512

    4f1649aec3260f106043ad8266fefa1ba8877edba955111049b6ddb4bc96179fccd9ce138c34c2ecc14286f4a115202bc9edf793967ff9338c4d2e6a266cbba3

  • C:\Windows\system\bIsekyS.exe

    Filesize

    5.2MB

    MD5

    b97a4e5614f7ef9f784edf13a22a06b8

    SHA1

    120c427b460d3b6424299addc8dc5e389df1a66b

    SHA256

    8d99f6907356c7ca079bde6140d1eafa6fb20812a8c1149f9fc871cb70437389

    SHA512

    a3e6d373d48afab04ef516755045c8c31e941bcac5d6abd51440d09892ec389ae5782e1c42ea8f7531c615c87e6a117b9518624f683113bd7623dd368145ca5e

  • C:\Windows\system\eZzFXID.exe

    Filesize

    5.2MB

    MD5

    df277b4babd3c9f1bcc0902081437745

    SHA1

    9f3b7119146a37ab3289140909135be96783ec81

    SHA256

    fe2a832e01b15733ef2ecce8f323c5a7103b69af99bb7f77e9f2de06e5f5508e

    SHA512

    f51f9a3693f17b50110439b386dab413fd9c910f1f5b26aebce9967f61afbe05d2896991d8807daff86963829bf411a78a7c9bb191fca75543265f20beaddda3

  • C:\Windows\system\olVUuIM.exe

    Filesize

    5.2MB

    MD5

    5015321cf28ee441eecf06c7e803a333

    SHA1

    5cb7cfca812f975cdca2a21b20a5dba6145af2a4

    SHA256

    c2452edd5e69ead0c07f87d6f5b86071c4754402afc3dae39bae1d9e54cceb13

    SHA512

    ea69c39948ff8279b8f6ee2c6c0705594f238cd27979e1c716cd811690aead53479dc8041cf5e28dd3c4d0394a9fc2cccc33a82b0950ee9beb6e5bae9f34c147

  • C:\Windows\system\qiNbWUD.exe

    Filesize

    5.2MB

    MD5

    0692029c2910572e765a41895f659a52

    SHA1

    fd133150b05a98afa784d7f5f39bb88c5acd4acf

    SHA256

    e5f65e240b8756a3a01a2e6dddd5d4e4a1a9809771dbc0439990aee1676846da

    SHA512

    bfd1b6dd97989a35fbe3f78b12779bfe556f027d72e87aa501f691e222f5ba7a9473625057cf5508f7fe1cac13badc19f03caa0eceb3afa55d104b9da9f0d8c9

  • C:\Windows\system\rPrRTzm.exe

    Filesize

    5.2MB

    MD5

    b534143d5a4f96bc5878094eb4bbf5d0

    SHA1

    f34e344436360546bc400dec8631fb0ef4b078df

    SHA256

    97ca0b9a399f9e679f32e7cbd5ce9ddfc5a04da8a0ff98541c2b81ee2b149170

    SHA512

    67c25093f0a865b9f205e7fe0cd23ecde2c3644bdc6a5a72291d983de238d232e35e5f49bd1483a2b2e82b8bffd5b17cf48a9c54a9533aa15e215379509a2233

  • C:\Windows\system\sDagGRW.exe

    Filesize

    5.2MB

    MD5

    ee6e482ff8cbf668005295e79815d938

    SHA1

    d183364996eebce41154542eec94e562fd4d2148

    SHA256

    425a6df4e0df69f72fafc85fdd2b775aba20f02d32f8b7c52d3de2856fcc48a7

    SHA512

    847d89c02166fce9e2958ad426600300d20549bb34c684b7d433fee8097a4e9e17a2836797bcdf8549a9670d9b95416608fb4378d4a0aab91483e3b9ad8580b6

  • C:\Windows\system\wOxcwbS.exe

    Filesize

    5.2MB

    MD5

    327fce6c32b06ac71d7cd539a3cea894

    SHA1

    5f67661f0282a58deb6e05feff1fe93ab4deee9a

    SHA256

    291b5249e757cced8794743e0a7a69ae4f47e8b7338f242aaf5a6a183221cc6c

    SHA512

    39d07cb0e75333f95b42af159d4debb6cf1d879a5935159fea48f21a9819c0d9d2c4f96afb86dc593c9f59ed838d257625178bfe671219068eb8365d1aaa9555

  • C:\Windows\system\ycTtMSh.exe

    Filesize

    5.2MB

    MD5

    ad861b70628101c879eac125c000445c

    SHA1

    1106232a06397ae1c14ccd6220ebb673a786a7ef

    SHA256

    9472874cc1c30abfb7812d40f1e68284c49a940dad53af68a0a56ddb2af870d3

    SHA512

    46b69499f2a2ecee5d04c5b336a020ae8f05b56083cc4beaf883edb4e0451c8de04470e01fb9a52fb4cf8d677608886a0a39621c468d6f5d34fab9b1fb6a9640

  • \Windows\system\EgfNaVn.exe

    Filesize

    5.2MB

    MD5

    4ec52e6d0472fd8b6cc635ab77839e07

    SHA1

    4c5d5b465fb0163088e3d19e55289c5d0c8810cd

    SHA256

    03ae4c81fb22a1954bb853acbdcf3d549ac5f6a58afe47698c0627a073ee7d20

    SHA512

    0d5f833813a064676650d2e5bd69b5c916d03c1366d7d057fb98f85110572bb8ab297524f21367654ccc1f47a276424855643bd5b4ab5af336a1e74c4a0dbdcf

  • \Windows\system\EqAVjWg.exe

    Filesize

    5.2MB

    MD5

    d4f8c659508054d9b9279117b8bbb227

    SHA1

    13030d69c306d1aa2c4211aa106793e49c83de7b

    SHA256

    c493b8818b23ba2d3ece8a23f15f1952bd592ddf2b1201d4ca7e4b3a26425fce

    SHA512

    a2363b9ccb3b55c1c15374c607e336ddcd05dde57945b6ff220ab0bf907e196552b3f95d993cda4c63609880c7cd2909f4bb2dc177693c8e1dd8c740c2a91bfc

  • \Windows\system\IQUjlDE.exe

    Filesize

    5.2MB

    MD5

    d18eae195eaf09960afe5ffb6f87fe6b

    SHA1

    8d780e59132394e2957c94c99b6a660598f6c582

    SHA256

    daf4d020f1ec5922d6b9dda56b6750b22866ced33ea99373f3be186c00f569e9

    SHA512

    f0d164396efcc60db86456662c2eda40e591dafc2afc27e691b407c9266a7e2ae84d435e59f66accb5f121e95c91230f911a703dccfef5686eb3734b6ecf3190

  • \Windows\system\Jlfvvvj.exe

    Filesize

    5.2MB

    MD5

    741ae8a229cc392afe1ff85a41cd93bf

    SHA1

    0c54d77c1a45ac453e2cc5c608fe19f7a65272ab

    SHA256

    e03c6700025d3597313465ded1044b1e3209483d174367f8ab30cf9fe997445a

    SHA512

    c0390d9527db3fa405eb4cf87f1029c3bf74b969e36be4bae02876b8e83c7e05743723eed5330a9149950f07ad2bc5a554a6131bb736a320028fac9bc6b47315

  • \Windows\system\JrQxnRd.exe

    Filesize

    5.2MB

    MD5

    c4de067b0d2e6ac4fd44e8d59619e1a1

    SHA1

    2617aa23b4f1345092d79e5a09465b35a71a7147

    SHA256

    57b86cd6a32b017259a73041a165690de273f056678bcd8047d04d8c914edade

    SHA512

    1ba42178c5c4e1abd64dd1596f208a90bd678d5d79f5553f1f19fc22eeb08c195d356d98897e3a4696f611f8789fdcb48140d2e850d63148bf862b83b5f13654

  • \Windows\system\LfNWWxw.exe

    Filesize

    5.2MB

    MD5

    b3449e41ee8d63991cbb53605f735ba7

    SHA1

    5d74b8ac942433b51372e50d8299f923944a452a

    SHA256

    b53f7e3e013bfe7e9c5538dc01e1fbabc2ded1b5b7439984cc1e1c2b6fd12ff4

    SHA512

    a532d8a14b75a408b446ef36bb7293d32332bf831414e4bac1fda724e06a326ad7b41737920b878c838377dc204cab7b25413e7a1d45259fa839d1dfa90061bb

  • \Windows\system\TtSinwb.exe

    Filesize

    5.2MB

    MD5

    1c5d7f776e0c7d03dc178526942fff43

    SHA1

    55731ff8687706bd4d3f8fe7fcc1844df283bb6f

    SHA256

    3aac904c35202395262dff8b5bbec9e3abb2902cdb9dc6add5b0f1f048c3a48e

    SHA512

    19e827516cd52643e222c5f3a6459e13f9d6022a00dd4523885de5b1679d1097fcc57997251a369da13308a453b07080b12e2645191a37f0f6c36999a4fb2b55

  • \Windows\system\lGhEZSQ.exe

    Filesize

    5.2MB

    MD5

    67324dfaa5c658a25d2325dbc71cf657

    SHA1

    0cca571c4d0f06e8eb2753fd41f4483923ccc51f

    SHA256

    60cb49bdf16bcb930be6b61ce399c3e8655a80e47629b2f74c13cc7e7b0bd4c5

    SHA512

    3076d62cbdec840f49afb4b974f42e830eced86859d60b79ebd04ed4f41e0aa529696acdf4583804755be111f61daa30aea3c5eaa4e000477c4f5081c8a08b0e

  • \Windows\system\xkMZaik.exe

    Filesize

    5.2MB

    MD5

    667b3730c50e929e7352834dc65ee417

    SHA1

    4bfa929397357c8f792d70bb051923ea0fcf6141

    SHA256

    ca5ac6adc6438acadf5ff5519bbf671b0dffa2f60dcf1239ab46f5f9a50441fc

    SHA512

    dfe2ccc9e6dc03b7d5f531289c7e9836b0b18ca6c7f4ca47be623df51592847bdc1feaa1ee6439981746cb0827ab1cf94d6578989fcfbd139f1b545c570d977e

  • memory/1608-33-0x000000013F370000-0x000000013F6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1608-211-0x000000013F370000-0x000000013F6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-49-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-19-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-1-0x00000000000F0000-0x0000000000100000-memory.dmp

    Filesize

    64KB

  • memory/1936-183-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-75-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-72-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-74-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-172-0x000000013F850000-0x000000013FBA1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-68-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-0-0x000000013F190000-0x000000013F4E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-160-0x000000013F190000-0x000000013F4E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-144-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-82-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-42-0x000000013FCE0000-0x0000000140031000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-91-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-43-0x0000000002320000-0x0000000002671000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-137-0x000000013F190000-0x000000013F4E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-102-0x000000013F850000-0x000000013FBA1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-9-0x000000013FC50000-0x000000013FFA1000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-107-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-30-0x000000013FDC0000-0x0000000140111000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-103-0x000000013F190000-0x000000013F4E1000-memory.dmp

    Filesize

    3.3MB

  • memory/2284-105-0x000000013FC50000-0x000000013FFA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2284-207-0x000000013FC50000-0x000000013FFA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2284-13-0x000000013FC50000-0x000000013FFA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2352-158-0x000000013F7C0000-0x000000013FB11000-memory.dmp

    Filesize

    3.3MB

  • memory/2484-77-0x000000013F030000-0x000000013F381000-memory.dmp

    Filesize

    3.3MB

  • memory/2484-228-0x000000013F030000-0x000000013F381000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-69-0x000000013F370000-0x000000013F6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-224-0x000000013F370000-0x000000013F6C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2540-76-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2540-226-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2552-209-0x000000013FDC0000-0x0000000140111000-memory.dmp

    Filesize

    3.3MB

  • memory/2552-32-0x000000013FDC0000-0x0000000140111000-memory.dmp

    Filesize

    3.3MB

  • memory/2596-213-0x000000013F0E0000-0x000000013F431000-memory.dmp

    Filesize

    3.3MB

  • memory/2596-38-0x000000013F0E0000-0x000000013F431000-memory.dmp

    Filesize

    3.3MB

  • memory/2728-154-0x000000013FF30000-0x0000000140281000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-215-0x000000013FCE0000-0x0000000140031000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-39-0x000000013FCE0000-0x0000000140031000-memory.dmp

    Filesize

    3.3MB

  • memory/2768-50-0x000000013F260000-0x000000013F5B1000-memory.dmp

    Filesize

    3.3MB

  • memory/2768-222-0x000000013F260000-0x000000013F5B1000-memory.dmp

    Filesize

    3.3MB

  • memory/2784-239-0x000000013F850000-0x000000013FBA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2784-106-0x000000013F850000-0x000000013FBA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2788-153-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/2792-232-0x000000013F2B0000-0x000000013F601000-memory.dmp

    Filesize

    3.3MB

  • memory/2792-85-0x000000013F2B0000-0x000000013F601000-memory.dmp

    Filesize

    3.3MB

  • memory/2804-92-0x000000013F130000-0x000000013F481000-memory.dmp

    Filesize

    3.3MB

  • memory/2804-237-0x000000013F130000-0x000000013F481000-memory.dmp

    Filesize

    3.3MB

  • memory/2836-220-0x000000013F400000-0x000000013F751000-memory.dmp

    Filesize

    3.3MB

  • memory/2836-41-0x000000013F400000-0x000000013F751000-memory.dmp

    Filesize

    3.3MB

  • memory/2876-155-0x000000013FD00000-0x0000000140051000-memory.dmp

    Filesize

    3.3MB

  • memory/2904-157-0x000000013F670000-0x000000013F9C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2940-78-0x000000013F400000-0x000000013F751000-memory.dmp

    Filesize

    3.3MB

  • memory/2940-230-0x000000013F400000-0x000000013F751000-memory.dmp

    Filesize

    3.3MB

  • memory/3048-156-0x000000013FE80000-0x00000001401D1000-memory.dmp

    Filesize

    3.3MB

  • memory/3068-159-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB