Analysis

  • max time kernel
    134s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    06-06-2024 11:45

General

  • Target

    2024-06-06_28bedff95ea17494ccf9de6010f2c29b_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    28bedff95ea17494ccf9de6010f2c29b

  • SHA1

    196ab0452cc5f23af37f0301cf0802935bd5bfcf

  • SHA256

    2e17763c68edcfd13a5730fcee41ba586a5671dd08bede468d189062629beee4

  • SHA512

    ca75aa5da733ed22188e00a2b28fb5c9fb9ef9c5ed022bc3c6f392dcc8ecbd9c332e08d9cc8072c171747a952b7b515b02a9847b56c71eb177114b8a2cd375dc

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUx:Q+856utgpPF8u/7x

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 51 IoCs
  • XMRig Miner payload 53 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 51 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-06_28bedff95ea17494ccf9de6010f2c29b_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-06_28bedff95ea17494ccf9de6010f2c29b_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\System\XaVTnqL.exe
      C:\Windows\System\XaVTnqL.exe
      2⤵
      • Executes dropped EXE
      PID:1420
    • C:\Windows\System\qpWbFgt.exe
      C:\Windows\System\qpWbFgt.exe
      2⤵
      • Executes dropped EXE
      PID:1796
    • C:\Windows\System\BjamvPJ.exe
      C:\Windows\System\BjamvPJ.exe
      2⤵
      • Executes dropped EXE
      PID:2172
    • C:\Windows\System\oKmInuB.exe
      C:\Windows\System\oKmInuB.exe
      2⤵
      • Executes dropped EXE
      PID:2612
    • C:\Windows\System\bIlPaot.exe
      C:\Windows\System\bIlPaot.exe
      2⤵
      • Executes dropped EXE
      PID:2620
    • C:\Windows\System\jEQPmOV.exe
      C:\Windows\System\jEQPmOV.exe
      2⤵
      • Executes dropped EXE
      PID:2144
    • C:\Windows\System\WljpwRU.exe
      C:\Windows\System\WljpwRU.exe
      2⤵
      • Executes dropped EXE
      PID:2624
    • C:\Windows\System\SfTXoam.exe
      C:\Windows\System\SfTXoam.exe
      2⤵
      • Executes dropped EXE
      PID:2100
    • C:\Windows\System\iGsEjLJ.exe
      C:\Windows\System\iGsEjLJ.exe
      2⤵
      • Executes dropped EXE
      PID:2740
    • C:\Windows\System\qZQjxBh.exe
      C:\Windows\System\qZQjxBh.exe
      2⤵
      • Executes dropped EXE
      PID:2476
    • C:\Windows\System\wolnpFn.exe
      C:\Windows\System\wolnpFn.exe
      2⤵
      • Executes dropped EXE
      PID:2536
    • C:\Windows\System\AAQyVag.exe
      C:\Windows\System\AAQyVag.exe
      2⤵
      • Executes dropped EXE
      PID:2972
    • C:\Windows\System\HRmxnZu.exe
      C:\Windows\System\HRmxnZu.exe
      2⤵
      • Executes dropped EXE
      PID:1972
    • C:\Windows\System\wJZikzw.exe
      C:\Windows\System\wJZikzw.exe
      2⤵
      • Executes dropped EXE
      PID:2776
    • C:\Windows\System\llcFyAZ.exe
      C:\Windows\System\llcFyAZ.exe
      2⤵
      • Executes dropped EXE
      PID:2824
    • C:\Windows\System\llFiCqe.exe
      C:\Windows\System\llFiCqe.exe
      2⤵
      • Executes dropped EXE
      PID:2828
    • C:\Windows\System\joxWise.exe
      C:\Windows\System\joxWise.exe
      2⤵
      • Executes dropped EXE
      PID:1732
    • C:\Windows\System\sVtUyVk.exe
      C:\Windows\System\sVtUyVk.exe
      2⤵
      • Executes dropped EXE
      PID:1724
    • C:\Windows\System\KCShJrA.exe
      C:\Windows\System\KCShJrA.exe
      2⤵
      • Executes dropped EXE
      PID:2768
    • C:\Windows\System\jbScfee.exe
      C:\Windows\System\jbScfee.exe
      2⤵
      • Executes dropped EXE
      PID:2704
    • C:\Windows\System\fxGCKvq.exe
      C:\Windows\System\fxGCKvq.exe
      2⤵
      • Executes dropped EXE
      PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\AAQyVag.exe

    Filesize

    5.9MB

    MD5

    b3d1cb9b50d3cd62c8608adfe82d92b2

    SHA1

    4e96b5c6815b4522a8892741a185406d01557a45

    SHA256

    daf08477d4788182b321a8ba6d78b84c41de172011062f531e364f88d6958168

    SHA512

    601047cd24c184aa808ad0e2ffe6bda4d79ee45fb87cdef0723d19583f94cd709fadb73f3a636829392d39e1eaaf4dec4f9236e4a2226024a95b5d30cb605443

  • C:\Windows\system\BjamvPJ.exe

    Filesize

    5.9MB

    MD5

    980a052739cf54114cb56727c2533ff9

    SHA1

    d1371456e9aa1e2e0eeb9b34c6fc76314bb52275

    SHA256

    a74e6642dab7b24d88ae170333f6d3f6dac2328d4da8453349acd0eb68d14346

    SHA512

    cf2d5d29dcc4f75e4f2bf6a60818088eaedf9dc707e015d7d494c910d12eee149f0a92fdc4862648a13b418aaa891709850a59053bda88fcabb79158f38f380b

  • C:\Windows\system\HRmxnZu.exe

    Filesize

    5.9MB

    MD5

    dd756623a23c20d31744cb147866875a

    SHA1

    3fa09fe5563007fef6573c165b2549eb9dd97e95

    SHA256

    fcff0c178d4f225022c893a50588765e9053174bc3698f0462cfbb1a17e6375b

    SHA512

    4f0ccd023a27be5f7c006b0a93732efb822015f673a6aa232d5473dc5cd13d36f86f499db8dac6f38d975c2dd3c22c7da0ebb5a4f57a0f69b92071122565dd83

  • C:\Windows\system\KCShJrA.exe

    Filesize

    5.9MB

    MD5

    cca4a693780cd4e823275e901414333e

    SHA1

    50d391ce8159efb42f67d8d8fc2c56c9cc783c1d

    SHA256

    0829f55e1f443f8591f0877eecf6bde50cabbefa7c983e564ce2f0da0959645c

    SHA512

    bad0607d43777bdd52c774d51c94d32517e1a3975eea141e08dd60edbd2a65a50451825708b5252977108629ab2ee52f1f320c6e85b404548081465ed4e4d55f

  • C:\Windows\system\XaVTnqL.exe

    Filesize

    5.9MB

    MD5

    a67ec3ca969833560c3e23ece866cdd1

    SHA1

    0606974d4c818917dec70c46de9189b24e03f384

    SHA256

    5e126ad4cc3b5f5e974f2895ad4ef77953d4344018e8d0aa4b7d3e3c9b2680b4

    SHA512

    74d9d4a0d0a86d51e3324f587d6451e9a9ac4dd5757c4431c0a1828613d9287819f76eacb9d2a0419cafd0d74946472ac7972fb67a36eda1dbe37dc2b7c82fbf

  • C:\Windows\system\bIlPaot.exe

    Filesize

    5.9MB

    MD5

    77d0c9c7515457defe28c9e206d691bc

    SHA1

    02b9eba57792ece09913fb8191ab87fbda599a55

    SHA256

    25865c52e8b6cad48d63629317754642d2022d65e03dd23929974e1bf530465f

    SHA512

    20d319968f1baea2aeae0ff33a54bc1f595f8d469ba011759c1047aeb3c88fc872e5ac5bb5f11de2a7547a0cdbf7ab5ef77fedd81e49d9008da196145a0b2e84

  • C:\Windows\system\iGsEjLJ.exe

    Filesize

    5.9MB

    MD5

    19d8e3410deda33b8ad003946ab1887b

    SHA1

    fc95394da9537faf5dc24769842cbc09abb0ebf4

    SHA256

    422a072c26dcd3d527fc98a56b1c51af9b53099386f8e1ccc8bc14d464627991

    SHA512

    954f7d6f92a028b108ba79b18607e94ed00ef7d81e0242b4df76a3ea7607e81d176d88733d7bd8f0f9824e9e27c300dd5778837a00f257faf74cc57bbd447c4c

  • C:\Windows\system\jEQPmOV.exe

    Filesize

    5.9MB

    MD5

    200c08a5064962ffa45a78119c46f112

    SHA1

    7e3fb26fcf0319fcb2699ebf86c34d85632ac0be

    SHA256

    407af22b2d0972f6b986f29ba47bde6cc3774c6dd28fb6db7818fbc5fa002640

    SHA512

    7349e13860b0dbcef126b0fcc2a0ffbb4cdf042cbbd9dd75d62c45126f758afee8fe6cc3882e610234ad406ac840928fdb0105776c2a8563f0d0e4157cfb810c

  • C:\Windows\system\jbScfee.exe

    Filesize

    5.9MB

    MD5

    6ca846b6d1cb732dcaa15026f4064380

    SHA1

    99eed9a74718a3854137f6bc9ecd85e365049015

    SHA256

    2485c1d575dae3cbe6624a35dcaffe7e7b261f1eded10b80a16e53ce588f80d2

    SHA512

    3adabda8d174ad5dbf8f3cf6c2858db7b58448e98f9f260d4838b3cd0dde4628ffe20bfd26972f342e89706d0d0d1e7ab837c3c0997f85937890507761b36ceb

  • C:\Windows\system\joxWise.exe

    Filesize

    5.9MB

    MD5

    db8bd90cb7a4cf076cb8c9161a74e7e4

    SHA1

    e04c27048f724c7c8a518f488f153f389b078550

    SHA256

    459548cd24b864d313bbb7e4d9a956fd76cc31606caa6435e86293eb66e362cd

    SHA512

    a8c0e4c1cb1c4055bde1e0c32aeab0ffff13b7a2af23dfc956f3a01731e330ffaadc2a98e7bc6701040e329c41b38f1f48cc356b66efcf7e0f05153303d49784

  • C:\Windows\system\llFiCqe.exe

    Filesize

    5.9MB

    MD5

    0b5e7d14f8499b2f1e3486fac46d9597

    SHA1

    1986145f49fd4e8afc13fba8cd4b7788c372cd47

    SHA256

    0a93792baf16a468b1ea1fb712e5d62d1233b8f0992f2d5844bd9d3e2d728410

    SHA512

    6033b920fa288fb916537b1b6c9a51a095d7cbe478ddd770391909bee1b36e0199b7f80fdee80256012bdea67e8b56e608fbef23df084d3409fa1daa04acc0e5

  • C:\Windows\system\llcFyAZ.exe

    Filesize

    5.9MB

    MD5

    cd26d3504de7396293770ebda496a941

    SHA1

    85f76ad72f7c4c19bef2a8c3cdbf708f8ff15585

    SHA256

    7a04de817a7f7d4b92e06836ff74dc3a9d35a9be907da82427b3d8b52879446a

    SHA512

    8e25765395bffba48de66afdae459a7e1e1c0a4c7f0e0e65d42c4cbe956a344b4e6892355f296bbf2937753f2f0573990a7727ba6dff7f1c1638ba5ab9200270

  • C:\Windows\system\sVtUyVk.exe

    Filesize

    5.9MB

    MD5

    6485ae779ef0334a61f8c291d87e81bf

    SHA1

    ba512cb10d50d2c26e09c1a57d3ef4f829e12676

    SHA256

    7869813586f96aa0ecf30ef630cf08699a2d0d54110a36a3a664fa6ec5398db0

    SHA512

    43e808c3c2d2d7366a1c815fc75ea013c471ce13a4f9528864cf398bfa35823bf0375ace8f331de1c101aadb465f70982b3996262568032f3cc3268833875720

  • C:\Windows\system\wJZikzw.exe

    Filesize

    5.9MB

    MD5

    4945b330e81ae99b6a4107ab9b876209

    SHA1

    f86ab23944574d8ee779a797d2d74d9c3968cf1b

    SHA256

    f4d6746b003db90813ceef39c27a3add6f462f8d9610969294471e84441ef959

    SHA512

    3bd229a7023055b068d065eeaf44b957f2291780fd75754c7ccd5f813523b9d3374e6652f3c07a294a5c9275156caec54b5e999baecde3c6cc7241fb3be1e768

  • C:\Windows\system\wolnpFn.exe

    Filesize

    5.9MB

    MD5

    94a5fce090c05a84f54c72d7603f54b1

    SHA1

    1e5b65c753394aae48b96cdf024f980fc4e5b115

    SHA256

    d9801b7c6635c5357e7686e905c49bbdffe1eaeeaf8048cab544f1d5b69839a3

    SHA512

    ca4ce80786e2af6f55f089bec2902d0bfd8528e423b63cb1ad4ce1fb0daedee4f888dfc9225efd1cdc6a44067a5dd68a74e40930de88baa1662f6cd6b2afc860

  • \Windows\system\SfTXoam.exe

    Filesize

    5.9MB

    MD5

    cf8eefee768288e99107c499c09410fd

    SHA1

    0104e07a5f8f4cfa4324694b8a3f50b6c3fe5dc1

    SHA256

    cb3499588d089ffd1af911b9e0d95675bffbe8f88fbdbf2814a7adcedb031027

    SHA512

    fa5bc51344d67b9fefdde0fcb2a0e7dfef7049d2a86d3a89e4b89f9dbd4a69fecd92651b5f2efb251692651227d597f4b6778e962bbfc4c1ace5ea68504c0f98

  • \Windows\system\WljpwRU.exe

    Filesize

    5.9MB

    MD5

    9ee3e5f5c90eef8eff424ab6df5e4439

    SHA1

    3ea163786336c6afed5cf5c6552166fb59ceb0dd

    SHA256

    b460f0266f43a71aab5fe8c78318c1bb387b2553fdea58a380f20a24ec142c58

    SHA512

    5b93c542558d76be7c550ddb5e40a780294d444cd6e13bead49f6ced4184ab7b2b838f9eb52ad5f03aee1de93888f5dc81ab04968a231d65537c67e773b14ec5

  • \Windows\system\fxGCKvq.exe

    Filesize

    5.9MB

    MD5

    a103e025133b0df09b10a6ca70d6aa0b

    SHA1

    c748e2a26feb65b711fa9e9de551982940d71112

    SHA256

    b8998dfb4095ac479b709bbfad8b3fc605b7996ae7f97faaefab0eb118aa5dd5

    SHA512

    29f0eff5042b30e48b2094a5b57a184e25659a047abc624953f613e9788532b5fa5abc132a6cb9a82fce644c020eb4ec484c5d18431ba3d4c023bdef7a6751f0

  • \Windows\system\oKmInuB.exe

    Filesize

    5.9MB

    MD5

    ec841b94e9b0ccf9422a50c6cc63ccc4

    SHA1

    f8beaece84974eea01467b39a7fcd0e537b0b103

    SHA256

    be26140f4f4bf9b230542f455a44f0483084fd2842273932df977d9e8cb802a6

    SHA512

    f7a27ea4daaddabf5cb53e4afa4c8576d3cdeabc9f0c18ef9789e649cbaa3c696419658d6c56f0c32b178b30e0375a930e280f6422a390349ab70c5f07286adb

  • \Windows\system\qZQjxBh.exe

    Filesize

    5.9MB

    MD5

    512892e19d9a399dd2d230f08e5f5988

    SHA1

    100cf3903b1e8eb15521ef7edc65437bac4ce2ab

    SHA256

    1dd2234ee16541f417124a340799aba4bd101c89f608e6a476790bf77b61e631

    SHA512

    190a2034f3647691c4d28edb5ddf87ab932c4437fa9c61e2386163f56d0408833a3f995fdfef96b62e5fe2670827fd1953b2474ee2ee8ec227b2cd15b55bf807

  • \Windows\system\qpWbFgt.exe

    Filesize

    5.9MB

    MD5

    1f4055ba2f49e9f61c584540738933d6

    SHA1

    e830b0ca35a63026536d782350bdf0326993d72f

    SHA256

    f5b179c0bedd1ac9d85bd45a3842f044426e835dfb330ab8ae5e6c0b63dd6337

    SHA512

    9fedf377e45f04282160713e779854f582d839a2c1f117bcb182d6082c5d360ba3604256d6e3de83a175b1334fb9ecf4cc7f7956d29ffe1ec543532de1f25174

  • memory/1420-137-0x000000013FF30000-0x0000000140284000-memory.dmp

    Filesize

    3.3MB

  • memory/1420-16-0x000000013FF30000-0x0000000140284000-memory.dmp

    Filesize

    3.3MB

  • memory/1796-140-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

    Filesize

    3.3MB

  • memory/1796-20-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

    Filesize

    3.3MB

  • memory/1796-132-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

    Filesize

    3.3MB

  • memory/2100-82-0x000000013F9B0000-0x000000013FD04000-memory.dmp

    Filesize

    3.3MB

  • memory/2100-146-0x000000013F9B0000-0x000000013FD04000-memory.dmp

    Filesize

    3.3MB

  • memory/2144-49-0x000000013F090000-0x000000013F3E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2144-142-0x000000013F090000-0x000000013F3E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2172-32-0x000000013FEE0000-0x0000000140234000-memory.dmp

    Filesize

    3.3MB

  • memory/2172-138-0x000000013FEE0000-0x0000000140234000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-75-0x000000013FA10000-0x000000013FD64000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-133-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-1-0x000000013FDB0000-0x0000000140104000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-8-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-27-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-39-0x000000013F090000-0x000000013F3E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-102-0x000000013F430000-0x000000013F784000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-104-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-136-0x000000013F430000-0x000000013F784000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-105-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-103-0x000000013F0B0000-0x000000013F404000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-66-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-134-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-0-0x0000000000300000-0x0000000000310000-memory.dmp

    Filesize

    64KB

  • memory/2388-22-0x00000000021C0000-0x0000000002514000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-131-0x000000013FDB0000-0x0000000140104000-memory.dmp

    Filesize

    3.3MB

  • memory/2388-36-0x000000013F340000-0x000000013F694000-memory.dmp

    Filesize

    3.3MB

  • memory/2476-147-0x000000013FA10000-0x000000013FD64000-memory.dmp

    Filesize

    3.3MB

  • memory/2476-135-0x000000013FA10000-0x000000013FD64000-memory.dmp

    Filesize

    3.3MB

  • memory/2476-71-0x000000013FA10000-0x000000013FD64000-memory.dmp

    Filesize

    3.3MB

  • memory/2536-91-0x000000013FAD0000-0x000000013FE24000-memory.dmp

    Filesize

    3.3MB

  • memory/2536-145-0x000000013FAD0000-0x000000013FE24000-memory.dmp

    Filesize

    3.3MB

  • memory/2612-29-0x000000013F670000-0x000000013F9C4000-memory.dmp

    Filesize

    3.3MB

  • memory/2612-139-0x000000013F670000-0x000000013F9C4000-memory.dmp

    Filesize

    3.3MB

  • memory/2620-141-0x000000013F340000-0x000000013F694000-memory.dmp

    Filesize

    3.3MB

  • memory/2620-53-0x000000013F340000-0x000000013F694000-memory.dmp

    Filesize

    3.3MB

  • memory/2624-143-0x000000013FB10000-0x000000013FE64000-memory.dmp

    Filesize

    3.3MB

  • memory/2624-62-0x000000013FB10000-0x000000013FE64000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-144-0x000000013FFF0000-0x0000000140344000-memory.dmp

    Filesize

    3.3MB

  • memory/2740-72-0x000000013FFF0000-0x0000000140344000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-106-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-149-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

    Filesize

    3.3MB

  • memory/2972-95-0x000000013F430000-0x000000013F784000-memory.dmp

    Filesize

    3.3MB

  • memory/2972-148-0x000000013F430000-0x000000013F784000-memory.dmp

    Filesize

    3.3MB