Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 10:55

General

  • Target

    2024-06-06_8caad0840acab799cfe6dfb9e5812b4d_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    8caad0840acab799cfe6dfb9e5812b4d

  • SHA1

    125f48606208c212b1206b60a637c6b5c7bfc6b0

  • SHA256

    2df4d1207fada40a7ffad4aadcc125e32b53c9d7227362c8e9c2df1fe5800574

  • SHA512

    bfb67d62cd0ecd2c86b2b888fda6be570569e64336cf7a9251aed0cfc817613a7f782b821d396722cef4b51d540e38ac62eeb40e9ba02cf7d32144f80fb59549

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUX:Q+856utgpPF8u/7X

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-06_8caad0840acab799cfe6dfb9e5812b4d_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-06_8caad0840acab799cfe6dfb9e5812b4d_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Windows\System\EyHomMN.exe
      C:\Windows\System\EyHomMN.exe
      2⤵
      • Executes dropped EXE
      PID:4428
    • C:\Windows\System\BIRgULs.exe
      C:\Windows\System\BIRgULs.exe
      2⤵
      • Executes dropped EXE
      PID:1128
    • C:\Windows\System\KFiCTuA.exe
      C:\Windows\System\KFiCTuA.exe
      2⤵
      • Executes dropped EXE
      PID:1584
    • C:\Windows\System\lNqHhHi.exe
      C:\Windows\System\lNqHhHi.exe
      2⤵
      • Executes dropped EXE
      PID:332
    • C:\Windows\System\YFoYiDs.exe
      C:\Windows\System\YFoYiDs.exe
      2⤵
      • Executes dropped EXE
      PID:3056
    • C:\Windows\System\PqDCFUJ.exe
      C:\Windows\System\PqDCFUJ.exe
      2⤵
      • Executes dropped EXE
      PID:4864
    • C:\Windows\System\BYVrcop.exe
      C:\Windows\System\BYVrcop.exe
      2⤵
      • Executes dropped EXE
      PID:1968
    • C:\Windows\System\DCDdwNC.exe
      C:\Windows\System\DCDdwNC.exe
      2⤵
      • Executes dropped EXE
      PID:3892
    • C:\Windows\System\LiHeoEW.exe
      C:\Windows\System\LiHeoEW.exe
      2⤵
      • Executes dropped EXE
      PID:3504
    • C:\Windows\System\IdaVRHy.exe
      C:\Windows\System\IdaVRHy.exe
      2⤵
      • Executes dropped EXE
      PID:4540
    • C:\Windows\System\dtyXrxg.exe
      C:\Windows\System\dtyXrxg.exe
      2⤵
      • Executes dropped EXE
      PID:2660
    • C:\Windows\System\rOFlbzg.exe
      C:\Windows\System\rOFlbzg.exe
      2⤵
      • Executes dropped EXE
      PID:2852
    • C:\Windows\System\fOXbtPw.exe
      C:\Windows\System\fOXbtPw.exe
      2⤵
      • Executes dropped EXE
      PID:372
    • C:\Windows\System\OQSuPJX.exe
      C:\Windows\System\OQSuPJX.exe
      2⤵
      • Executes dropped EXE
      PID:1660
    • C:\Windows\System\rGezFBr.exe
      C:\Windows\System\rGezFBr.exe
      2⤵
      • Executes dropped EXE
      PID:4736
    • C:\Windows\System\AUQwuxC.exe
      C:\Windows\System\AUQwuxC.exe
      2⤵
      • Executes dropped EXE
      PID:4284
    • C:\Windows\System\fgEwXzI.exe
      C:\Windows\System\fgEwXzI.exe
      2⤵
      • Executes dropped EXE
      PID:1632
    • C:\Windows\System\mNxbnxT.exe
      C:\Windows\System\mNxbnxT.exe
      2⤵
      • Executes dropped EXE
      PID:3948
    • C:\Windows\System\bsZjPnl.exe
      C:\Windows\System\bsZjPnl.exe
      2⤵
      • Executes dropped EXE
      PID:4784
    • C:\Windows\System\PXGoOfj.exe
      C:\Windows\System\PXGoOfj.exe
      2⤵
      • Executes dropped EXE
      PID:1720
    • C:\Windows\System\YOxurXq.exe
      C:\Windows\System\YOxurXq.exe
      2⤵
      • Executes dropped EXE
      PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\AUQwuxC.exe

    Filesize

    5.9MB

    MD5

    220c2e3759c7feea12bfdf55351aa66f

    SHA1

    022cc350de84d5227c8cd96d071a4dff1e07c2e1

    SHA256

    23c2cedfe3dfd8da1c1c4f3cdef67cd05306f8f68b591c3364b92c879656e291

    SHA512

    f4b327ff0b433a05aaccfa71b40d16b313c537d0445bded3d073ae3c408e6aa41575c197f11ae75db8de48fbe4c4bab3fc6cc00292d68bebebdd667257d03c97

  • C:\Windows\System\BIRgULs.exe

    Filesize

    5.9MB

    MD5

    8b8851d64083d09ec301cb451ed67d74

    SHA1

    ac6da72e3e5c06263ef5dc36b38404ebe86cee43

    SHA256

    f2ea08fcab48b37f4fab8ebb495d5f9d05d55aecdeeb2a82a8d07eabbbf37a8a

    SHA512

    64715824b01c2dc8c35916b9b2ba97d50bcd8a4672abe48e509439048ed640f0c3f57ec08fc76fb45ac2451d8db29fd8843e88fcd4251faed7b5a8a46f606906

  • C:\Windows\System\BYVrcop.exe

    Filesize

    5.9MB

    MD5

    689849c586da5af0bb0b5c777ba6f772

    SHA1

    9af2208e1347e4a2ea97e136ff9730962ac44c96

    SHA256

    763205e949861adfd3a2a54e2cc1000fe6996e06cf57f68d2732e48b92674cba

    SHA512

    02bf7ca8a59a4b1f388e8cdab604aedc2e4aa600f9428b63c1be19ba32d4683cedf9ce76cd8c7bf599f6cb25fbd396f0c25ecbb28548a425c95f1fd1ba9d1a58

  • C:\Windows\System\DCDdwNC.exe

    Filesize

    5.9MB

    MD5

    4a99efa2d305b318e7cd05cf16ce9499

    SHA1

    931812d48d65442b978d3c122480a8977836d002

    SHA256

    9b4fdb2f6b75b81f349710f87aba3c8e327f8a24ee38ec1651b38590716ca3e2

    SHA512

    34bf9e29be9b4a074bf914d2392fa690b61f7cc62ea001a9ea53ba45702d643daebc476b03e5fdac65ffc45b20272ea493ffcb56edc801851caa659528528f68

  • C:\Windows\System\EyHomMN.exe

    Filesize

    5.9MB

    MD5

    050cc991ead7eb57a6d2648945a49a40

    SHA1

    3b7387354dfe3254f38c3959f236d34b99517de5

    SHA256

    cc4981abf0294d9e18ab15e4b212f05d035716aff35cc63172d31527fbd15519

    SHA512

    92cba0bed07185469d08f206a457f97f10ed4d4573c747e622ff1d70ea8428bf8f947045e5fc0e90faef6cbe8dda77ed66f8229f3521c2b2496571effa9ea07b

  • C:\Windows\System\IdaVRHy.exe

    Filesize

    5.9MB

    MD5

    9b8c81707ea3ccb89f8d42fd1d7afa03

    SHA1

    a24aa609d3f213c51f1112a57b0395f1ebdf52c8

    SHA256

    34c13dfc7513d1c76e9e2f01988d8f161a170b6195945d4d98e2db0df3e12724

    SHA512

    92974943b75abd9d7f6b8221cc948ac79a4b8eb08cb02ea6c1f4ff07ba84c1050d56aaa49c4b9755b0e0bfa8d8c083e78691271a6c39023b5945801f4e12d29f

  • C:\Windows\System\KFiCTuA.exe

    Filesize

    5.9MB

    MD5

    2c02a11e362a93d85194f64471ada9e9

    SHA1

    d3097e0500f78c247a29e55b77c8df1eb5edb051

    SHA256

    d0034cada7eef20aad6727562f874b219059a4e9f35c554db5f7c885ff43bbaa

    SHA512

    dac1ba9f7994fef1201c0eafcf5f978631ea9774b3c90966d94a8716eb978130fe3a4fa9b15e210789d073a5b960c5148fe504ea001d5c1937a518035d316566

  • C:\Windows\System\LiHeoEW.exe

    Filesize

    5.9MB

    MD5

    e3f7040f4243fa836ff954ba114c2150

    SHA1

    f6ff7f95a44bf302cfcd8b29498f5157788dd578

    SHA256

    5585ac182b1abe3a05a06a6bc2564f73a800e603c6316b9448b9b0f425ca3a87

    SHA512

    dba7717b8b2077e27bba46340f5524aba7ead2695c126c2651e539223bb992d79fb97d05114dc4b22796ae3c74129d3999b9c801e47d0303418d41d89e0aadeb

  • C:\Windows\System\OQSuPJX.exe

    Filesize

    5.9MB

    MD5

    0c8d984441355ab453f1e5e51d15bfe3

    SHA1

    1ac96bf6668165629dd75b17d1f33fec134f8582

    SHA256

    b45f6c45fe19109633618ffae447d42c1ab299c7c96bf9e2b75915b10f80fadb

    SHA512

    124e1bbe61c003b7431dc206ec4a70d20e0d82df00841f543afc7399244959f8ed5ad499dfd732449689b0af3de6fc474638c5499acede83fc1b87aa3beff33e

  • C:\Windows\System\PXGoOfj.exe

    Filesize

    5.9MB

    MD5

    a070fc74c043ad53a5638fe551338da9

    SHA1

    4ea24ea15f1033a7d2f55cad5ec58dfbd35ed256

    SHA256

    b13d5c1f238f97aa5d5c84c69e41166eb6cd0e62bcb8d82cc31eccb78b080b91

    SHA512

    97a377ed37ee903ac723852af4aef1f45b4cf4da608f47b3e8a63419d2f2c1147e7b32fa258bd66c577ed5d7324dc98431b3fdf1134be436ef751343ad9de72e

  • C:\Windows\System\PqDCFUJ.exe

    Filesize

    5.9MB

    MD5

    e8dbddb77b83a054d7df6ebad3e55d86

    SHA1

    c67580957544a29e37f69913a5796079a73b40df

    SHA256

    dabf797bb2348a3c0b99bbf81c0742aae1a513232c42c121506984f83aa89f6a

    SHA512

    926270c26949f9496e6cbc45723eeb18449c2c0c57e650dbe57632689c647b7ed8f651225bdfcda1526c43c228556cd21e6371f715b75fc452be7248bc342635

  • C:\Windows\System\YFoYiDs.exe

    Filesize

    5.9MB

    MD5

    00c3ea7739900681f71ac1fb37e02a28

    SHA1

    5753a5ad01fdc49855cf2978e5a3594ef7b86798

    SHA256

    61719cca946bb4c28f1388115c2685238dacc018a3fc0ed70c18ab66b9d72de2

    SHA512

    05d30f82a842fa2fd4877524ae925f38ac7ad7b29ddcc11af4f9e79203098585d83f484d2534c9f282f9865250d709798c17dacdf7cb308554c804bbb3a55c1c

  • C:\Windows\System\YOxurXq.exe

    Filesize

    5.9MB

    MD5

    4957a3bfdfd934d1afae4347656aec1e

    SHA1

    196c0af0f8543bbe481b1a8062720ea0e4ef50c7

    SHA256

    5b40c0c5763c719e623218b26399bcb034346d1a17a192de1730b760e6b2a603

    SHA512

    066472b8813585f9479e5f248a585cc0db1faf399af025573de18945a54ac49f04bda647a1b204970cd819fcc5ff3997f967701ba380f43991857479471a9ded

  • C:\Windows\System\bsZjPnl.exe

    Filesize

    5.9MB

    MD5

    bfc3f723b9870e1fa563ce911a9ad468

    SHA1

    c168bf7b3a00fe7e4e8c5f35fbd6572d6b307409

    SHA256

    136dc6ab26db40d1e4884d0ba063fc6def206b78cd92f140332e8b8646c9af6f

    SHA512

    f3c4a88630272e9e9d6bcbb697749add4a03731e6e3eb8cd446594bfa36ab1a4ff06dcefb766a55738e4ea140a754d73e41c86af7c9394b41f556bd17113191f

  • C:\Windows\System\dtyXrxg.exe

    Filesize

    5.9MB

    MD5

    e8f0792581326459550e0bc9348d574f

    SHA1

    d349a95a47b2659738e7bcfeb105786204c5f084

    SHA256

    a7461b2f2e872fca2725664eeac619c17e1d7c3d547f4d64796f198325206ce3

    SHA512

    3a32453783ffce83318fde92cf0ba36e4ed45fdce9a070e6d70820f3370f48c860f08fc69911b2d98d15fcaecad986219f9ba534a64b0063c86a83c82084081c

  • C:\Windows\System\fOXbtPw.exe

    Filesize

    5.9MB

    MD5

    c75377bcc894fc0a90f27a875a5406ab

    SHA1

    53501799980108c855cd280a7c1a7f7d144ad6e0

    SHA256

    67de7210d813c25ce847ef5c28fe1ae8ddf9e01793a3d6f17332f2068f05b2d1

    SHA512

    9cff48aab80a430932006be3b07240893157c45f7e4f45efd7c58b89093f3caf9d7ab822f3c5835be611dfa19ca17fcef939dcdf6c9e5b4c60e5b262e441eb41

  • C:\Windows\System\fgEwXzI.exe

    Filesize

    5.9MB

    MD5

    f993d7cfaf9ab7b663f1c45bcd38b0bb

    SHA1

    26e218db906638eb0ea47dc57ac5de35f349d512

    SHA256

    406139f5fb063688800ae12a3d593cad59f533256c14d509c9cdcc5e19156b5c

    SHA512

    dfffd8bd1218cc9e72d7757854b7efe9ae120178b2adc51df85d364471fa8d608e8df079aa02d2c963aee039dd4c984bc48be75bf117c6aef7ab80ddc1d97ba7

  • C:\Windows\System\lNqHhHi.exe

    Filesize

    5.9MB

    MD5

    ce1c899fe0a0efce6b3836e6b0006b6d

    SHA1

    b5a2f89e5f67149d7df57fa6232ff3c4d7437046

    SHA256

    aaff66a506fa33ec67663da3b07580fd91b0958eb15078e1dbbd5782deda6ef5

    SHA512

    0ce00ca1b0857637e0b9303531952666a298072052a54513272eec896b88f9f051b518cb882d8e6a70aca0dfaeb7f184a1f566038da357cb7af56a8bcfe7e68f

  • C:\Windows\System\mNxbnxT.exe

    Filesize

    5.9MB

    MD5

    b88928d32ae7f2fb2b0c540c8b18af4c

    SHA1

    16995ee861395c2be83d3fb0989c0c4dddb27782

    SHA256

    b2419343c35647a9c1af74eb0d8e6de713ba5c5fb160d10ec89355a70f3c5e19

    SHA512

    1385496a253f43c77942cfd571f8204ef0414f869c075fe34e4f260e7b89bcc757cf1315b59cd3dba196097f6869e1c327d492aeafe306402faa905c28625980

  • C:\Windows\System\rGezFBr.exe

    Filesize

    5.9MB

    MD5

    58bd93ecd841b35399318b857664bcd1

    SHA1

    e50fdd3baea92f09df50108e4499e186928ec190

    SHA256

    48752b617dd3516637c840c5a4f7418e5f34d0a448ca450eb23f99e6e0cf7e63

    SHA512

    498183eb975e9492511dcfa396eca1ca99a7162377c7c631dcd7d8ae789349ee1b9a3e524206b117f04f713b56c780303964ecf24631a0dcbc93a066b856b480

  • C:\Windows\System\rOFlbzg.exe

    Filesize

    5.9MB

    MD5

    b28c9d595e6cb962c5fe6f622d146d0a

    SHA1

    ed7fc4e28d6216ce459785aaea8f4bf85d829e67

    SHA256

    d24115f36bcacf470b0d32c3463efd9a1c02f2db055d690f5686ab5c09f0f0e6

    SHA512

    d460c6b0a0fc339f05299740b02a767a8b3ed2e0a9774a129fbd79d0e9994518f0b09c0da7cc04a505bb7ddba2c716b1a7448e16b77d0700d267945e71a83d87

  • memory/332-28-0x00007FF6FA310000-0x00007FF6FA664000-memory.dmp

    Filesize

    3.3MB

  • memory/332-131-0x00007FF6FA310000-0x00007FF6FA664000-memory.dmp

    Filesize

    3.3MB

  • memory/332-136-0x00007FF6FA310000-0x00007FF6FA664000-memory.dmp

    Filesize

    3.3MB

  • memory/372-118-0x00007FF642680000-0x00007FF6429D4000-memory.dmp

    Filesize

    3.3MB

  • memory/372-143-0x00007FF642680000-0x00007FF6429D4000-memory.dmp

    Filesize

    3.3MB

  • memory/1128-134-0x00007FF7EE2F0000-0x00007FF7EE644000-memory.dmp

    Filesize

    3.3MB

  • memory/1128-17-0x00007FF7EE2F0000-0x00007FF7EE644000-memory.dmp

    Filesize

    3.3MB

  • memory/1128-130-0x00007FF7EE2F0000-0x00007FF7EE644000-memory.dmp

    Filesize

    3.3MB

  • memory/1584-20-0x00007FF7C4C00000-0x00007FF7C4F54000-memory.dmp

    Filesize

    3.3MB

  • memory/1584-133-0x00007FF7C4C00000-0x00007FF7C4F54000-memory.dmp

    Filesize

    3.3MB

  • memory/1632-122-0x00007FF648DD0000-0x00007FF649124000-memory.dmp

    Filesize

    3.3MB

  • memory/1632-150-0x00007FF648DD0000-0x00007FF649124000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-145-0x00007FF7DB7E0000-0x00007FF7DBB34000-memory.dmp

    Filesize

    3.3MB

  • memory/1660-119-0x00007FF7DB7E0000-0x00007FF7DBB34000-memory.dmp

    Filesize

    3.3MB

  • memory/1720-147-0x00007FF70A150000-0x00007FF70A4A4000-memory.dmp

    Filesize

    3.3MB

  • memory/1720-125-0x00007FF70A150000-0x00007FF70A4A4000-memory.dmp

    Filesize

    3.3MB

  • memory/1968-127-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp

    Filesize

    3.3MB

  • memory/1968-138-0x00007FF7D3590000-0x00007FF7D38E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2660-142-0x00007FF6EA870000-0x00007FF6EABC4000-memory.dmp

    Filesize

    3.3MB

  • memory/2660-116-0x00007FF6EA870000-0x00007FF6EABC4000-memory.dmp

    Filesize

    3.3MB

  • memory/2768-128-0x00007FF6F0520000-0x00007FF6F0874000-memory.dmp

    Filesize

    3.3MB

  • memory/2768-1-0x00000195A30B0000-0x00000195A30C0000-memory.dmp

    Filesize

    64KB

  • memory/2768-0-0x00007FF6F0520000-0x00007FF6F0874000-memory.dmp

    Filesize

    3.3MB

  • memory/2852-117-0x00007FF78C030000-0x00007FF78C384000-memory.dmp

    Filesize

    3.3MB

  • memory/2852-141-0x00007FF78C030000-0x00007FF78C384000-memory.dmp

    Filesize

    3.3MB

  • memory/3056-33-0x00007FF727680000-0x00007FF7279D4000-memory.dmp

    Filesize

    3.3MB

  • memory/3056-135-0x00007FF727680000-0x00007FF7279D4000-memory.dmp

    Filesize

    3.3MB

  • memory/3196-126-0x00007FF62FA40000-0x00007FF62FD94000-memory.dmp

    Filesize

    3.3MB

  • memory/3196-146-0x00007FF62FA40000-0x00007FF62FD94000-memory.dmp

    Filesize

    3.3MB

  • memory/3504-140-0x00007FF77BDA0000-0x00007FF77C0F4000-memory.dmp

    Filesize

    3.3MB

  • memory/3504-114-0x00007FF77BDA0000-0x00007FF77C0F4000-memory.dmp

    Filesize

    3.3MB

  • memory/3892-139-0x00007FF6F46D0000-0x00007FF6F4A24000-memory.dmp

    Filesize

    3.3MB

  • memory/3892-113-0x00007FF6F46D0000-0x00007FF6F4A24000-memory.dmp

    Filesize

    3.3MB

  • memory/3948-123-0x00007FF725CF0000-0x00007FF726044000-memory.dmp

    Filesize

    3.3MB

  • memory/3948-149-0x00007FF725CF0000-0x00007FF726044000-memory.dmp

    Filesize

    3.3MB

  • memory/4284-121-0x00007FF6659C0000-0x00007FF665D14000-memory.dmp

    Filesize

    3.3MB

  • memory/4284-152-0x00007FF6659C0000-0x00007FF665D14000-memory.dmp

    Filesize

    3.3MB

  • memory/4428-129-0x00007FF6A3660000-0x00007FF6A39B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4428-132-0x00007FF6A3660000-0x00007FF6A39B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4428-6-0x00007FF6A3660000-0x00007FF6A39B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4540-144-0x00007FF6FD6C0000-0x00007FF6FDA14000-memory.dmp

    Filesize

    3.3MB

  • memory/4540-115-0x00007FF6FD6C0000-0x00007FF6FDA14000-memory.dmp

    Filesize

    3.3MB

  • memory/4736-120-0x00007FF6FB300000-0x00007FF6FB654000-memory.dmp

    Filesize

    3.3MB

  • memory/4736-151-0x00007FF6FB300000-0x00007FF6FB654000-memory.dmp

    Filesize

    3.3MB

  • memory/4784-124-0x00007FF6F8F50000-0x00007FF6F92A4000-memory.dmp

    Filesize

    3.3MB

  • memory/4784-148-0x00007FF6F8F50000-0x00007FF6F92A4000-memory.dmp

    Filesize

    3.3MB

  • memory/4864-137-0x00007FF620D40000-0x00007FF621094000-memory.dmp

    Filesize

    3.3MB

  • memory/4864-112-0x00007FF620D40000-0x00007FF621094000-memory.dmp

    Filesize

    3.3MB