Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-06-2024 06:12

General

  • Target

    2024-06-01_c89d384a864c326d03abaf8522cffc1e_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    c89d384a864c326d03abaf8522cffc1e

  • SHA1

    0aef1464cb96245caa6391a7ee9ab1a6a829af6d

  • SHA256

    7465ebabba677948946966a179f6b27b2c849b54db4dbe4b772fb9dd99acff56

  • SHA512

    59dd1c70f8f62c455a5f457fb60b0ded5cbb2edca21ed8332f73715ad67c19c14114140f204520dec712aff7f8ff8edd3bf02438f8aebb2d8cfbab4d38f85cdc

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUY:Q+856utgpPF8u/7Y

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-01_c89d384a864c326d03abaf8522cffc1e_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-01_c89d384a864c326d03abaf8522cffc1e_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\System\SyXRvkm.exe
      C:\Windows\System\SyXRvkm.exe
      2⤵
      • Executes dropped EXE
      PID:1484
    • C:\Windows\System\PvqGexu.exe
      C:\Windows\System\PvqGexu.exe
      2⤵
      • Executes dropped EXE
      PID:2800
    • C:\Windows\System\mipWnyk.exe
      C:\Windows\System\mipWnyk.exe
      2⤵
      • Executes dropped EXE
      PID:4476
    • C:\Windows\System\gfoqNZB.exe
      C:\Windows\System\gfoqNZB.exe
      2⤵
      • Executes dropped EXE
      PID:1004
    • C:\Windows\System\vkXNYaj.exe
      C:\Windows\System\vkXNYaj.exe
      2⤵
      • Executes dropped EXE
      PID:2736
    • C:\Windows\System\KgtmTOy.exe
      C:\Windows\System\KgtmTOy.exe
      2⤵
      • Executes dropped EXE
      PID:1212
    • C:\Windows\System\RXQdHzT.exe
      C:\Windows\System\RXQdHzT.exe
      2⤵
      • Executes dropped EXE
      PID:2284
    • C:\Windows\System\UtWhkVR.exe
      C:\Windows\System\UtWhkVR.exe
      2⤵
      • Executes dropped EXE
      PID:3268
    • C:\Windows\System\VneGBKH.exe
      C:\Windows\System\VneGBKH.exe
      2⤵
      • Executes dropped EXE
      PID:324
    • C:\Windows\System\wzUrEMj.exe
      C:\Windows\System\wzUrEMj.exe
      2⤵
      • Executes dropped EXE
      PID:428
    • C:\Windows\System\uTijSya.exe
      C:\Windows\System\uTijSya.exe
      2⤵
      • Executes dropped EXE
      PID:4036
    • C:\Windows\System\RlaCWPG.exe
      C:\Windows\System\RlaCWPG.exe
      2⤵
      • Executes dropped EXE
      PID:2280
    • C:\Windows\System\JUuwZjR.exe
      C:\Windows\System\JUuwZjR.exe
      2⤵
      • Executes dropped EXE
      PID:5100
    • C:\Windows\System\GFqZsNH.exe
      C:\Windows\System\GFqZsNH.exe
      2⤵
      • Executes dropped EXE
      PID:2692
    • C:\Windows\System\nZIpyEO.exe
      C:\Windows\System\nZIpyEO.exe
      2⤵
      • Executes dropped EXE
      PID:1252
    • C:\Windows\System\HpAuxak.exe
      C:\Windows\System\HpAuxak.exe
      2⤵
      • Executes dropped EXE
      PID:1136
    • C:\Windows\System\TKIsydU.exe
      C:\Windows\System\TKIsydU.exe
      2⤵
      • Executes dropped EXE
      PID:3764
    • C:\Windows\System\CfTeIuZ.exe
      C:\Windows\System\CfTeIuZ.exe
      2⤵
      • Executes dropped EXE
      PID:2332
    • C:\Windows\System\snJtmix.exe
      C:\Windows\System\snJtmix.exe
      2⤵
      • Executes dropped EXE
      PID:1440
    • C:\Windows\System\KOtTbNl.exe
      C:\Windows\System\KOtTbNl.exe
      2⤵
      • Executes dropped EXE
      PID:320
    • C:\Windows\System\IDHOYoD.exe
      C:\Windows\System\IDHOYoD.exe
      2⤵
      • Executes dropped EXE
      PID:4980
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8
    1⤵
      PID:800

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\CfTeIuZ.exe

      Filesize

      5.9MB

      MD5

      5e6febf3bd017f098620335cb73be981

      SHA1

      fb09ef4ccebd4f92bca9fd9d3581d140bdb6aef2

      SHA256

      d87bec6a6c51c82930385cbd29675bea01e31cd4ff64209e57ea4d296b715d59

      SHA512

      754b191f71d9cf9e5789bcd9ab1000b634f16d4b296c2840c299e5c2807fc909fb1e61f8b0155b87d960135021c34946b958cddb719867904b9f08fb4c4f648c

    • C:\Windows\System\GFqZsNH.exe

      Filesize

      5.9MB

      MD5

      70ef3663d3c417fce036ec249079412e

      SHA1

      02642c81bcbf6e6c880bfe20a604a05b394e36ae

      SHA256

      949cba9766076f8c2cd5697efd214af4e8215ebe425e4eb44beac7996eaee1f8

      SHA512

      87eec9ad7edd51aa49d86f5849e57e8ad16e931c5a7ff05161ce21d5c5e352b07095d140cef4003830a327709085352ec908d5743fdc6c6782262bcfd006d792

    • C:\Windows\System\HpAuxak.exe

      Filesize

      5.9MB

      MD5

      3e7746c4ecc741953f44388dbd7c7585

      SHA1

      db8b3172d1c354bd8fa66b1712c48584d85905ad

      SHA256

      6d80315e16f56e920eb64eb6acc6fe38b85f958c73feabc47f92850e4ab00629

      SHA512

      2235fd5db48065baea028888485041214e0e4ef4ad9667ba40334df320e6d600ae192f68a432ae7fc4ffdfb7e7371c7323256fa7435efea5c0966bdd6ac7c623

    • C:\Windows\System\IDHOYoD.exe

      Filesize

      5.9MB

      MD5

      3115a0a9e47ee03c2699b2afd69f4996

      SHA1

      13bade81ce1c056ef4022ee33ebe746f5236848d

      SHA256

      fc5461e9f17751e67fd4f908af72c3283ee1582ba6a726b12b9f024320a578ad

      SHA512

      978e3a392a934d6eb4060175bfa30633c0608384b7b64787676fb9588a3a302bd83a5927112c0f2e5cb3de53a2c3cd862aea84da493adc25548e5e13266282ec

    • C:\Windows\System\JUuwZjR.exe

      Filesize

      5.9MB

      MD5

      5a29efce7b3fa48801f79c7ec2dd5b56

      SHA1

      aceb76d885245577ff4ebbe4bb2349f0cc4ca504

      SHA256

      0061a9b27c943d489dc6420595b9ffe200b2f73ee157de4e38684631f348eff5

      SHA512

      9180f5fae8f9d49e3e3b61def6221086e8cc16d5fe012487169b4c23890b3b5a6232d12f0ee028de5e93198255491598e765655926ec48411c5af915adec6918

    • C:\Windows\System\KOtTbNl.exe

      Filesize

      5.9MB

      MD5

      448e62c46b8df6b69b5e8cab1508e3c7

      SHA1

      156ceaf11b1ce12e937a56ac2db2c2dbeb70fa68

      SHA256

      6d25c5e281fe3a8a5c7a74650adc87d3cfcb5c4325045e7077087629a2282035

      SHA512

      56fa9dcfe58e71ef63d1894d9974c920a07cad7b8edf4b430b469cfd51c087cc7c12ae6b067bc78744f7b3e09d3c2c8eb4bd9f7517229a7b30692e3d93a364a8

    • C:\Windows\System\KgtmTOy.exe

      Filesize

      5.9MB

      MD5

      2a9bf715e759588adb9e82a898ad816a

      SHA1

      9b98cfe2091dbd998b6e940eaff1e7e3fc4dffc7

      SHA256

      dbb247e6273e71f1af434518a1cd77c5d534cd4720d3b5d0b04516da2af2dd32

      SHA512

      ba6d745ecb0d0c59f5c10c62908f79d7ebca9acfe5e4a12677ee17a27ac16bad6c6698bce03f3b4e6c6a916a95e85e576c522ed10c56d3fb6f89050a7627d6cd

    • C:\Windows\System\PvqGexu.exe

      Filesize

      5.9MB

      MD5

      a1e6fcfc9d02215f4437a960177f5a56

      SHA1

      0e76431123188bbcc36be440ea69a26880ac4f58

      SHA256

      03e8886053f6a2046a5088f5fdea50dec98836f5c27e3aa713bd3607c0150f24

      SHA512

      b3f07dca54828ad1d01138efde34b6e6a318815cc9a9d55654da86e9fe39436545ed81626508cabf09cf4ada60538391b351fda9c7bcca5783e8bb7a98331774

    • C:\Windows\System\RXQdHzT.exe

      Filesize

      5.9MB

      MD5

      d5e273cf72545a23a97fb0e89aedcc7c

      SHA1

      005d0427f744128a50a75d8ea7a53ddd462f4627

      SHA256

      79ccb52565f9546946fedd83e7f270804c229d05975e138546b6eeab1094adf2

      SHA512

      9a7f13a4ab0c5feda126775521160e5ed8b563b3152cb11c3034d9bd6e7403bd4d88908100c6f09281ae92250929fbadc76aeb2a3d581b4214f365fbf493dad7

    • C:\Windows\System\RlaCWPG.exe

      Filesize

      5.9MB

      MD5

      121546437fd786e56dc939fa9877ee4a

      SHA1

      50d87d5a0706e59911153b1d62ca14ab0b964997

      SHA256

      407616a165b5df844788d13c330038da8221d7d1517c36cac11147291e4ec54d

      SHA512

      78b2869c994537ec9235bf8cdf6bc88b19e59558901b43e789466430c50b07712262c4c8d709b1c168926e2c6427643de38973f62539aa13009e50cff5e17dfd

    • C:\Windows\System\SyXRvkm.exe

      Filesize

      5.9MB

      MD5

      0d90e2bf0bef5d7384814d3f9b27198c

      SHA1

      be5786f817724f5f63307a41e1f883077328c9bd

      SHA256

      93a0d5fa9d72796cdabd7e27a5eeb922f9c2fb1f380e70cb009f999faad63b53

      SHA512

      2f55f2887355ba21740509b10ef7c58381a4235d822b4bbf7e17a9b5d6340328b45fab38863e8034b95c6a7ce8716a0357164c6f3bb475122cd6c6ac52edbb7a

    • C:\Windows\System\TKIsydU.exe

      Filesize

      5.9MB

      MD5

      b9b9a3d74724492851b720e9238ab69c

      SHA1

      c55656815ce12aeb0262f8c8474c835baaff451f

      SHA256

      d8eb935f0fed8ccb6eb48c6af7d7dd25e7a8caa58f2cb76b0bcf043173d0f2e6

      SHA512

      a9a495da0b4dd378e996260b2c231435e97273cf453248b8f9b0a2307363516a22a5eb75f63f17882e02d4a652c83d31bfd22a31521714ad5855d02572d57eda

    • C:\Windows\System\UtWhkVR.exe

      Filesize

      5.9MB

      MD5

      7b945ccc94d938fa202d9101afefb47b

      SHA1

      0ced7a706d004b10dda765dca9b5bb02f064cb66

      SHA256

      8fda9130ffeb5553d793fa8f6d9cc995654aacb14070e744009627176f2ac6e2

      SHA512

      598747e306034069ffed2aa784438bdd31743ed1009ca560bce1d78d60e4e792322235ab454534ed9dc481a6efa452833f50a14d347208ec93e9a867bddf3305

    • C:\Windows\System\VneGBKH.exe

      Filesize

      5.9MB

      MD5

      6a12e3833e168db5bd0d3bcf8b9a0a86

      SHA1

      81bcfaf20b202eb36f054c23e6c2102ec6bf7358

      SHA256

      667d33a3cd776e7e641e4c255bc887035cf0a1d1f64b56d14b37a6f8847bd500

      SHA512

      74cebe8eafb89b746f300237163e54f789fff0151d34a8b31ea1dcec541f22c0228e515495c8f78dc7a352ca7268f49a3ac6c43c58d9551f9cac43c9bf9c507b

    • C:\Windows\System\gfoqNZB.exe

      Filesize

      5.9MB

      MD5

      8554c87d07daf07e35e4d6a822931b82

      SHA1

      9739470a45c130311dc95d689a7e0eafb46c2a19

      SHA256

      154e03aa7853eb64b1c80aff464404d496c2d5db578b4ab68588eb94fbe72cc7

      SHA512

      03b9a4703a9642bf1d74da2df799134dbaa5b0b9d568f752f37d729cd074b82b2a4121abc775196aab7ec30829f098f8982e8d8c9685501d2d1d4c1568a6a75a

    • C:\Windows\System\mipWnyk.exe

      Filesize

      5.9MB

      MD5

      666bd03e8de1bf04c66b5526937a7cfb

      SHA1

      8ccc8b2e126b54a2aa656663e594f76fbd7a537c

      SHA256

      bdb6ad71b2cfc07707764fe3ff2e1edb1a5d5cf9369bb8ecaf534705d7824a39

      SHA512

      e98bb6cc55c9b09b7e4dce8608014c9a71c7a5e816145e3f6e7ab1f48dd259b89f09a5358006c43eb6d869d6850ee7c515a0c7232ba73a5c16706c52f1173bcb

    • C:\Windows\System\nZIpyEO.exe

      Filesize

      5.9MB

      MD5

      9cc5fc6813165236b6c7050970e1a404

      SHA1

      3923fe9c36865a75e2eaa9235b9d81c7378b8fce

      SHA256

      e59a13892f5ea7b2d7a93d0ccd3d44b2965e01b80323091756bee8c88ef24e57

      SHA512

      ebd6f1d3c8a44930a71e074ed9bac5e08452cf43a64637734698d920b8eabe6e18cb49090d8106429d601cb618ffced9805283b412385137d06550706887e8f2

    • C:\Windows\System\snJtmix.exe

      Filesize

      5.9MB

      MD5

      3c66b07b65f13836103852288c2e0153

      SHA1

      bc05e5978673034639876889fda1fd4a83914461

      SHA256

      40347b6a5e3a8b6236787b69b64fa6fdea1a5df4cab6a67101ccad85ec31f488

      SHA512

      120ec15a5b2a41a78954a92c5b79ef7e6300815ad6cc86bb5c03b30ad6dfd6ca9b90dbf1b9e701fe197ba73d7837a400ffed90005e2f0eea4a3d7a731e061dab

    • C:\Windows\System\uTijSya.exe

      Filesize

      5.9MB

      MD5

      8a140b4c90927722d422a7a4075c5f3e

      SHA1

      e55c417b094237c477812b9daca256e303f56992

      SHA256

      65b210972df7cb670fe6e2891496c23c7506ae5596a47dcc13943d1bbf91eb69

      SHA512

      4938b6d4c4bf8f03699392ed8f935748b267fddbbbe668c16f53effc412a890744af4c185031221f2f87b618db2487afbbc5501a126b80757dbf2296cc1638f5

    • C:\Windows\System\vkXNYaj.exe

      Filesize

      5.9MB

      MD5

      fcd55e65f31f17d9c9f51a9e22716a05

      SHA1

      bb10f34d4c2290e85414388148c8427d3f8117fb

      SHA256

      f45e0b9e453afad500bd9681f734675d17ea0c24b3d9a7cf75ff729989020395

      SHA512

      5d676e72f058d7db7e8f286b7e01e0699c8aac6fb3830d890510c777b7bf3bf670540f5a22d9e28f3b1b476bf0bb741d1f6cbfa066a4c775978f3735ccd45c5a

    • C:\Windows\System\wzUrEMj.exe

      Filesize

      5.9MB

      MD5

      d80ceac0df0c9824b05321f5d6114b9e

      SHA1

      ad4a54203238bc15b9de43da7f9d8e1e93a6946a

      SHA256

      f6d388855475d419313340f30a2d4bbc750f45d8b26839b9dfc871d4614f34aa

      SHA512

      91ec402e9007e1f09c87e57f033740d698407f0d69a5627126a8eec95e3977bc43be73682638b8e193890f27cd92cec4c20246e8fdd61b56a0be150c754b8e0d

    • memory/320-158-0x00007FF7F3700000-0x00007FF7F3A54000-memory.dmp

      Filesize

      3.3MB

    • memory/320-125-0x00007FF7F3700000-0x00007FF7F3A54000-memory.dmp

      Filesize

      3.3MB

    • memory/324-59-0x00007FF72E170000-0x00007FF72E4C4000-memory.dmp

      Filesize

      3.3MB

    • memory/324-147-0x00007FF72E170000-0x00007FF72E4C4000-memory.dmp

      Filesize

      3.3MB

    • memory/324-131-0x00007FF72E170000-0x00007FF72E4C4000-memory.dmp

      Filesize

      3.3MB

    • memory/428-148-0x00007FF66CDA0000-0x00007FF66D0F4000-memory.dmp

      Filesize

      3.3MB

    • memory/428-60-0x00007FF66CDA0000-0x00007FF66D0F4000-memory.dmp

      Filesize

      3.3MB

    • memory/428-133-0x00007FF66CDA0000-0x00007FF66D0F4000-memory.dmp

      Filesize

      3.3MB

    • memory/1004-35-0x00007FF60E710000-0x00007FF60EA64000-memory.dmp

      Filesize

      3.3MB

    • memory/1004-142-0x00007FF60E710000-0x00007FF60EA64000-memory.dmp

      Filesize

      3.3MB

    • memory/1136-105-0x00007FF73FF70000-0x00007FF7402C4000-memory.dmp

      Filesize

      3.3MB

    • memory/1136-154-0x00007FF73FF70000-0x00007FF7402C4000-memory.dmp

      Filesize

      3.3MB

    • memory/1212-36-0x00007FF70F730000-0x00007FF70FA84000-memory.dmp

      Filesize

      3.3MB

    • memory/1212-144-0x00007FF70F730000-0x00007FF70FA84000-memory.dmp

      Filesize

      3.3MB

    • memory/1212-130-0x00007FF70F730000-0x00007FF70FA84000-memory.dmp

      Filesize

      3.3MB

    • memory/1252-100-0x00007FF6E8AB0000-0x00007FF6E8E04000-memory.dmp

      Filesize

      3.3MB

    • memory/1252-153-0x00007FF6E8AB0000-0x00007FF6E8E04000-memory.dmp

      Filesize

      3.3MB

    • memory/1252-136-0x00007FF6E8AB0000-0x00007FF6E8E04000-memory.dmp

      Filesize

      3.3MB

    • memory/1440-157-0x00007FF71D800000-0x00007FF71DB54000-memory.dmp

      Filesize

      3.3MB

    • memory/1440-138-0x00007FF71D800000-0x00007FF71DB54000-memory.dmp

      Filesize

      3.3MB

    • memory/1440-117-0x00007FF71D800000-0x00007FF71DB54000-memory.dmp

      Filesize

      3.3MB

    • memory/1484-113-0x00007FF6088B0000-0x00007FF608C04000-memory.dmp

      Filesize

      3.3MB

    • memory/1484-139-0x00007FF6088B0000-0x00007FF608C04000-memory.dmp

      Filesize

      3.3MB

    • memory/1484-6-0x00007FF6088B0000-0x00007FF608C04000-memory.dmp

      Filesize

      3.3MB

    • memory/2280-152-0x00007FF633000000-0x00007FF633354000-memory.dmp

      Filesize

      3.3MB

    • memory/2280-134-0x00007FF633000000-0x00007FF633354000-memory.dmp

      Filesize

      3.3MB

    • memory/2280-84-0x00007FF633000000-0x00007FF633354000-memory.dmp

      Filesize

      3.3MB

    • memory/2284-52-0x00007FF7AD0D0000-0x00007FF7AD424000-memory.dmp

      Filesize

      3.3MB

    • memory/2284-145-0x00007FF7AD0D0000-0x00007FF7AD424000-memory.dmp

      Filesize

      3.3MB

    • memory/2332-155-0x00007FF7BE250000-0x00007FF7BE5A4000-memory.dmp

      Filesize

      3.3MB

    • memory/2332-115-0x00007FF7BE250000-0x00007FF7BE5A4000-memory.dmp

      Filesize

      3.3MB

    • memory/2692-151-0x00007FF6040B0000-0x00007FF604404000-memory.dmp

      Filesize

      3.3MB

    • memory/2692-93-0x00007FF6040B0000-0x00007FF604404000-memory.dmp

      Filesize

      3.3MB

    • memory/2692-135-0x00007FF6040B0000-0x00007FF604404000-memory.dmp

      Filesize

      3.3MB

    • memory/2736-143-0x00007FF630870000-0x00007FF630BC4000-memory.dmp

      Filesize

      3.3MB

    • memory/2736-116-0x00007FF630870000-0x00007FF630BC4000-memory.dmp

      Filesize

      3.3MB

    • memory/2736-32-0x00007FF630870000-0x00007FF630BC4000-memory.dmp

      Filesize

      3.3MB

    • memory/2800-15-0x00007FF752140000-0x00007FF752494000-memory.dmp

      Filesize

      3.3MB

    • memory/2800-140-0x00007FF752140000-0x00007FF752494000-memory.dmp

      Filesize

      3.3MB

    • memory/3268-55-0x00007FF69BC60000-0x00007FF69BFB4000-memory.dmp

      Filesize

      3.3MB

    • memory/3268-146-0x00007FF69BC60000-0x00007FF69BFB4000-memory.dmp

      Filesize

      3.3MB

    • memory/3764-137-0x00007FF66B5A0000-0x00007FF66B8F4000-memory.dmp

      Filesize

      3.3MB

    • memory/3764-112-0x00007FF66B5A0000-0x00007FF66B8F4000-memory.dmp

      Filesize

      3.3MB

    • memory/3764-156-0x00007FF66B5A0000-0x00007FF66B8F4000-memory.dmp

      Filesize

      3.3MB

    • memory/4036-72-0x00007FF7C4A50000-0x00007FF7C4DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/4036-149-0x00007FF7C4A50000-0x00007FF7C4DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/4228-0-0x00007FF7AC8D0000-0x00007FF7ACC24000-memory.dmp

      Filesize

      3.3MB

    • memory/4228-102-0x00007FF7AC8D0000-0x00007FF7ACC24000-memory.dmp

      Filesize

      3.3MB

    • memory/4228-1-0x000001D2F4270000-0x000001D2F4280000-memory.dmp

      Filesize

      64KB

    • memory/4476-27-0x00007FF61FB50000-0x00007FF61FEA4000-memory.dmp

      Filesize

      3.3MB

    • memory/4476-141-0x00007FF61FB50000-0x00007FF61FEA4000-memory.dmp

      Filesize

      3.3MB

    • memory/4980-132-0x00007FF7BE0C0000-0x00007FF7BE414000-memory.dmp

      Filesize

      3.3MB

    • memory/4980-159-0x00007FF7BE0C0000-0x00007FF7BE414000-memory.dmp

      Filesize

      3.3MB

    • memory/5100-150-0x00007FF76AF60000-0x00007FF76B2B4000-memory.dmp

      Filesize

      3.3MB

    • memory/5100-82-0x00007FF76AF60000-0x00007FF76B2B4000-memory.dmp

      Filesize

      3.3MB