Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 00:51

General

  • Target

    2024-05-30_62d082595e9683eaafbec296b3155001_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    62d082595e9683eaafbec296b3155001

  • SHA1

    0e358612d3019b9440e4816aa9ffb4bd7fdb0fd6

  • SHA256

    7934ef8b6b684dcfbd38a08284be4824a4639857ac931a2b049893ae920764e0

  • SHA512

    9402c31d59eb9eafbb3c29ef3d6a4a75187a5af88ba496d80bfe03303ba9d564409af71664daa1b4cf6cb4968d79067ff49df12c94db238c5749aef2db2a9177

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6l+:RWWBibf56utgpPFotBER/mQ32lUS

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 48 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_62d082595e9683eaafbec296b3155001_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_62d082595e9683eaafbec296b3155001_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\System\muzYjqt.exe
      C:\Windows\System\muzYjqt.exe
      2⤵
      • Executes dropped EXE
      PID:4804
    • C:\Windows\System\ARuwBQT.exe
      C:\Windows\System\ARuwBQT.exe
      2⤵
      • Executes dropped EXE
      PID:3376
    • C:\Windows\System\hubdICG.exe
      C:\Windows\System\hubdICG.exe
      2⤵
      • Executes dropped EXE
      PID:3496
    • C:\Windows\System\eFKTOQG.exe
      C:\Windows\System\eFKTOQG.exe
      2⤵
      • Executes dropped EXE
      PID:756
    • C:\Windows\System\FheeHKl.exe
      C:\Windows\System\FheeHKl.exe
      2⤵
      • Executes dropped EXE
      PID:3680
    • C:\Windows\System\FQdpYVo.exe
      C:\Windows\System\FQdpYVo.exe
      2⤵
      • Executes dropped EXE
      PID:1176
    • C:\Windows\System\DTifffk.exe
      C:\Windows\System\DTifffk.exe
      2⤵
      • Executes dropped EXE
      PID:1180
    • C:\Windows\System\pZCGZpI.exe
      C:\Windows\System\pZCGZpI.exe
      2⤵
      • Executes dropped EXE
      PID:2916
    • C:\Windows\System\EsXXdDB.exe
      C:\Windows\System\EsXXdDB.exe
      2⤵
      • Executes dropped EXE
      PID:676
    • C:\Windows\System\EYALPtm.exe
      C:\Windows\System\EYALPtm.exe
      2⤵
      • Executes dropped EXE
      PID:3960
    • C:\Windows\System\YAvsMPn.exe
      C:\Windows\System\YAvsMPn.exe
      2⤵
      • Executes dropped EXE
      PID:2460
    • C:\Windows\System\JJZIUfo.exe
      C:\Windows\System\JJZIUfo.exe
      2⤵
      • Executes dropped EXE
      PID:4408
    • C:\Windows\System\swITtbZ.exe
      C:\Windows\System\swITtbZ.exe
      2⤵
      • Executes dropped EXE
      PID:2876
    • C:\Windows\System\dFsDrxy.exe
      C:\Windows\System\dFsDrxy.exe
      2⤵
      • Executes dropped EXE
      PID:4100
    • C:\Windows\System\UXXRXmx.exe
      C:\Windows\System\UXXRXmx.exe
      2⤵
      • Executes dropped EXE
      PID:2636
    • C:\Windows\System\iVPXQUZ.exe
      C:\Windows\System\iVPXQUZ.exe
      2⤵
      • Executes dropped EXE
      PID:2500
    • C:\Windows\System\XLzfzsX.exe
      C:\Windows\System\XLzfzsX.exe
      2⤵
      • Executes dropped EXE
      PID:2488
    • C:\Windows\System\DyoYxGf.exe
      C:\Windows\System\DyoYxGf.exe
      2⤵
      • Executes dropped EXE
      PID:4748
    • C:\Windows\System\yImtnfz.exe
      C:\Windows\System\yImtnfz.exe
      2⤵
      • Executes dropped EXE
      PID:4548
    • C:\Windows\System\WUXVglE.exe
      C:\Windows\System\WUXVglE.exe
      2⤵
      • Executes dropped EXE
      PID:4072
    • C:\Windows\System\gRSoLcT.exe
      C:\Windows\System\gRSoLcT.exe
      2⤵
      • Executes dropped EXE
      PID:4696
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1280,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
    1⤵
      PID:3104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\ARuwBQT.exe

      Filesize

      5.2MB

      MD5

      fe9ba53c984c0f9c41f1112483086737

      SHA1

      ef839653bd8e93ac9c4b8206bee83d5e905199ce

      SHA256

      83bfb7ac80a71b6e9db59983dd067e0b86d5966ceab399ce22f830e809cdf0bd

      SHA512

      88cf5c3463635a8e9f0ffc7607bbd4ec506bfdcc1e1264f922e8805417852e1ad20e93f9915ee9abc4858c292a61086e5036ab04bbe77aac21bbfc0427b7cd27

    • C:\Windows\System\DTifffk.exe

      Filesize

      5.2MB

      MD5

      76d3a79d29e0aa59ad1efc1ff1053850

      SHA1

      ab3d138ff66cbf12bac5b037063fb27806846c83

      SHA256

      a629f5b2c9536a59d16f91157413381ebe7c1a7ab3d16ccb84989f4bb4524e5f

      SHA512

      9c5ed642f423a6dc1442b20d8adc88ba8248fb00ccbc27039ccf77b2c49dbb9515c1534a39cd95ff0b4bc6fcd4ced414395107d5bf3ac22011a1af915552fbd2

    • C:\Windows\System\DyoYxGf.exe

      Filesize

      5.2MB

      MD5

      a75d41f41814089800edfcd1ea3c99c0

      SHA1

      d9b6e3f0c74bcf2bbb80161e2899f4e4c5976378

      SHA256

      65044ee5d5148abfa844eaabd822c02060fe99dbcd799fef63eff9d5aa937797

      SHA512

      c355399d6c5868f5a9fb8c97286cd35e2d52741e88572589a2625ddf5c0a03cf89b977ca4afe22882be5570a6a759e2ff9e2ec18ffc74954ff94971dfc88136f

    • C:\Windows\System\EYALPtm.exe

      Filesize

      5.2MB

      MD5

      39b79095a367cd80cacb1ae9679910fc

      SHA1

      479132e47f8489bd0f320587a9355fbe166ed921

      SHA256

      8bfa4ae20ac1e1dd8cc7bc125d5f1785bab5bcb7ca43fa18a41e1cffbf8575c7

      SHA512

      a2a1a08bd32d0cbd1b064cb664b9513d9256562d89f9b89d522e981555756c529aa63dd8e8d221f383f9cf4d67ee4883e4d940af98fe9e98f6ebcf65b93b846d

    • C:\Windows\System\EsXXdDB.exe

      Filesize

      5.2MB

      MD5

      0132faf94abf370c5bd47f321781081c

      SHA1

      8683b36f17186e952111135b89fe546351d6a7e2

      SHA256

      2799d25e2e4ac02a281de82cb6a8a57f8ce7011f79384839b274e743e689f80c

      SHA512

      e8b14a3fa9e9439dd400d82f64927c04575037fd03e26989bf57773cbb0428b4a64807b2b4a652cc31de28bdea9e116d8ff3c96fc1532e8c0118188358d5c6b9

    • C:\Windows\System\FQdpYVo.exe

      Filesize

      5.2MB

      MD5

      b6665f059d9dedd12d39e68d619b1620

      SHA1

      01caa33b3ecdf22cf848daee7a5fa28c706ff875

      SHA256

      2e426cfe4b0cfe1bb511c53cd6fe9ffc3fc6abbde629b24f6fe7567e70e57430

      SHA512

      4f8451752310f447a65a63ffcbb8e317bd7056d7fd984b38cf01dea4d2b122a727004317f796f81ba2ebc08c2f30da2b2ef6e7d5bcecf7210caacdf9191c3d95

    • C:\Windows\System\FheeHKl.exe

      Filesize

      5.2MB

      MD5

      c38eecd81d6f30964e6feecb3b886d70

      SHA1

      25202e0932e91af8a65134aab60632cdcd12cb02

      SHA256

      6cd545847116e1d62c56439cbccdd2471df621f83a7a60c46968bfdeb8ef1ba3

      SHA512

      4bbc12d0def67cce8285168ba59177c082197053ea49711afc649fa9aabdc2d04a43abb73335e10d7edb57f0ebda449ddc68b5e38052f7bcfde990bbd131c208

    • C:\Windows\System\JJZIUfo.exe

      Filesize

      5.2MB

      MD5

      fef65b2eb805492208f68c9b24990d76

      SHA1

      ece2d89f2f7abb36d27e22c152b9a3c422ee41b3

      SHA256

      332b66915219831e885acf713674d978773f0935af30e2fd9e99d533a77e021d

      SHA512

      4a4037a2f7507513290563b9ae4287f7d2eee6a61e5146185bbe200c22318be95509d14a08612405ec4cf459130fc6e91a89e05759298eec25d4c0195283e95a

    • C:\Windows\System\UXXRXmx.exe

      Filesize

      5.2MB

      MD5

      6fd0798da2ea827eded5793002fe3d8f

      SHA1

      670c31a83c7ce99272768ca14320f9db72f4f3ef

      SHA256

      88ef09fb6e336cbf58593c3971dad103f1812fc238bb4d2b7a1f7fa48c70b060

      SHA512

      4ac6fa0af9ebca0301e5f258fe28327019b201f313bcbb21c5592228d1e206efcc25d42484e02c522eb4169da3dbea7511e4580c386ce2e92285627b596518f0

    • C:\Windows\System\WUXVglE.exe

      Filesize

      5.2MB

      MD5

      4d110382796a231d52cc3e184956aa02

      SHA1

      b4a79e0f7d39e580011351780766263e0062d0a8

      SHA256

      bf3552cb0716b4c25036759a24fbb604ade991c220fd59652a5540dec2648f2f

      SHA512

      257556c2700ca30b3230d347313d943552e897cc656ff2e3ac122749a05be1ab456acdde7b6469f73d8c1283de8a68cb926a06783f3d44616d39b1318c1ab422

    • C:\Windows\System\XLzfzsX.exe

      Filesize

      5.2MB

      MD5

      8d3b614ae5660565fcc5cb066329e013

      SHA1

      9dd7fabfe439b47d459f1fb0ca040dd24e9df7db

      SHA256

      21d91b280e6776dede0dfe0c1596dd85caeebd8f5dff1f5880b4982867e1daae

      SHA512

      78cf2803b9d0610a151b76fcc89fb6bbfc104dee45c456e5751b0c26daecb983094eddba6aa9e8924e2c42b6b5e2d56884d647787762962a8225c80169d9f737

    • C:\Windows\System\YAvsMPn.exe

      Filesize

      5.2MB

      MD5

      33bd455ee6b159f482d122779a8144f0

      SHA1

      48d34133f70e5bb8f9ee200c8ebe32ca35154378

      SHA256

      065c7f7b0c12957289c3a2968d24989cba2bee6585ab23aca680eebebb3a9443

      SHA512

      d80109524b0275c4802a92dd97aad248ebe3679a2f3616e1a8f6e6889f182a2a4f659c62dd5d2ec812ae0e081afcaed35686b4d326f40d39bd6c38a5e673c9b7

    • C:\Windows\System\dFsDrxy.exe

      Filesize

      5.2MB

      MD5

      c9327512d87a1f0856c5f41eba0a596d

      SHA1

      8858b2cbda2f6254b7175eff66becdd58f0644fd

      SHA256

      4606ab1f1bf21e0a968c55cc7868be4b14994de3bb472b1bc9bdba5a2191b3ad

      SHA512

      fb5374082f546aca0bee22007b3ee37d14139131e19edca147b8e8a3d2c34b57961d6237a011ee37fd8b9b158a059e0942e5ca5f745a3470a3d209dba3be23ca

    • C:\Windows\System\eFKTOQG.exe

      Filesize

      5.2MB

      MD5

      7c611b8227ac97efe68b05f60234c9c2

      SHA1

      f20493ca9d6bd54fe83deaf03ea714d1774a2a94

      SHA256

      82a24994ddf1a3175e9ad0baeaa14516ec2ea40890a0117d549ad2b4b67c82f3

      SHA512

      8098c742a5eb0f0ab8be5079c7810e55301cf6fb64080e99ff8888b73b94e3b5971d64d5764932511c8bc8aa5cbe9a942ea3e575d69ed89456b1eece1d485a4b

    • C:\Windows\System\gRSoLcT.exe

      Filesize

      5.2MB

      MD5

      06ffd2839b516d55a22388aead837a13

      SHA1

      22e3388a497d480eb295cd0c27e14839c05093a6

      SHA256

      a52456e4984f59644f00a99ea8ec577b05d89f92f59ce3c5ee6e5820eb92c55c

      SHA512

      e353b729dea10237a19f27c64b2ed228c90149d363aa82f060a7148e46b8f9bee737ecfb57fc0b8600715c3901a6f43a9f12a5e13bf65a984d26ed71d9d7fea2

    • C:\Windows\System\hubdICG.exe

      Filesize

      5.2MB

      MD5

      5a1549d1eb6a9c57e2c36fbabfe41f8e

      SHA1

      6da5ee752de9447e800e761a18d04f45ff972624

      SHA256

      9bbe3488ef0536bcc3c220901e03977052e3190af5e893a511130a3c0ddb93a7

      SHA512

      545dc090abef931a22b63e3d463057ac8b5187e7799d1e6d6278f3b53796a164eb714413c46c173f83e003595622adc4042e17b8ceb4a52d57811d0848ad2551

    • C:\Windows\System\iVPXQUZ.exe

      Filesize

      5.2MB

      MD5

      f4a34457287ae3698c799369aaf6738b

      SHA1

      2d3629c9bc72cda0acd8c9616b6f49da27cae30d

      SHA256

      8e64e242828e0673f91337b019367f8e2030209fe114c9fcbdb324a5de336c25

      SHA512

      f87c80140370174f2218f31f99a2d0ab2e694a856088b065c523b1c9dca0f5e9491c82aee34c6afc73abb2a56ecd5376ca6d9bca69dce43695f9978d2d9d5468

    • C:\Windows\System\muzYjqt.exe

      Filesize

      5.2MB

      MD5

      b4ec2eb9b415920648409d30a2628246

      SHA1

      d6cb69c31507ac34d6b9f55adaaf9ac196c781e0

      SHA256

      5883671c89d556c56464d5700ac5769b075e74b9f6b17fd45a82b0fd7064705c

      SHA512

      17439e22ed8a2dbb7d51d5a54536f79f8592dfb4889f320ca00119f6e7038a7102a11f294ef9535102cf4ceb13ec3d3b70600441049ea2f9ad66bf0e4b8dd333

    • C:\Windows\System\pZCGZpI.exe

      Filesize

      5.2MB

      MD5

      5455afe466f31fc312567a9543895c42

      SHA1

      e09e47bdd2b80ebe8c29bc10646eeff7fb41b495

      SHA256

      5f4d0fc796ab0fce0df3aa1df6a90b4d3696770438292ae14b202d17eff40da0

      SHA512

      3eb8717e8d1f237d1c1dcffd18b72e2a3da5b0a240581257a79d0550e8ff06dafda9385bd57568ee9c119174aa2b585d28a2e73b60ea6c5336a981762a2bab94

    • C:\Windows\System\swITtbZ.exe

      Filesize

      5.2MB

      MD5

      72520cc0fb33b91a0ef25eb6b4c5bd0d

      SHA1

      7a4de38777a0b6c2c547f2da56e779fa388db23b

      SHA256

      d15e02caa1d3885a1a0272e4b4c55267f470fb157c9fcd61289a2022395e3fb6

      SHA512

      b65695e519a381a2288d6c18d5e2d65be5ec361aa63a556bf7942e9a3c1bea330a07bdf8566caefd5539ede33ba9252b233fa0661101ca0d29de70dca6d5200f

    • C:\Windows\System\yImtnfz.exe

      Filesize

      5.2MB

      MD5

      0c6f59a95034fd32f8f44422efbd6dea

      SHA1

      e5eba1db32fa62d29bf2d1d17fbfd41310a15433

      SHA256

      a40674987c8f393db797f42f12a5f2cc5fc5fc5d34a3861251bce76f51c15792

      SHA512

      474bcffca1c6b86dc0203bfa9047f6f0c85fd756ce78c28eb51c75dfc6f4ec97f21511fd1aed119ca0f811f6f0743c672ca19cd2570d30b3b7cb3ddfbdc22453

    • memory/676-221-0x00007FF63D8F0000-0x00007FF63DC41000-memory.dmp

      Filesize

      3.3MB

    • memory/676-65-0x00007FF63D8F0000-0x00007FF63DC41000-memory.dmp

      Filesize

      3.3MB

    • memory/756-28-0x00007FF7371A0000-0x00007FF7374F1000-memory.dmp

      Filesize

      3.3MB

    • memory/756-213-0x00007FF7371A0000-0x00007FF7374F1000-memory.dmp

      Filesize

      3.3MB

    • memory/1176-38-0x00007FF7E2A60000-0x00007FF7E2DB1000-memory.dmp

      Filesize

      3.3MB

    • memory/1176-217-0x00007FF7E2A60000-0x00007FF7E2DB1000-memory.dmp

      Filesize

      3.3MB

    • memory/1180-45-0x00007FF63D3D0000-0x00007FF63D721000-memory.dmp

      Filesize

      3.3MB

    • memory/1180-136-0x00007FF63D3D0000-0x00007FF63D721000-memory.dmp

      Filesize

      3.3MB

    • memory/1180-225-0x00007FF63D3D0000-0x00007FF63D721000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-1-0x000002C2E1A70000-0x000002C2E1A80000-memory.dmp

      Filesize

      64KB

    • memory/1620-123-0x00007FF6085D0000-0x00007FF608921000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-0-0x00007FF6085D0000-0x00007FF608921000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-119-0x00007FF6085D0000-0x00007FF608921000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-151-0x00007FF6085D0000-0x00007FF608921000-memory.dmp

      Filesize

      3.3MB

    • memory/2460-229-0x00007FF7914B0000-0x00007FF791801000-memory.dmp

      Filesize

      3.3MB

    • memory/2460-70-0x00007FF7914B0000-0x00007FF791801000-memory.dmp

      Filesize

      3.3MB

    • memory/2460-140-0x00007FF7914B0000-0x00007FF791801000-memory.dmp

      Filesize

      3.3MB

    • memory/2488-128-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

      Filesize

      3.3MB

    • memory/2488-242-0x00007FF7E7610000-0x00007FF7E7961000-memory.dmp

      Filesize

      3.3MB

    • memory/2500-127-0x00007FF74B6A0000-0x00007FF74B9F1000-memory.dmp

      Filesize

      3.3MB

    • memory/2500-243-0x00007FF74B6A0000-0x00007FF74B9F1000-memory.dmp

      Filesize

      3.3MB

    • memory/2636-126-0x00007FF77EFB0000-0x00007FF77F301000-memory.dmp

      Filesize

      3.3MB

    • memory/2636-236-0x00007FF77EFB0000-0x00007FF77F301000-memory.dmp

      Filesize

      3.3MB

    • memory/2876-124-0x00007FF7669F0000-0x00007FF766D41000-memory.dmp

      Filesize

      3.3MB

    • memory/2876-228-0x00007FF7669F0000-0x00007FF766D41000-memory.dmp

      Filesize

      3.3MB

    • memory/2916-60-0x00007FF687AA0000-0x00007FF687DF1000-memory.dmp

      Filesize

      3.3MB

    • memory/2916-219-0x00007FF687AA0000-0x00007FF687DF1000-memory.dmp

      Filesize

      3.3MB

    • memory/3376-121-0x00007FF7E28F0000-0x00007FF7E2C41000-memory.dmp

      Filesize

      3.3MB

    • memory/3376-198-0x00007FF7E28F0000-0x00007FF7E2C41000-memory.dmp

      Filesize

      3.3MB

    • memory/3376-13-0x00007FF7E28F0000-0x00007FF7E2C41000-memory.dmp

      Filesize

      3.3MB

    • memory/3496-25-0x00007FF731170000-0x00007FF7314C1000-memory.dmp

      Filesize

      3.3MB

    • memory/3496-211-0x00007FF731170000-0x00007FF7314C1000-memory.dmp

      Filesize

      3.3MB

    • memory/3680-32-0x00007FF7BF7A0000-0x00007FF7BFAF1000-memory.dmp

      Filesize

      3.3MB

    • memory/3680-133-0x00007FF7BF7A0000-0x00007FF7BFAF1000-memory.dmp

      Filesize

      3.3MB

    • memory/3680-215-0x00007FF7BF7A0000-0x00007FF7BFAF1000-memory.dmp

      Filesize

      3.3MB

    • memory/3960-69-0x00007FF788F90000-0x00007FF7892E1000-memory.dmp

      Filesize

      3.3MB

    • memory/3960-223-0x00007FF788F90000-0x00007FF7892E1000-memory.dmp

      Filesize

      3.3MB

    • memory/4072-132-0x00007FF7FC860000-0x00007FF7FCBB1000-memory.dmp

      Filesize

      3.3MB

    • memory/4072-245-0x00007FF7FC860000-0x00007FF7FCBB1000-memory.dmp

      Filesize

      3.3MB

    • memory/4100-237-0x00007FF688450000-0x00007FF6887A1000-memory.dmp

      Filesize

      3.3MB

    • memory/4100-125-0x00007FF688450000-0x00007FF6887A1000-memory.dmp

      Filesize

      3.3MB

    • memory/4408-231-0x00007FF7F96D0000-0x00007FF7F9A21000-memory.dmp

      Filesize

      3.3MB

    • memory/4408-75-0x00007FF7F96D0000-0x00007FF7F9A21000-memory.dmp

      Filesize

      3.3MB

    • memory/4408-141-0x00007FF7F96D0000-0x00007FF7F9A21000-memory.dmp

      Filesize

      3.3MB

    • memory/4548-131-0x00007FF773000000-0x00007FF773351000-memory.dmp

      Filesize

      3.3MB

    • memory/4548-234-0x00007FF773000000-0x00007FF773351000-memory.dmp

      Filesize

      3.3MB

    • memory/4696-134-0x00007FF6B1F10000-0x00007FF6B2261000-memory.dmp

      Filesize

      3.3MB

    • memory/4696-247-0x00007FF6B1F10000-0x00007FF6B2261000-memory.dmp

      Filesize

      3.3MB

    • memory/4748-129-0x00007FF70B100000-0x00007FF70B451000-memory.dmp

      Filesize

      3.3MB

    • memory/4748-240-0x00007FF70B100000-0x00007FF70B451000-memory.dmp

      Filesize

      3.3MB

    • memory/4804-196-0x00007FF7115D0000-0x00007FF711921000-memory.dmp

      Filesize

      3.3MB

    • memory/4804-120-0x00007FF7115D0000-0x00007FF711921000-memory.dmp

      Filesize

      3.3MB

    • memory/4804-8-0x00007FF7115D0000-0x00007FF711921000-memory.dmp

      Filesize

      3.3MB