Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 01:01

General

  • Target

    2024-05-30_bcbc227d67f3d73034341a973dd731d8_cobalt-strike_cobaltstrike.exe

  • Size

    5.2MB

  • MD5

    bcbc227d67f3d73034341a973dd731d8

  • SHA1

    f8556ec687dce3a39a235d8d3bcf5610d66cf440

  • SHA256

    34c7c70ec2dd176df22551f6928b4c23ea1b324d20d95ade3d5a3e6a4e1a964c

  • SHA512

    b2604e39633a67ac28fdbf299795ec424644520ff141aa2db8dffae267bc7aaa7e562666f3e0ac51f33ce6d7fb369f790e2f23a641dc6da83461692a4a65e674

  • SSDEEP

    49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6li:RWWBibf56utgpPFotBER/mQ32lU2

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 44 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-30_bcbc227d67f3d73034341a973dd731d8_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-30_bcbc227d67f3d73034341a973dd731d8_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\System\bJxFmKq.exe
      C:\Windows\System\bJxFmKq.exe
      2⤵
      • Executes dropped EXE
      PID:1664
    • C:\Windows\System\PbeFDtr.exe
      C:\Windows\System\PbeFDtr.exe
      2⤵
      • Executes dropped EXE
      PID:2604
    • C:\Windows\System\TqbqKqv.exe
      C:\Windows\System\TqbqKqv.exe
      2⤵
      • Executes dropped EXE
      PID:2912
    • C:\Windows\System\EdIeRIC.exe
      C:\Windows\System\EdIeRIC.exe
      2⤵
      • Executes dropped EXE
      PID:2956
    • C:\Windows\System\jFkhEik.exe
      C:\Windows\System\jFkhEik.exe
      2⤵
      • Executes dropped EXE
      PID:2844
    • C:\Windows\System\hycMwqq.exe
      C:\Windows\System\hycMwqq.exe
      2⤵
      • Executes dropped EXE
      PID:2612
    • C:\Windows\System\FdpJPYm.exe
      C:\Windows\System\FdpJPYm.exe
      2⤵
      • Executes dropped EXE
      PID:2624
    • C:\Windows\System\rxnRUdF.exe
      C:\Windows\System\rxnRUdF.exe
      2⤵
      • Executes dropped EXE
      PID:2856
    • C:\Windows\System\XLCtvZp.exe
      C:\Windows\System\XLCtvZp.exe
      2⤵
      • Executes dropped EXE
      PID:2556
    • C:\Windows\System\hHJZfov.exe
      C:\Windows\System\hHJZfov.exe
      2⤵
      • Executes dropped EXE
      PID:2836
    • C:\Windows\System\zMVJpeT.exe
      C:\Windows\System\zMVJpeT.exe
      2⤵
      • Executes dropped EXE
      PID:2692
    • C:\Windows\System\VZcpHvV.exe
      C:\Windows\System\VZcpHvV.exe
      2⤵
      • Executes dropped EXE
      PID:2520
    • C:\Windows\System\xtYByjm.exe
      C:\Windows\System\xtYByjm.exe
      2⤵
      • Executes dropped EXE
      PID:2584
    • C:\Windows\System\ecKetds.exe
      C:\Windows\System\ecKetds.exe
      2⤵
      • Executes dropped EXE
      PID:2164
    • C:\Windows\System\YSMpmPy.exe
      C:\Windows\System\YSMpmPy.exe
      2⤵
      • Executes dropped EXE
      PID:1052
    • C:\Windows\System\GmiiXOC.exe
      C:\Windows\System\GmiiXOC.exe
      2⤵
      • Executes dropped EXE
      PID:1436
    • C:\Windows\System\qAHFXgN.exe
      C:\Windows\System\qAHFXgN.exe
      2⤵
      • Executes dropped EXE
      PID:1940
    • C:\Windows\System\vyKcXnW.exe
      C:\Windows\System\vyKcXnW.exe
      2⤵
      • Executes dropped EXE
      PID:1952
    • C:\Windows\System\fkgDDWv.exe
      C:\Windows\System\fkgDDWv.exe
      2⤵
      • Executes dropped EXE
      PID:1500
    • C:\Windows\System\uRXbgIo.exe
      C:\Windows\System\uRXbgIo.exe
      2⤵
      • Executes dropped EXE
      PID:1996
    • C:\Windows\System\qNyWYsC.exe
      C:\Windows\System\qNyWYsC.exe
      2⤵
      • Executes dropped EXE
      PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\EdIeRIC.exe

    Filesize

    5.2MB

    MD5

    07264a57d17c780284aab8500718585c

    SHA1

    d1bff4a1ea287727b0b442aaedcf951bff83e7d6

    SHA256

    4a12df9fb4476017f858514f921af55eebb1ff74403a6004c2aef3ff496beaae

    SHA512

    04bc0cbc6fc96f1009498acdef2264ccba5d8fa12292329bdf37f15ed85d35b10f4cb01f1d842c2be8ba3c1798de8d46413c7731059214362336e508a23229de

  • C:\Windows\system\FdpJPYm.exe

    Filesize

    5.2MB

    MD5

    00acbdf96cc1c7b700d70d18b41a9651

    SHA1

    82488baad223c3d8af2507225f0eba1a72b1e4c1

    SHA256

    b719baf76e2dc82d9ff644d295725b1d7763bccd4eaa8c551ebe31a67f4681e5

    SHA512

    40efe670a971af46bd6914f234c77003f3f3d4f264c6587111fabbd453c9a0a76ef5f6afea02ec711f054cf1c8b762bcd58ca9c71b9d65c97aeb70f3f261ed78

  • C:\Windows\system\GmiiXOC.exe

    Filesize

    5.2MB

    MD5

    3ade26363a89885e3c241dad75e797ff

    SHA1

    71dc55f869bc28cc06fd6a3362043fca53487c89

    SHA256

    97259811da0575846fab5192eb18773fb1c48f12f2759232018eaacab05fe9d1

    SHA512

    14bcd86009b6f3310ac4b721938f8ad66d5a23c791e50c49050896b1d45efc7865ac6b7e6e5711ac4cca7db5303d73bfbc9b97d22cc132f7fc94cd5948002e82

  • C:\Windows\system\PbeFDtr.exe

    Filesize

    5.2MB

    MD5

    c595d83055452dbb17cb0b50a8aba724

    SHA1

    03d4c05bfb893741c3047e93609060e87199e349

    SHA256

    487b2643d38152617a3389b1e68bf768a04cec16f83e53a86bb0d3b97c3e6c87

    SHA512

    a5705fbe6ff91bc35ab5cf4a7a10033fa998e60ddfa91d7e428ddb9b45f12f60961ac45bd51fbfb45fe647f8d4d2c0b2286dc5c35ed3c4489f9ff47b473f832a

  • C:\Windows\system\VZcpHvV.exe

    Filesize

    5.2MB

    MD5

    6ccfdb5c07b1d79e79c37d7fd9af36db

    SHA1

    7ec9ce8c6c2c713f17d217874e62b0b9b5b699ec

    SHA256

    8b2d24a33479ccc0d189eb35e12477627cca5a06129946690f6a4bc604fe3684

    SHA512

    18aa0fea28222cd2a504f6cc7139f2fd86d7addb9866d606561c74500b89d0c2ffbe3008c7a61d5197257dbf5f5a298aedfab43550ccd7b3a0baf0b276734d11

  • C:\Windows\system\XLCtvZp.exe

    Filesize

    5.2MB

    MD5

    f18eef96b54c324593aeb4a4c0c588a6

    SHA1

    5bf4663742b360d73090278b84a9870a80f673ab

    SHA256

    02ff24fa6f29f4def6dab56c2fd5c228633eaa383bc45676e3f5eab390ab092d

    SHA512

    96ec57afdf399e24c4a5cc1e69f63e1b3b43632495a676a39e5bf23591912c08cb430e209a5d759886b0f113d06846f0288ad26b99f128752d2adfe9c03a4402

  • C:\Windows\system\YSMpmPy.exe

    Filesize

    5.2MB

    MD5

    8f4ff74ff0803f37e4f497491c2847e3

    SHA1

    dd11607e7b915482851a025794c6eee62d18695b

    SHA256

    4b99da1f6562726f4a3dc070e3f7239a85d9cea8d334c80545c651da1c9b1266

    SHA512

    09841fe0041caf47e5be101c1689cbabc2064a109a0d79d6849283d95bb3522dd36f6c19a8d1ecf6e108a01bd51705081bad3c32430eb5cf5c9b6feded65b367

  • C:\Windows\system\ecKetds.exe

    Filesize

    5.2MB

    MD5

    0ce392ee03146595941643ffda4f965d

    SHA1

    2a3bb37ba4c3c08fe57f3351310ea8ced92b8767

    SHA256

    95ee0de3f899c6cb0363f86fc33b1f7360b1323c69b927f1a6583b86b190a4c3

    SHA512

    a6bd7227c26e92a99be3f51ad94b02b0be3dbdda2ade4445a6b497e6c287e3dd4d675d6dea996583a5e54668aeb069ba3070faf194ad1016a1944f7ca66dc503

  • C:\Windows\system\fkgDDWv.exe

    Filesize

    5.2MB

    MD5

    46cf96f55926ab63725b2357a281d2b5

    SHA1

    1913b69547203c558a1287a4ac6d83e9f4d34c50

    SHA256

    58f86ef6fb9340c6cbfce2d83111181323083c4a5641bd4aaf9d923af220f13c

    SHA512

    cfca574d6ba1e515e2b9255dea13c7df114e1dd7e2676939a1727356b67ef96fbbba10abf446e88c30f921711f1904dbb19d4aef175787c3703d7b5119d5bd51

  • C:\Windows\system\hHJZfov.exe

    Filesize

    5.2MB

    MD5

    87edcb13e816890d84e5879cd5b07467

    SHA1

    969a4af72817323fef6999b35d0e7906f3b1a65b

    SHA256

    90ee602c7b5b0d006a854a611826782eae01c188d3dac85cbac38423a2dc6374

    SHA512

    d366bf311f6ba7818717a3aee82d5711c061a67e9b1e03b306e89b3c62fa1fb10d4e9fa94629758f091c27fc03275faff9c55ef40d278d9047c82244f3461aa1

  • C:\Windows\system\qAHFXgN.exe

    Filesize

    5.2MB

    MD5

    19a53079b33c5b0310603c8248ca347a

    SHA1

    09663130c820c1faccca0cd0f608b86203066310

    SHA256

    88e69cc93629bdf316d3e6fece6e2860e94bf85410ef9175f3aa78e12c27e9c5

    SHA512

    c01e0f5f8b1b9db37b6c3a373b5a0ef4f539031e1ffbc006a8e4d4f68e16ea04f3a9ea285cf5f954ac2dfe9f8b4b2c28eca88756f8224c33b27e9304bc4936cd

  • C:\Windows\system\rxnRUdF.exe

    Filesize

    5.2MB

    MD5

    0253e3380852bd7d96e6930dfdfebbb0

    SHA1

    ad0927137cd16d4d12cbb6dbcf89dc18501c96cc

    SHA256

    248e95dd0917935f33c3afc18437d044adcfb7bcdd069f7914afb36a79cac96f

    SHA512

    a4c8158bc513905b661b7bef189dfd258fd6cba5f3a1a5d047478f83ba4d3fedf1025650d865b5724dd203c30671558803cac677744eab1474c457477c7af83e

  • C:\Windows\system\uRXbgIo.exe

    Filesize

    5.2MB

    MD5

    94044f173be9be3f8e723758bf43fd40

    SHA1

    eebea970d4afb1eb21d891bc6a9678059a0aa990

    SHA256

    40ea892740e346b3eac69563a1995068e826305df25fe4707b9e2f2c2af4642d

    SHA512

    e3be9e6a89222fe89156c21bb3be91f8496e6a0981e167fbcb39cb67c59465597d1e1ae73dc5665b63772f0d1a3631222b2c78d1171da986716133e15ff919d2

  • C:\Windows\system\vyKcXnW.exe

    Filesize

    5.2MB

    MD5

    551bafcdb7a05f2867ed4746e6cba3e3

    SHA1

    f9b80c0603a3d96f8e844eb586ce5bebf2d8457b

    SHA256

    90319362110977c3a6f8d86360b85ace4dad926c352360ca5f03da4004169054

    SHA512

    c894e9e2e12d59cdb05f0e9c9b3a72d02505c943ca2b058ab6f56e91a7299b49e25fe045c002b8e6fd30c86becf24dd978ca2f92d0620c04fd50ed03b847aa75

  • C:\Windows\system\xtYByjm.exe

    Filesize

    5.2MB

    MD5

    3b18259cb6df2f71fffdf10a5af40f93

    SHA1

    ef8dae1a1085307f0e5a031164f9fd7e5f00b701

    SHA256

    630fb3a139745435bd6054c79149efcf89eb72acf98b9fd2f3ebb3064114c0ef

    SHA512

    48452e7e256ed877a4e289e4fb441e38ffbb7b536d7694c331589b3cb747735e054af6041c3de16748fb1f49fe9d1b3d926c7d26c7e223ac034067803e094a82

  • C:\Windows\system\zMVJpeT.exe

    Filesize

    5.2MB

    MD5

    407b82ef19aff7c67a73ced612506924

    SHA1

    e446796be33ace52f9baafc08a1ba1770157a542

    SHA256

    e414d7325a80bd1ce0e62772f93a6e88698137763e14ca2d4b4e98978b420568

    SHA512

    c310b41a98bf7a98263d726a5f275f606c54d9539ecb42a13cfeff5c191d888d23a8bce037f03bdfaff2c73b407dc2a9892bef6d2b559c879172939b029bf7aa

  • \Windows\system\TqbqKqv.exe

    Filesize

    5.2MB

    MD5

    e88e913c0aea1c3aacba74b29abe0b15

    SHA1

    c322acd828cd3707ce1c30d0ef46b008d37acaba

    SHA256

    3bb25f9f3f10f49b18ebe77866dfee190bb32fb484cc0056127467d8662b555c

    SHA512

    2b82c43106ffb1d4fce6f4e139be61912a0e47e1547a453b91491587e262b5342e3db198a1a23f9bac1b7e2e49f239138a06a40599118c45e98ab820093d7ca2

  • \Windows\system\bJxFmKq.exe

    Filesize

    5.2MB

    MD5

    3db87a360e32f323f1d9c078983397e0

    SHA1

    555ee6985b73afbc3c1830d2c312be4cda929184

    SHA256

    469b62a37465bc0edc972f1d4298671a73c7e3fee17376344c94e2d5c3f7923b

    SHA512

    f7d25f0d00167eee162c9521f89218ec8f9b4971e07ece39e42cf0e22c27a53f068607b2d5d0eb999bfb6648f6d243f53a6d7cba2584d9e55667438ec107d270

  • \Windows\system\hycMwqq.exe

    Filesize

    5.2MB

    MD5

    d711bc62a2067e8d38d9b05e611ec434

    SHA1

    1efb359f257ebd5405d91449a8aed8fe2c27cca4

    SHA256

    f53984a36d2a8229ccd40739d538209dd5113bf14f75b1c3b5a169c977d165dd

    SHA512

    2a9695fcaafba3adbd92d791586c4ceb710a7dcc32120c4fe7cd19afa9cfc56c1e827023b3557ae6e9671d39b5526c565e973659be408685618dced0ceb5b3dd

  • \Windows\system\jFkhEik.exe

    Filesize

    5.2MB

    MD5

    e76aac89c5fcf3a8657496348cf9e1e6

    SHA1

    a5c9e95d93d48cf2e07aa1691baef2788ac72f95

    SHA256

    2d0ea9963c2879eeed90ff1a2efac829fb5232267e7909a7a32605d55791ef8e

    SHA512

    7e9f0fe6a9942d0fc27cdcad9fc22de254ecce628c98fe2c349c6a7a76dfc191d001b89c903f0787d36876a67bc552ed0adfc37fa6e065c78c0e71124f8a90f8

  • \Windows\system\qNyWYsC.exe

    Filesize

    5.2MB

    MD5

    9e52af66a6b49774f21880ef70dcbda6

    SHA1

    2019b199d291683b2f6b6d04932ffb94c12295e9

    SHA256

    0398653d72dddd15c7cd2a6f9c0381b1d5c3333be7f1b63a41b945b2a3c42485

    SHA512

    1010da9add4bf1022b10cdb9d3808a18ae82ad4837824b1ff80b3278e634389c96edb137d8e8aa882c402f8b01ad882de69cf42114994266e09c3668bc460156

  • memory/1032-159-0x000000013F1F0000-0x000000013F541000-memory.dmp

    Filesize

    3.3MB

  • memory/1052-153-0x000000013F6C0000-0x000000013FA11000-memory.dmp

    Filesize

    3.3MB

  • memory/1436-154-0x000000013F300000-0x000000013F651000-memory.dmp

    Filesize

    3.3MB

  • memory/1500-157-0x000000013F510000-0x000000013F861000-memory.dmp

    Filesize

    3.3MB

  • memory/1664-34-0x000000013FC20000-0x000000013FF71000-memory.dmp

    Filesize

    3.3MB

  • memory/1664-90-0x000000013FC20000-0x000000013FF71000-memory.dmp

    Filesize

    3.3MB

  • memory/1664-211-0x000000013FC20000-0x000000013FF71000-memory.dmp

    Filesize

    3.3MB

  • memory/1940-155-0x000000013FB40000-0x000000013FE91000-memory.dmp

    Filesize

    3.3MB

  • memory/1952-156-0x000000013F870000-0x000000013FBC1000-memory.dmp

    Filesize

    3.3MB

  • memory/1996-158-0x000000013F930000-0x000000013FC81000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-161-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-37-0x000000013F8C0000-0x000000013FC11000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-75-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-138-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-87-0x000000013FF40000-0x0000000140291000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-68-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-183-0x0000000002410000-0x0000000002761000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-62-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-0-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-96-0x0000000002410000-0x0000000002761000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-53-0x0000000002410000-0x0000000002761000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-160-0x000000013FF40000-0x0000000140291000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-105-0x0000000002410000-0x0000000002761000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-1-0x00000000002F0000-0x0000000000300000-memory.dmp

    Filesize

    64KB

  • memory/2068-11-0x000000013FAC0000-0x000000013FE11000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-43-0x0000000002410000-0x0000000002761000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-7-0x000000013FC20000-0x000000013FF71000-memory.dmp

    Filesize

    3.3MB

  • memory/2068-39-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2164-245-0x000000013F750000-0x000000013FAA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2164-152-0x000000013F750000-0x000000013FAA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2164-97-0x000000013F750000-0x000000013FAA1000-memory.dmp

    Filesize

    3.3MB

  • memory/2520-233-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2520-81-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2520-150-0x000000013FBA0000-0x000000013FEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2556-222-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2556-63-0x000000013FAA0000-0x000000013FDF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2584-91-0x000000013FF40000-0x0000000140291000-memory.dmp

    Filesize

    3.3MB

  • memory/2584-151-0x000000013FF40000-0x0000000140291000-memory.dmp

    Filesize

    3.3MB

  • memory/2584-244-0x000000013FF40000-0x0000000140291000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-207-0x000000013FAC0000-0x000000013FE11000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-17-0x000000013FAC0000-0x000000013FE11000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-86-0x000000013FAC0000-0x000000013FE11000-memory.dmp

    Filesize

    3.3MB

  • memory/2612-44-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2612-215-0x000000013F470000-0x000000013F7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/2624-136-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2624-48-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2624-223-0x000000013F0D0000-0x000000013F421000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-149-0x000000013F860000-0x000000013FBB1000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-76-0x000000013F860000-0x000000013FBB1000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-241-0x000000013F860000-0x000000013FBB1000-memory.dmp

    Filesize

    3.3MB

  • memory/2836-148-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/2836-69-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/2836-225-0x000000013FEE0000-0x0000000140231000-memory.dmp

    Filesize

    3.3MB

  • memory/2844-217-0x000000013F800000-0x000000013FB51000-memory.dmp

    Filesize

    3.3MB

  • memory/2844-46-0x000000013F800000-0x000000013FB51000-memory.dmp

    Filesize

    3.3MB

  • memory/2844-104-0x000000013F800000-0x000000013FB51000-memory.dmp

    Filesize

    3.3MB

  • memory/2856-219-0x000000013F2D0000-0x000000013F621000-memory.dmp

    Filesize

    3.3MB

  • memory/2856-137-0x000000013F2D0000-0x000000013F621000-memory.dmp

    Filesize

    3.3MB

  • memory/2856-54-0x000000013F2D0000-0x000000013F621000-memory.dmp

    Filesize

    3.3MB

  • memory/2912-213-0x000000013FD30000-0x0000000140081000-memory.dmp

    Filesize

    3.3MB

  • memory/2912-42-0x000000013FD30000-0x0000000140081000-memory.dmp

    Filesize

    3.3MB

  • memory/2956-38-0x000000013F8C0000-0x000000013FC11000-memory.dmp

    Filesize

    3.3MB

  • memory/2956-210-0x000000013F8C0000-0x000000013FC11000-memory.dmp

    Filesize

    3.3MB