Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 00:57

General

  • Target

    2024-05-30_8abf68c9d0fa2133975bca27b79b0ade_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    8abf68c9d0fa2133975bca27b79b0ade

  • SHA1

    46c536eb4f9e3d74c9612e846cdb85ebf3106c46

  • SHA256

    897001ba457ed85b85496249e81287cfdd49e002fac630ffbcec46dc3e9ab5e5

  • SHA512

    8e7ab5abcbc4c51c9c9dcf9718b8d80120a999cf96a9303b5412afde7776b1daff63bf49098b41d8effcdecce68874f3265793c34dc2114d6abe6864d1be3932

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lB:RWWBibf56utgpPFotBER/mQ32lU1

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 45 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_8abf68c9d0fa2133975bca27b79b0ade_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_8abf68c9d0fa2133975bca27b79b0ade_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Windows\System\iGFJSih.exe
      C:\Windows\System\iGFJSih.exe
      2⤵
      • Executes dropped EXE
      PID:700
    • C:\Windows\System\ZPzTkbP.exe
      C:\Windows\System\ZPzTkbP.exe
      2⤵
      • Executes dropped EXE
      PID:1656
    • C:\Windows\System\IWwjwfW.exe
      C:\Windows\System\IWwjwfW.exe
      2⤵
      • Executes dropped EXE
      PID:2256
    • C:\Windows\System\srGTZyW.exe
      C:\Windows\System\srGTZyW.exe
      2⤵
      • Executes dropped EXE
      PID:4424
    • C:\Windows\System\NpugbYE.exe
      C:\Windows\System\NpugbYE.exe
      2⤵
      • Executes dropped EXE
      PID:2740
    • C:\Windows\System\RGZaclS.exe
      C:\Windows\System\RGZaclS.exe
      2⤵
      • Executes dropped EXE
      PID:1608
    • C:\Windows\System\lDWtaEX.exe
      C:\Windows\System\lDWtaEX.exe
      2⤵
      • Executes dropped EXE
      PID:4540
    • C:\Windows\System\HPevCjB.exe
      C:\Windows\System\HPevCjB.exe
      2⤵
      • Executes dropped EXE
      PID:3716
    • C:\Windows\System\tWZaVsW.exe
      C:\Windows\System\tWZaVsW.exe
      2⤵
      • Executes dropped EXE
      PID:3136
    • C:\Windows\System\uJQksaU.exe
      C:\Windows\System\uJQksaU.exe
      2⤵
      • Executes dropped EXE
      PID:3144
    • C:\Windows\System\NPdGVOD.exe
      C:\Windows\System\NPdGVOD.exe
      2⤵
      • Executes dropped EXE
      PID:3696
    • C:\Windows\System\CeKrsti.exe
      C:\Windows\System\CeKrsti.exe
      2⤵
      • Executes dropped EXE
      PID:3148
    • C:\Windows\System\QUCtplr.exe
      C:\Windows\System\QUCtplr.exe
      2⤵
      • Executes dropped EXE
      PID:1744
    • C:\Windows\System\oTurbJR.exe
      C:\Windows\System\oTurbJR.exe
      2⤵
      • Executes dropped EXE
      PID:5036
    • C:\Windows\System\RiKsgYB.exe
      C:\Windows\System\RiKsgYB.exe
      2⤵
      • Executes dropped EXE
      PID:428
    • C:\Windows\System\oZwzlSG.exe
      C:\Windows\System\oZwzlSG.exe
      2⤵
      • Executes dropped EXE
      PID:4952
    • C:\Windows\System\WKuKwHf.exe
      C:\Windows\System\WKuKwHf.exe
      2⤵
      • Executes dropped EXE
      PID:2188
    • C:\Windows\System\QqJjdAY.exe
      C:\Windows\System\QqJjdAY.exe
      2⤵
      • Executes dropped EXE
      PID:4260
    • C:\Windows\System\RYBXZXw.exe
      C:\Windows\System\RYBXZXw.exe
      2⤵
      • Executes dropped EXE
      PID:3424
    • C:\Windows\System\DFPzbOK.exe
      C:\Windows\System\DFPzbOK.exe
      2⤵
      • Executes dropped EXE
      PID:1524
    • C:\Windows\System\lwqsNCx.exe
      C:\Windows\System\lwqsNCx.exe
      2⤵
      • Executes dropped EXE
      PID:4076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\CeKrsti.exe

    Filesize

    5.2MB

    MD5

    28d4f80bd1e2d63fb1e45a6a5ffdffc0

    SHA1

    9637a67fb54fe69b8595d470f60db122d17eb1d1

    SHA256

    7e8526b55c7dd9d31d4d1586305884d33a5e0a44c4c2872706b8236c05faffb4

    SHA512

    bfc4a43cd1c865713560285cf6dda66fd563b3e45042b998b5f654c8709dfb56aa7442edaf344472878f2a34b59d2ddb0e68dc8639db90548d561e486676f848

  • C:\Windows\System\DFPzbOK.exe

    Filesize

    5.2MB

    MD5

    b5c79ef0d2a2b2214efc6b57ccffdfe1

    SHA1

    0a930f47ccdae0f51339c9de76be017cbd42ea7f

    SHA256

    82fec7a24bd2470f32c09fb1fdc4932f8d139daaef26705cc1a204a780738224

    SHA512

    5b8bb757bb76d638016a247de0ef4cc07a2913dfc94fb976723edcd998205e5f09dc4f0a13bee171b8bafbaa67a0bf8f4ed76b86da34898c97a57b8abc76716c

  • C:\Windows\System\HPevCjB.exe

    Filesize

    5.2MB

    MD5

    a04a0138789aa226540d2701d07c4fa0

    SHA1

    33d4c27cac3f8e8c5f2d0fc7eaa300fc0ba768ae

    SHA256

    068ed515bbe218dadf06ed7a77c9d0351aceb3c42dafd14de60043b22339820a

    SHA512

    752f245f1bbb8d51d439e2ad8c067983320022a62b8480d51b5d514867bc3ab0dc6eab3e28b9a49a612da6b165109283c18ded2bd21cfeaa365613027a6ab927

  • C:\Windows\System\IWwjwfW.exe

    Filesize

    5.2MB

    MD5

    a4b8d8240177d91ef4b5deec2472c81d

    SHA1

    c0ffdf02af6eb26b851abcf0f3e40d1b249b4670

    SHA256

    e66ee40c3ce8d8466b758dd8b84210f5327d70dc50801d41ba98371f71732b3b

    SHA512

    afc5cbe4132c018a70309f2527ded1e7c62e7c56eac6efd6e68471681d3ac70123242e6d15c4020b72da78b9d61aea486dd012ce76e3a63b8fe8290c3464067c

  • C:\Windows\System\NPdGVOD.exe

    Filesize

    5.2MB

    MD5

    30df65084353f14a05e3482b06fd6590

    SHA1

    02aed7c4b726a601ac3a88aa11f0d9a13dab9aea

    SHA256

    63b7fb275b0012fa4535ae8ce8fad0857f21928f3c9459540e0745d3bc751dcd

    SHA512

    88147d6685ea772e3b70382804d1f92b622f16b7eb01dc6f5ddf449328c0d8332be715c14bbb9eb729cf4abee670c728700dd4c8a1cb3e17dd72971aca153f27

  • C:\Windows\System\NpugbYE.exe

    Filesize

    5.2MB

    MD5

    0444e1beb0a2a7681e411e9e2a4149df

    SHA1

    959e705db5a021c99840f0d63cbe63dd444df286

    SHA256

    a565c0399b8daa498a760f89ad701f713d337fe0688d4ee6e44c3020fcf09e9e

    SHA512

    22652a6c1c136c915c99947f961cd98925a04b478132fd83b1efc19ad081c7c46040d4110c4fae668f81a0856d1d426b9dde3328105bab0b3acdc7abfce708fe

  • C:\Windows\System\QUCtplr.exe

    Filesize

    5.2MB

    MD5

    1b29b38c1fe17aadac200d1a9cedb104

    SHA1

    18d2ac0d3dafd496aa98af3cc8c1780731cbd6cc

    SHA256

    5a67596488a6b5d24e2bf77d1e2d8504bbd4307b49310519924bb24ab4d74eea

    SHA512

    b5ca0e2064dbfc18c56fd6ab40dc6abeca98573956a0e5f73cccd5d3801793b46e2a3bd4328732b9d5125f01680d160eebf6e1ac4f13ad70fd010a140b5fd306

  • C:\Windows\System\QqJjdAY.exe

    Filesize

    5.2MB

    MD5

    e2405dcbe1b7662abe00e95f7fdc1277

    SHA1

    6333d222d277100cda49c66fb5ee43dfca1509ff

    SHA256

    332a5ac66ba9b7e0b152a51ca14fad559ca1bd6ea3192f7591b8b5bbe9ee9ffa

    SHA512

    af42920fd1cd463eb4ac459fb4dbe4b516c28788473824474c017bd47b0c9baf692f6fba645798812a663e215fada08bf35f4ae385dd530844125647be614d82

  • C:\Windows\System\RGZaclS.exe

    Filesize

    5.2MB

    MD5

    489838297cd0e9b379e26c0f0c0cad95

    SHA1

    5200cdd71157ac4b6829e10b9dd3c11b70e5d072

    SHA256

    a1225bd2719f4771c83b20d1aa7fcf414ad615a0c47cc036a00e2596772373b1

    SHA512

    b774e8ea2dde65f4058f1274c5978325e7b13b73b91d5c1ff12058e61fd792ce507ae5481f213846e9dcc7c07290bc729485d47f3a35292cfc64c9a1655736c5

  • C:\Windows\System\RYBXZXw.exe

    Filesize

    5.2MB

    MD5

    305a0ec504069c146c59a80280e7be63

    SHA1

    17f31d4fca64f3efbcc0d67b3fe20d79bb83507c

    SHA256

    5e9f3f71ed2f5af35f44356d9c017457827dda0e3c9e1b06df824dc2c441a55f

    SHA512

    645378de5a4aaa5c438ab5302da03322971f2c4a1af518e559c5bc9150cc6b3adbf1acef5a04ef67318e66bbb5fc172f93d9655ca8f9bcd9b38266c34c5c0317

  • C:\Windows\System\RiKsgYB.exe

    Filesize

    5.2MB

    MD5

    6d4bceeb66910bb40c012c1d31e95da4

    SHA1

    4ac7e50337ab5283c2fb4a80a3310fc5b26578db

    SHA256

    98df7eea415f456c8426b1a2c6eb703eef610e2c127d5d86c2728a598999ddfd

    SHA512

    5864fa9f99d222d95b7993b0dddbb04c0729693a75f3cd9b8b173b1a5d166f6eff66ec2cfb32ad905221bdfeddec309bb3cd86ab116ebcb99d5f8c485aae5aec

  • C:\Windows\System\WKuKwHf.exe

    Filesize

    5.2MB

    MD5

    b2b6b84445df12f045b0d964fa6fa380

    SHA1

    e665c1c500daf2c4176c9b4ae74211d0a5acde3b

    SHA256

    f1dcc1b51c8cba5220d64bb9aefe04bcf351aa9f3c5248825bb77a89245847ca

    SHA512

    b4f3a1e98524dd5ef2c6387a1579216a4f14bb15b967e53c260869e39fabdded1bc0602419a8e95430237fdc67944a7f2c313992fd01f1d7db76e44139810bc9

  • C:\Windows\System\ZPzTkbP.exe

    Filesize

    5.2MB

    MD5

    a762fed92b5c5fadc08d55482983ffd7

    SHA1

    b37de81162b0422f6dfcbf24aca6d788ab66ea35

    SHA256

    8dad04586ae26fd29cf6847e3e9ff3ee80f693d9b905ba128a448662ece82a63

    SHA512

    764da38776303582e8a0f57330c310c7f07d05ba233ed8f870db903eef717b115b1a08d7132209e425aeeafe28f3f785cb861b872c12846e2f1b40d0fe091ad2

  • C:\Windows\System\iGFJSih.exe

    Filesize

    5.2MB

    MD5

    4532c2b84e46d4d8ee6959212454f2a7

    SHA1

    8eb1e25adf0f90e0ab70408de45eb540d38cf1be

    SHA256

    3511699ad48edb4c042abca46770f7b26f4a864948d92ea0dc0e7ef9443c3847

    SHA512

    f2abe32b96aa552e73149897ebe9ba96515f4c2eef85b28538c79a524cdbb3050a26888c18d4172c5389f3fe91cd37696d5ddc2492b77fa47865326029c18ace

  • C:\Windows\System\lDWtaEX.exe

    Filesize

    5.2MB

    MD5

    916d021e6672534f2581d3c7c804585b

    SHA1

    d50f51007f70e4caf592306802723db2a9925c5f

    SHA256

    95e54eca310f719c91793e815a2996cf1f9ee8d40e9d2955558298b97a1ee742

    SHA512

    6fc48b4bc0a897fea7bd5d08d68cfac1cd953a20cf8a5a59ed794b7a361284d560a255159d6696bd5c14edfc801d933ea32c25fc9b9241e8d668de2998bb77a7

  • C:\Windows\System\lwqsNCx.exe

    Filesize

    5.2MB

    MD5

    f67319972ec7b9043b5981a9cc2c0928

    SHA1

    83f48d607374b3b8f803978f76d7c41af87396b0

    SHA256

    c825d1876690c457caf50adbbfb2d4d4f92552954ff170c510b0343e79c07563

    SHA512

    ace043ea4695a3d05f4d5433242c938e0fed7b3dc66c06234385cf900033872376dd7896b11a99b1db030c86a62ef1bb49b4e311b73bdcbbf28c86f8de93da12

  • C:\Windows\System\oTurbJR.exe

    Filesize

    5.2MB

    MD5

    993b5a7aebc33fe682567e6934ca3a58

    SHA1

    7337844e89481599d61234483f1a501c11b8d26a

    SHA256

    1d98d8b9914cd4dd73e87414a9056107ddd7ae47ad43cc342b9cbade9aef7d1f

    SHA512

    a1ed0a8159a00aebfe7c806a0c040c6320d64f66700995995e4cd862975ded47b3ac574a9ceeecd88bddea4f90850c0a86bc124fbfe0d7801e5d15e2e81f280b

  • C:\Windows\System\oZwzlSG.exe

    Filesize

    5.2MB

    MD5

    c5c685aaddd487ad07a729d18bfe8c3d

    SHA1

    6a696aa904e401218260ff01fc31a15c6e95757a

    SHA256

    1bfa62e9f01e5fcf00c475d954b91841ada957a230c9d523f81069b917a5a22f

    SHA512

    ee46c0eaf40cd1f133c6ca0636e02d1ff43c9a6bda3d16c58da4961b8ba514776e47602e91ebc9acf07f79df3ecea00a971e9afda4bd07a70fa4f4f2f1063c7b

  • C:\Windows\System\srGTZyW.exe

    Filesize

    5.2MB

    MD5

    223fc524e7aa025089987d638fb45818

    SHA1

    0eb35e03bfaebeb857631b9e4d664a6260f6a2e8

    SHA256

    a47599f9188e5dc158836a078fe239541c26e80cd71355677658ed3ceedd8ece

    SHA512

    9b7cfa6c741427107be410b9bb44a291bfbaca382b16f6f09a59726eb0d56408a6bb39b6d4e15c6083bd2eaa83d0849ece7469d5ba8a2804b4428d2797e21383

  • C:\Windows\System\tWZaVsW.exe

    Filesize

    5.2MB

    MD5

    1ce1b77f698fa85f79667a7962cb531a

    SHA1

    6ab45b6f0c9bf82fc68441e7fecb066f02e7f2d5

    SHA256

    6b59f15097a10051efb55829afd386d1aa59db24b304be0e60e36039774a8877

    SHA512

    62eaca3c6f6aabab88bdcecd22286d7da37a4c257595b5e144559ae3132a3dc29610494893b4b66902381a024c60d4ee6759d362a2afa7a7df1c0fc5f49b7789

  • C:\Windows\System\uJQksaU.exe

    Filesize

    5.2MB

    MD5

    bcc9a019ac50d4fd394dde050f3d7bd1

    SHA1

    365cd488176bbb626fa29986fefed0183a274d53

    SHA256

    9b40eaf2e4b0267a49fb80aae91d8ab0c12325b8a2dc9d5aa04b1fa3e6ef08cf

    SHA512

    8fca288e7cabff928b6e67724a9576f19697becab29d785bafffee6254e065f5baa0f013b4fc3a03cf5cf714a6edfcdbeab5f5914daa8f631ed4d874be75dce2

  • memory/428-101-0x00007FF6CC180000-0x00007FF6CC4D1000-memory.dmp

    Filesize

    3.3MB

  • memory/428-243-0x00007FF6CC180000-0x00007FF6CC4D1000-memory.dmp

    Filesize

    3.3MB

  • memory/700-71-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp

    Filesize

    3.3MB

  • memory/700-204-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp

    Filesize

    3.3MB

  • memory/700-8-0x00007FF63D830000-0x00007FF63DB81000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-62-0x00007FF795200000-0x00007FF795551000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-174-0x00007FF795200000-0x00007FF795551000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-146-0x00007FF795200000-0x00007FF795551000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-0-0x00007FF795200000-0x00007FF795551000-memory.dmp

    Filesize

    3.3MB

  • memory/1020-1-0x000001CEC5800000-0x000001CEC5810000-memory.dmp

    Filesize

    64KB

  • memory/1524-139-0x00007FF62D520000-0x00007FF62D871000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-256-0x00007FF62D520000-0x00007FF62D871000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-157-0x00007FF62D520000-0x00007FF62D871000-memory.dmp

    Filesize

    3.3MB

  • memory/1608-111-0x00007FF6621C0000-0x00007FF662511000-memory.dmp

    Filesize

    3.3MB

  • memory/1608-221-0x00007FF6621C0000-0x00007FF662511000-memory.dmp

    Filesize

    3.3MB

  • memory/1608-36-0x00007FF6621C0000-0x00007FF662511000-memory.dmp

    Filesize

    3.3MB

  • memory/1656-206-0x00007FF7D6E50000-0x00007FF7D71A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1656-14-0x00007FF7D6E50000-0x00007FF7D71A1000-memory.dmp

    Filesize

    3.3MB

  • memory/1744-86-0x00007FF6DEFD0000-0x00007FF6DF321000-memory.dmp

    Filesize

    3.3MB

  • memory/1744-239-0x00007FF6DEFD0000-0x00007FF6DF321000-memory.dmp

    Filesize

    3.3MB

  • memory/2188-154-0x00007FF7F4C20000-0x00007FF7F4F71000-memory.dmp

    Filesize

    3.3MB

  • memory/2188-250-0x00007FF7F4C20000-0x00007FF7F4F71000-memory.dmp

    Filesize

    3.3MB

  • memory/2188-112-0x00007FF7F4C20000-0x00007FF7F4F71000-memory.dmp

    Filesize

    3.3MB

  • memory/2256-85-0x00007FF74C410000-0x00007FF74C761000-memory.dmp

    Filesize

    3.3MB

  • memory/2256-21-0x00007FF74C410000-0x00007FF74C761000-memory.dmp

    Filesize

    3.3MB

  • memory/2256-208-0x00007FF74C410000-0x00007FF74C761000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-213-0x00007FF6CD230000-0x00007FF6CD581000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-106-0x00007FF6CD230000-0x00007FF6CD581000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-31-0x00007FF6CD230000-0x00007FF6CD581000-memory.dmp

    Filesize

    3.3MB

  • memory/3136-134-0x00007FF664240000-0x00007FF664591000-memory.dmp

    Filesize

    3.3MB

  • memory/3136-227-0x00007FF664240000-0x00007FF664591000-memory.dmp

    Filesize

    3.3MB

  • memory/3136-55-0x00007FF664240000-0x00007FF664591000-memory.dmp

    Filesize

    3.3MB

  • memory/3144-63-0x00007FF75C140000-0x00007FF75C491000-memory.dmp

    Filesize

    3.3MB

  • memory/3144-229-0x00007FF75C140000-0x00007FF75C491000-memory.dmp

    Filesize

    3.3MB

  • memory/3148-237-0x00007FF73C5F0000-0x00007FF73C941000-memory.dmp

    Filesize

    3.3MB

  • memory/3148-80-0x00007FF73C5F0000-0x00007FF73C941000-memory.dmp

    Filesize

    3.3MB

  • memory/3424-248-0x00007FF6DCA10000-0x00007FF6DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/3424-156-0x00007FF6DCA10000-0x00007FF6DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/3424-118-0x00007FF6DCA10000-0x00007FF6DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/3696-235-0x00007FF615700000-0x00007FF615A51000-memory.dmp

    Filesize

    3.3MB

  • memory/3696-72-0x00007FF615700000-0x00007FF615A51000-memory.dmp

    Filesize

    3.3MB

  • memory/3716-225-0x00007FF783400000-0x00007FF783751000-memory.dmp

    Filesize

    3.3MB

  • memory/3716-49-0x00007FF783400000-0x00007FF783751000-memory.dmp

    Filesize

    3.3MB

  • memory/3716-133-0x00007FF783400000-0x00007FF783751000-memory.dmp

    Filesize

    3.3MB

  • memory/4076-167-0x00007FF7C6FA0000-0x00007FF7C72F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4076-142-0x00007FF7C6FA0000-0x00007FF7C72F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4076-258-0x00007FF7C6FA0000-0x00007FF7C72F1000-memory.dmp

    Filesize

    3.3MB

  • memory/4260-155-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4260-117-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4260-251-0x00007FF62DE90000-0x00007FF62E1E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4424-210-0x00007FF6169D0000-0x00007FF616D21000-memory.dmp

    Filesize

    3.3MB

  • memory/4424-26-0x00007FF6169D0000-0x00007FF616D21000-memory.dmp

    Filesize

    3.3MB

  • memory/4540-223-0x00007FF7A98D0000-0x00007FF7A9C21000-memory.dmp

    Filesize

    3.3MB

  • memory/4540-137-0x00007FF7A98D0000-0x00007FF7A9C21000-memory.dmp

    Filesize

    3.3MB

  • memory/4540-42-0x00007FF7A98D0000-0x00007FF7A9C21000-memory.dmp

    Filesize

    3.3MB

  • memory/4952-100-0x00007FF790A50000-0x00007FF790DA1000-memory.dmp

    Filesize

    3.3MB

  • memory/4952-245-0x00007FF790A50000-0x00007FF790DA1000-memory.dmp

    Filesize

    3.3MB

  • memory/4952-153-0x00007FF790A50000-0x00007FF790DA1000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-94-0x00007FF662DA0000-0x00007FF6630F1000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-241-0x00007FF662DA0000-0x00007FF6630F1000-memory.dmp

    Filesize

    3.3MB

  • memory/5036-151-0x00007FF662DA0000-0x00007FF6630F1000-memory.dmp

    Filesize

    3.3MB