Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 00:53

General

  • Target

    2024-05-30_6df242552618a750c61992e66bd84953_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    6df242552618a750c61992e66bd84953

  • SHA1

    4c3f70f9c6ceba59b7481c85e0a3b12a9294fdb6

  • SHA256

    543b85479fbc8e3b320e67067ab80ac0797b14b250460fc4e9f4017c6aa4b3f6

  • SHA512

    32dfae944279ed8ba9f289340cd832aa94b15aed3be28e6b575c37e2638a10523f4acf9db394c734c851366a074af288148d86224c410c4daaaa5db8d0ef5834

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lU:RWWBibf56utgpPFotBER/mQ32lUA

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 45 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_6df242552618a750c61992e66bd84953_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_6df242552618a750c61992e66bd84953_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\System\HpSpMRI.exe
      C:\Windows\System\HpSpMRI.exe
      2⤵
      • Executes dropped EXE
      PID:1784
    • C:\Windows\System\RYUBwex.exe
      C:\Windows\System\RYUBwex.exe
      2⤵
      • Executes dropped EXE
      PID:1188
    • C:\Windows\System\FsbHeWD.exe
      C:\Windows\System\FsbHeWD.exe
      2⤵
      • Executes dropped EXE
      PID:2000
    • C:\Windows\System\rmmopqb.exe
      C:\Windows\System\rmmopqb.exe
      2⤵
      • Executes dropped EXE
      PID:2524
    • C:\Windows\System\uIZWTpT.exe
      C:\Windows\System\uIZWTpT.exe
      2⤵
      • Executes dropped EXE
      PID:1260
    • C:\Windows\System\dSxxJJv.exe
      C:\Windows\System\dSxxJJv.exe
      2⤵
      • Executes dropped EXE
      PID:736
    • C:\Windows\System\SKYyMZJ.exe
      C:\Windows\System\SKYyMZJ.exe
      2⤵
      • Executes dropped EXE
      PID:1600
    • C:\Windows\System\zONhzar.exe
      C:\Windows\System\zONhzar.exe
      2⤵
      • Executes dropped EXE
      PID:4020
    • C:\Windows\System\kgfoKJK.exe
      C:\Windows\System\kgfoKJK.exe
      2⤵
      • Executes dropped EXE
      PID:1388
    • C:\Windows\System\CLZgiGD.exe
      C:\Windows\System\CLZgiGD.exe
      2⤵
      • Executes dropped EXE
      PID:1368
    • C:\Windows\System\pWbWWJE.exe
      C:\Windows\System\pWbWWJE.exe
      2⤵
      • Executes dropped EXE
      PID:3808
    • C:\Windows\System\npFBCXZ.exe
      C:\Windows\System\npFBCXZ.exe
      2⤵
      • Executes dropped EXE
      PID:3676
    • C:\Windows\System\WMdDqSy.exe
      C:\Windows\System\WMdDqSy.exe
      2⤵
      • Executes dropped EXE
      PID:4328
    • C:\Windows\System\XlbkOHE.exe
      C:\Windows\System\XlbkOHE.exe
      2⤵
      • Executes dropped EXE
      PID:4868
    • C:\Windows\System\auMFqHO.exe
      C:\Windows\System\auMFqHO.exe
      2⤵
      • Executes dropped EXE
      PID:4408
    • C:\Windows\System\IXJeTnV.exe
      C:\Windows\System\IXJeTnV.exe
      2⤵
      • Executes dropped EXE
      PID:1512
    • C:\Windows\System\EgWpCTY.exe
      C:\Windows\System\EgWpCTY.exe
      2⤵
      • Executes dropped EXE
      PID:4584
    • C:\Windows\System\LcOjWiB.exe
      C:\Windows\System\LcOjWiB.exe
      2⤵
      • Executes dropped EXE
      PID:684
    • C:\Windows\System\gJbMZSR.exe
      C:\Windows\System\gJbMZSR.exe
      2⤵
      • Executes dropped EXE
      PID:4908
    • C:\Windows\System\WGkPYlk.exe
      C:\Windows\System\WGkPYlk.exe
      2⤵
      • Executes dropped EXE
      PID:1968
    • C:\Windows\System\OQnspwT.exe
      C:\Windows\System\OQnspwT.exe
      2⤵
      • Executes dropped EXE
      PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\CLZgiGD.exe

    Filesize

    5.2MB

    MD5

    16cde79e43e78c6fb2c5a56cd895c1a6

    SHA1

    2ea830428a2ebd8308c6372af5d5ccc07d4063d0

    SHA256

    0e68d1a412a866a2269b2c5c76c9a02de6b24d14087fd79f335d24f64d52ad92

    SHA512

    eed3f12134c0e281298747efe4def26e778c64e3bde0ae3160f1836c0d695884cfa92bc435827659f919c92f0ed6a89146c4f1655b478eee5a5f7150286f51ed

  • C:\Windows\System\EgWpCTY.exe

    Filesize

    5.2MB

    MD5

    a9c481f5416b618003cd30e483d88c02

    SHA1

    c9fec9fe22692c60283300adbf333a5834eb96f5

    SHA256

    850742abafa0826c5f494f0ca044263f3198e83754dc089a80773d3cad8b7af1

    SHA512

    8908016cd93805cddbeb3ef176777b18b22c430874ec9f553545b9e069625fcfe451d5e667367dbce704fa2a7ac9e591040cf4bb07654b4e21ffb88443f94987

  • C:\Windows\System\FsbHeWD.exe

    Filesize

    5.2MB

    MD5

    be879b4497e044b74a8d9bbe2f43b1bf

    SHA1

    494f68279e502faedd90a2f2cf10b6bf8001bd48

    SHA256

    c29269447f96d793360aae9d380d49547ae04dd9424a1769435443e99937e354

    SHA512

    6b4bcdd771593adc8519d1cf6edfa069d1b65ccdc3240dd394adad2194f5821b038c901f85a3c7307eceb6242ad53fc4accf07935b4a36dae8b858041f7ff1ab

  • C:\Windows\System\HpSpMRI.exe

    Filesize

    5.2MB

    MD5

    8ec02f498e01692e49ea6a08aa95b197

    SHA1

    fff9c323a299d4afec02b85c74efcbf1a72d5767

    SHA256

    2588fad268a0048acc45a13b65533b0a1b5e2c4a516cd6a5105b9700936dd963

    SHA512

    e313f9f20a13e8f7a56a03ba7972e42baec72eba11f204c64cb9711e2768f09fa41543064500f87568695b28efea87bf4b559a0b5a3445e84ade5795b4f43e95

  • C:\Windows\System\IXJeTnV.exe

    Filesize

    5.2MB

    MD5

    affa568ac7102ff8f3bd5883eb3be165

    SHA1

    5b271e28ce037e7754a68f82286ea719569f1372

    SHA256

    9939f79cf03439f22d9e04e3a48b7a03cb3e035e88fbe9a27e3bce7956e1961b

    SHA512

    889fbe934b67d991e8b9c8fb010442d31526fb0cac41e985833facbb28b1bf8fee294446878d640e2c05f1d30de891392959b2c56f11edbd9a79cfaa68825f6b

  • C:\Windows\System\LcOjWiB.exe

    Filesize

    5.2MB

    MD5

    0e1c488c8536dfa59b3bec8893e4d525

    SHA1

    43322f50b8b9769136d79095a32450cd77d9727f

    SHA256

    1406f4bbb980d48093579c72465e759d3cadd8717b871147eb37705fbe955911

    SHA512

    a94dffdb85a5943dc2ce6fddfb8e41eaf57517cd32b56a8362da5359c3fd00d5eedc80ffbbc25ece33f2625b06244bb67afb28fdd42b2dbf37d44d6170de7c50

  • C:\Windows\System\OQnspwT.exe

    Filesize

    5.2MB

    MD5

    c2a5b95721186f51dee54a9640d21c17

    SHA1

    0b78a03100d4586c4e381558b8324159eef4bf41

    SHA256

    e3e297b3184f11bb947f0b5714058bc1a32fb0f646cadb7b70f7e37f7dd5328e

    SHA512

    2ee0000b56816a27b9f3dcf581666406095cd567076f6c6631efff9ab4b1f1de50d4fb70fd977524bfdcd75281c4b2a5187a3f08c7def7c3393106c2b7b23a2d

  • C:\Windows\System\RYUBwex.exe

    Filesize

    5.2MB

    MD5

    a1fd2ba8129c3a8372db11f1e6d5c914

    SHA1

    9b32c07bad6f30b87af6fdd1e18b05d792f67fd6

    SHA256

    24b7459cc00788536b1a0a45ca6099c6fb6a25586cd031c1adca1f8d35e9ffe8

    SHA512

    df5fdc6e1475c6497177f31252f9cc3ecd3dfa8cfd4c7642036822fbe4a9e59a92d8168f63153ecd2d521ab8fcea3957246e2772e91f36cc88f7a91e6c4fd365

  • C:\Windows\System\SKYyMZJ.exe

    Filesize

    5.2MB

    MD5

    d868b3fe4c9ef9719232739ec6ab9ba5

    SHA1

    9834957a8b17912fcdbbaa8b575eb6ca9b6f16b5

    SHA256

    3d8dfd50cafbc51d5c9be406a83d29c1cc85740680dd7ad5c72fa81230cc1b3e

    SHA512

    301ea89fc6134382b905675c21cf4043dbf2ad57ab1b39e557899827705dbec1dd755bd64be6d540a828af671443985e4567f0f170159e5fadb72bde3abed039

  • C:\Windows\System\WGkPYlk.exe

    Filesize

    5.2MB

    MD5

    14c5eae72f11bd5e5b0ac4fd07f6dd8b

    SHA1

    b6ec91abc213b2acd4a87a87e72a979daab5f51b

    SHA256

    57b06967283f334b6c30a7464d9baf1db5c498ac51ec05fd60222f37a60d5d5b

    SHA512

    148a10afed5a2bcfac28a86c2d5f54ba9fc7e8ce8e959603a103826c8d24da5e1a64becc3d784b146186665477eca6380fe87e2652cba7ab305614e1497e9931

  • C:\Windows\System\WMdDqSy.exe

    Filesize

    5.2MB

    MD5

    f168d239ba1bc98f57ce4e66c9f1b306

    SHA1

    2f579195a8c971174f10ee6fd929189063774155

    SHA256

    8140a56e33a9c667f633f2f6be53e484e17c0b90e9c021f4ed05c70eda99c1c1

    SHA512

    73c8af2ed1cc58bc0d447cd02e7519c671bba92fa1de4917d1034033154c98f5fe59fa8a6a77504e2238fc550d26216184e8f3ef4ac45ff7a114a6177b204960

  • C:\Windows\System\XlbkOHE.exe

    Filesize

    5.2MB

    MD5

    a3bc32827123f39cd7c8b1888e0f1a45

    SHA1

    ab701a42d96456d8a296e231eeebf3441d9a04cf

    SHA256

    ed9283ee7df0ffd5b4b8aae49add6c70e79c28e77a7568b9de349030594b4259

    SHA512

    a44791ad6e7992e4b9dd8375cd7f6fe75a505f60b9a511f0776369f7d27a553c87b086781aaf8eaf03707644a9395ef0f4fb8fed7998b90cc4d6f74aaa4819ee

  • C:\Windows\System\auMFqHO.exe

    Filesize

    5.2MB

    MD5

    6668f979dcd078e12112f0d5f5227b1f

    SHA1

    364d23003e8c4711b6fc05da7b6a224d3621fd42

    SHA256

    ce6bd26a1bff22b558d051749a17856e0128befb77a2ebf0df8878aa9e5f802b

    SHA512

    cb172cab31c6a7d9da8115603b406fed2ffaf0cd564818c1b6517c3e898eff75c0c08b1ff50e6abef48d7674f6a70af7c94aeb77f06589f2c04d0f411c1a9853

  • C:\Windows\System\dSxxJJv.exe

    Filesize

    5.2MB

    MD5

    364de4b49f4aaf6c490cf22439a94aeb

    SHA1

    2e453e848d6274001efec00f1c48716e186ed1bd

    SHA256

    63b692dc0a1527771fdbcf8474fa0437c2f8d7931263813c0b3bef8b158b2afe

    SHA512

    b0c86ffbe1e4bd1fd6661aac7d831c32ea74488c690c4538087fbbb741a1c239551e15bb8a5091525fcbc760d5234e11f8bd2db39dfce7b728f378f7ebe96e92

  • C:\Windows\System\gJbMZSR.exe

    Filesize

    5.2MB

    MD5

    66195e414900fc85d67a9a6a5d83f431

    SHA1

    1be1e244593d61b208139d0313a456160817a0f5

    SHA256

    15a66325a247888880a4d8678423fcd6fff9e5137762caabe817661338367f0d

    SHA512

    7331fb218400ff0503f9b0d30c84fc1b116a42160bb1a1041fd462fe7118a45f1d268aac00d0e039916e5da3f9cb135eeaf1e42b78763073eb82eea2a2498deb

  • C:\Windows\System\kgfoKJK.exe

    Filesize

    5.2MB

    MD5

    1763cfa6645a0ddf7b2e03e94e175b1b

    SHA1

    19d2acd248cfc232e56ac09989be2fbf230f448e

    SHA256

    10776d5aaf2aa22c56512016fb3a24d300734d99ae2b620b4c5aa412f99ff825

    SHA512

    55721361e370a9887448f6ccba4224a6e21edf8e88a559f2819d6af6b810740704087aaf9827953e42b294abedd804862e77d1457ebd2604882a76812d9f76ad

  • C:\Windows\System\npFBCXZ.exe

    Filesize

    5.2MB

    MD5

    c13c18f0b791d8a1e003659d8050f18e

    SHA1

    25392b396635e49fb0288e19459d65874f633f21

    SHA256

    3f9f795bbd875f30d879973bab718b6373c87f0a5be0dae4d1f48c7df1e6655c

    SHA512

    684de30d428db614e0b6d84bded7690c3a4f482d328464681e4cd9b64e7c6f6fe7371d96c10fcbd09a6bf511a6df95e2e978184b33f019f11cb5a0d2922751cf

  • C:\Windows\System\pWbWWJE.exe

    Filesize

    5.2MB

    MD5

    ef21ae1b2dccd80e47c8efae0a610f92

    SHA1

    14cd7dd5cf874e645c823afff2f600bfac8880b6

    SHA256

    7cec7f445574a8394c9f40359465c5cd496b05c98dbe2995b402f651204219f7

    SHA512

    d4f49821915a9fdc8fd67f141238b3c01ba84aec00b4e505b8ea13a47f95a93a935c2341e6c054700d024ce98b73eb832fb58d9cdd3356e6c078184089ed99f2

  • C:\Windows\System\rmmopqb.exe

    Filesize

    5.2MB

    MD5

    2a253d42827ae158ca4939c3f23c6b43

    SHA1

    410cef92e2e6cf4cbbba31f2b6f0e5f070fa7b65

    SHA256

    e5e24ec178ce1ba4060f13c8b8f749b6e60879c083339ce89f6719153365def6

    SHA512

    255df1c798d4ffba64e19f12d8e4b460a6ec1f8f212f24b20033daf993c1a7636d109ccf654073a015b9912aecb4a3a01e37a055c18844dcdd45c62578e8ef96

  • C:\Windows\System\uIZWTpT.exe

    Filesize

    5.2MB

    MD5

    83b8631d4e2650f57a325bcd6aa25d65

    SHA1

    82e0ed479d3078ca271bf2717d644fcf1e6352b0

    SHA256

    6f88b9ed0c75bbabd7e8acb51d73dd6b14293efc606ef046f461036340ef9654

    SHA512

    301cc7479f7bde4dcdc68f7cd45af4579aaa9d9ccf1d087f1ce41d08ecdae4b119efa6bc6cc31eb567797ba19054db1bbb671392ba368797cb74fe3313b5ff0c

  • C:\Windows\System\zONhzar.exe

    Filesize

    5.2MB

    MD5

    b665e2205b801b62e3a1955b17324364

    SHA1

    5eee90179ba2d782b97e83af5651eb505d2e1c89

    SHA256

    85d5dd746dc6cf692730d55135bcda01141615236f3da0ff09c3cc8d3b40c8b9

    SHA512

    6c0f39c3bfcff58851220c1fd5339e888876efa91d663b2d80ac0478603afcb11e0df7addddfdf81c05c25e24a7ab7b1587e3e7f686b323e8f46485d8a148bd0

  • memory/684-111-0x00007FF653B90000-0x00007FF653EE1000-memory.dmp

    Filesize

    3.3MB

  • memory/684-151-0x00007FF653B90000-0x00007FF653EE1000-memory.dmp

    Filesize

    3.3MB

  • memory/684-245-0x00007FF653B90000-0x00007FF653EE1000-memory.dmp

    Filesize

    3.3MB

  • memory/736-40-0x00007FF68BA90000-0x00007FF68BDE1000-memory.dmp

    Filesize

    3.3MB

  • memory/736-212-0x00007FF68BA90000-0x00007FF68BDE1000-memory.dmp

    Filesize

    3.3MB

  • memory/1180-127-0x00007FF742650000-0x00007FF7429A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1180-155-0x00007FF742650000-0x00007FF7429A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1180-249-0x00007FF742650000-0x00007FF7429A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1188-69-0x00007FF7848B0000-0x00007FF784C01000-memory.dmp

    Filesize

    3.3MB

  • memory/1188-12-0x00007FF7848B0000-0x00007FF784C01000-memory.dmp

    Filesize

    3.3MB

  • memory/1188-204-0x00007FF7848B0000-0x00007FF784C01000-memory.dmp

    Filesize

    3.3MB

  • memory/1260-32-0x00007FF6DB650000-0x00007FF6DB9A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1260-210-0x00007FF6DB650000-0x00007FF6DB9A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1368-63-0x00007FF7D2220000-0x00007FF7D2571000-memory.dmp

    Filesize

    3.3MB

  • memory/1368-225-0x00007FF7D2220000-0x00007FF7D2571000-memory.dmp

    Filesize

    3.3MB

  • memory/1388-60-0x00007FF636490000-0x00007FF6367E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1388-223-0x00007FF636490000-0x00007FF6367E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1512-149-0x00007FF7DE6B0000-0x00007FF7DEA01000-memory.dmp

    Filesize

    3.3MB

  • memory/1512-102-0x00007FF7DE6B0000-0x00007FF7DEA01000-memory.dmp

    Filesize

    3.3MB

  • memory/1512-237-0x00007FF7DE6B0000-0x00007FF7DEA01000-memory.dmp

    Filesize

    3.3MB

  • memory/1600-45-0x00007FF65FA00000-0x00007FF65FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/1600-118-0x00007FF65FA00000-0x00007FF65FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/1600-216-0x00007FF65FA00000-0x00007FF65FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/1784-202-0x00007FF64C990000-0x00007FF64CCE1000-memory.dmp

    Filesize

    3.3MB

  • memory/1784-8-0x00007FF64C990000-0x00007FF64CCE1000-memory.dmp

    Filesize

    3.3MB

  • memory/1968-154-0x00007FF662080000-0x00007FF6623D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1968-126-0x00007FF662080000-0x00007FF6623D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1968-251-0x00007FF662080000-0x00007FF6623D1000-memory.dmp

    Filesize

    3.3MB

  • memory/2000-19-0x00007FF63E570000-0x00007FF63E8C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2000-90-0x00007FF63E570000-0x00007FF63E8C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2000-206-0x00007FF63E570000-0x00007FF63E8C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2056-1-0x00000188F8070000-0x00000188F8080000-memory.dmp

    Filesize

    64KB

  • memory/2056-62-0x00007FF786F70000-0x00007FF7872C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2056-133-0x00007FF786F70000-0x00007FF7872C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2056-156-0x00007FF786F70000-0x00007FF7872C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2056-0-0x00007FF786F70000-0x00007FF7872C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-31-0x00007FF6EFB20000-0x00007FF6EFE71000-memory.dmp

    Filesize

    3.3MB

  • memory/2524-208-0x00007FF6EFB20000-0x00007FF6EFE71000-memory.dmp

    Filesize

    3.3MB

  • memory/3676-153-0x00007FF70C120000-0x00007FF70C471000-memory.dmp

    Filesize

    3.3MB

  • memory/3676-229-0x00007FF70C120000-0x00007FF70C471000-memory.dmp

    Filesize

    3.3MB

  • memory/3676-74-0x00007FF70C120000-0x00007FF70C471000-memory.dmp

    Filesize

    3.3MB

  • memory/3808-70-0x00007FF661DA0000-0x00007FF6620F1000-memory.dmp

    Filesize

    3.3MB

  • memory/3808-227-0x00007FF661DA0000-0x00007FF6620F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4020-123-0x00007FF7B9CF0000-0x00007FF7BA041000-memory.dmp

    Filesize

    3.3MB

  • memory/4020-215-0x00007FF7B9CF0000-0x00007FF7BA041000-memory.dmp

    Filesize

    3.3MB

  • memory/4020-46-0x00007FF7B9CF0000-0x00007FF7BA041000-memory.dmp

    Filesize

    3.3MB

  • memory/4328-231-0x00007FF7FD0D0000-0x00007FF7FD421000-memory.dmp

    Filesize

    3.3MB

  • memory/4328-96-0x00007FF7FD0D0000-0x00007FF7FD421000-memory.dmp

    Filesize

    3.3MB

  • memory/4408-97-0x00007FF620910000-0x00007FF620C61000-memory.dmp

    Filesize

    3.3MB

  • memory/4408-235-0x00007FF620910000-0x00007FF620C61000-memory.dmp

    Filesize

    3.3MB

  • memory/4584-105-0x00007FF67F380000-0x00007FF67F6D1000-memory.dmp

    Filesize

    3.3MB

  • memory/4584-239-0x00007FF67F380000-0x00007FF67F6D1000-memory.dmp

    Filesize

    3.3MB

  • memory/4584-150-0x00007FF67F380000-0x00007FF67F6D1000-memory.dmp

    Filesize

    3.3MB

  • memory/4868-233-0x00007FF72BB00000-0x00007FF72BE51000-memory.dmp

    Filesize

    3.3MB

  • memory/4868-101-0x00007FF72BB00000-0x00007FF72BE51000-memory.dmp

    Filesize

    3.3MB

  • memory/4908-247-0x00007FF6F0050000-0x00007FF6F03A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4908-152-0x00007FF6F0050000-0x00007FF6F03A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4908-122-0x00007FF6F0050000-0x00007FF6F03A1000-memory.dmp

    Filesize

    3.3MB