Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 12:24

General

  • Target

    2024-06-06_053b48eff2137a640705cbc2da392b97_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    053b48eff2137a640705cbc2da392b97

  • SHA1

    0d30c0e472e2c7dc917dc2f3242c800696acbdd8

  • SHA256

    bb9c7de1b0445bf7a0b43451ab0d427e69d9a253d4182484313b3ec510c71e64

  • SHA512

    a45a004010e53fad938a2c573768147b38c061aa656742dd60cea6c63bb6af2b8501dca21ddd847359c87bc1283ff301b603adcdc9d41f56c1b59fecccf24263

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUv:Q+856utgpPF8u/7v

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-06_053b48eff2137a640705cbc2da392b97_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-06_053b48eff2137a640705cbc2da392b97_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Windows\System\LiJaYUP.exe
      C:\Windows\System\LiJaYUP.exe
      2⤵
      • Executes dropped EXE
      PID:1872
    • C:\Windows\System\gYhrQmq.exe
      C:\Windows\System\gYhrQmq.exe
      2⤵
      • Executes dropped EXE
      PID:3348
    • C:\Windows\System\CfkDCSl.exe
      C:\Windows\System\CfkDCSl.exe
      2⤵
      • Executes dropped EXE
      PID:2728
    • C:\Windows\System\zWaviHE.exe
      C:\Windows\System\zWaviHE.exe
      2⤵
      • Executes dropped EXE
      PID:1544
    • C:\Windows\System\wsHgFaf.exe
      C:\Windows\System\wsHgFaf.exe
      2⤵
      • Executes dropped EXE
      PID:3412
    • C:\Windows\System\dMwAEXR.exe
      C:\Windows\System\dMwAEXR.exe
      2⤵
      • Executes dropped EXE
      PID:800
    • C:\Windows\System\iDpPzkH.exe
      C:\Windows\System\iDpPzkH.exe
      2⤵
      • Executes dropped EXE
      PID:3628
    • C:\Windows\System\Kdxygrt.exe
      C:\Windows\System\Kdxygrt.exe
      2⤵
      • Executes dropped EXE
      PID:4124
    • C:\Windows\System\GuMsgei.exe
      C:\Windows\System\GuMsgei.exe
      2⤵
      • Executes dropped EXE
      PID:2604
    • C:\Windows\System\sazpSih.exe
      C:\Windows\System\sazpSih.exe
      2⤵
      • Executes dropped EXE
      PID:4348
    • C:\Windows\System\bcUVhLC.exe
      C:\Windows\System\bcUVhLC.exe
      2⤵
      • Executes dropped EXE
      PID:4488
    • C:\Windows\System\JLigfNb.exe
      C:\Windows\System\JLigfNb.exe
      2⤵
      • Executes dropped EXE
      PID:4948
    • C:\Windows\System\xagCPGf.exe
      C:\Windows\System\xagCPGf.exe
      2⤵
      • Executes dropped EXE
      PID:5076
    • C:\Windows\System\soawhvZ.exe
      C:\Windows\System\soawhvZ.exe
      2⤵
      • Executes dropped EXE
      PID:4520
    • C:\Windows\System\ZAxAgac.exe
      C:\Windows\System\ZAxAgac.exe
      2⤵
      • Executes dropped EXE
      PID:3164
    • C:\Windows\System\NzaIuUy.exe
      C:\Windows\System\NzaIuUy.exe
      2⤵
      • Executes dropped EXE
      PID:4884
    • C:\Windows\System\dqmsEun.exe
      C:\Windows\System\dqmsEun.exe
      2⤵
      • Executes dropped EXE
      PID:3532
    • C:\Windows\System\sLjlkTC.exe
      C:\Windows\System\sLjlkTC.exe
      2⤵
      • Executes dropped EXE
      PID:4860
    • C:\Windows\System\pENoboS.exe
      C:\Windows\System\pENoboS.exe
      2⤵
      • Executes dropped EXE
      PID:2660
    • C:\Windows\System\bdjBoRP.exe
      C:\Windows\System\bdjBoRP.exe
      2⤵
      • Executes dropped EXE
      PID:5000
    • C:\Windows\System\xEltcIq.exe
      C:\Windows\System\xEltcIq.exe
      2⤵
      • Executes dropped EXE
      PID:5616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\CfkDCSl.exe

    Filesize

    5.9MB

    MD5

    922f23a8056c93378053baeed6f72029

    SHA1

    934e9d344970f163b17c2db6abc3e3d4d2207477

    SHA256

    99ee2a62716bccde5eb8803c9a26239837b0bb01fa12baeaf7c3fa994ab80f18

    SHA512

    533dcf722cc747af25b3361a8d63cb39242a5053198867d56d9f31a2a2b8366bd1bc76f6dfc8fb81ed7f7a5a25011b307565af4de016f4b0f453c3dc519fd94a

  • C:\Windows\System\GuMsgei.exe

    Filesize

    5.9MB

    MD5

    a9919128e1e5ceb04b078efb19cb6261

    SHA1

    8a119e29a8311298eb21ee5d277438861f4efa6e

    SHA256

    509e027a41b3ae2cbb9ba8b9c1a9125312b87721e1c11b72aaf7d6820c26ea75

    SHA512

    15c45c30943b83c5201982da35118cf7d5773f03c7a3dbf98edd3f58023b9cf9053349ded6a2259dc75be6553e55b28f0e5caab4171d1285971c2723dbeda446

  • C:\Windows\System\JLigfNb.exe

    Filesize

    5.9MB

    MD5

    d288620f7ede0474cf8ee7732006e6bd

    SHA1

    014031e2335e672116623060671fa775a9f75e75

    SHA256

    a781cd0857228094728f812c3e3886680265bd3a1a123c1e617242be9cb57137

    SHA512

    8c1291d33e32061fef89a8238feb7d1b14223676efde95c2146ee39343755d8afc1102a48ba4f660264d821fdda866c6af40391901ec865e41c40da5a6c0a35e

  • C:\Windows\System\Kdxygrt.exe

    Filesize

    5.9MB

    MD5

    ab8bb56d005bd6c9d9b3d157e95594ef

    SHA1

    fd8e747a3e65e0864c7056ce1c7ba06005a64740

    SHA256

    5f3fa227beb219438fb7f97c62d26dd147d6292b0b5ac82d489e69bd74f1c286

    SHA512

    a42fe7c2e832df5c06eb039e37dda6e1df91a1064eb064662ed2f7f3e592e184c666a952c3010f77fef8b2691af2980138577327e3f2ea4a11eb534a76d17388

  • C:\Windows\System\LiJaYUP.exe

    Filesize

    5.9MB

    MD5

    03e9eeb2db7e92a93b18655735c824d2

    SHA1

    c250248a83b1a0527a3fc435e32a9b543b20377a

    SHA256

    daf0ffd8a452d3d7eabfe3e2fb810766b520214b47411a9268bb5d08a0f676a6

    SHA512

    b101ef39921131e8bbb89a6a00aa38fa421fceb3306af21a900e431b1f234a7dea43ac616425145c23e5264570539b8a5f7781f8048db38c0645331a27fbfa16

  • C:\Windows\System\NzaIuUy.exe

    Filesize

    5.9MB

    MD5

    95993f3c4a0fcd7490ecaaaf8fb23bee

    SHA1

    4188d6d70e53a31de26873de5217d0df2e2237d9

    SHA256

    28cce7cf3aa6df52cabf097915518809d98bcf2b4b988b2700fc57552c711f77

    SHA512

    152e388e4cda717783c1ced25b3712f804496e8950b515786960505269d2717d2cb6b0a654429650ee1cedb6c678f9dc7756db93a35e0e109b6a53bc1b964e09

  • C:\Windows\System\ZAxAgac.exe

    Filesize

    5.9MB

    MD5

    c8c536aca406b66b1a491ae037ba0388

    SHA1

    55f964b6b9a95a238997773ad3b0f46eeb7f7ee3

    SHA256

    4a7bb2502660752ae342331aefe2051a0bf14603371da4ff5ce97570d168fbff

    SHA512

    59475e76eb17c223d57c40af871ced330b0da6a5b1f0dc52438cbf745c379123c8bfb6d0ca8cfc7bf102ed193f3f3c8f74bd8c01ea35e69013aeee1869000314

  • C:\Windows\System\bcUVhLC.exe

    Filesize

    5.9MB

    MD5

    38fbdeda41bc6e8f148bb47353f97140

    SHA1

    498d4ee383a0b548a6e18bc04f2cf6ee369e3794

    SHA256

    ff0fa1eb047e7e3df3d7cb7babec33b24d6d2c7449da1d30c81c327c015d84e1

    SHA512

    3db6e033eb0c45cdb7db4556a2bf894c2a383487b33b3ca81c1ca0c7cead84e7febfdeff98bc8337cccd3d512b6c46de88e18f8c58f007b27f3e7f7e8f8f8375

  • C:\Windows\System\bdjBoRP.exe

    Filesize

    5.9MB

    MD5

    f9456adafd8d3b5f0dd53c2fcbeea13d

    SHA1

    22c875e40b2fd39bc5d67d36730982e3301a83d3

    SHA256

    486d8b4373c021f9ca23e5248fdea6d02e08fbe90c68163df266ab26c2e4d0ed

    SHA512

    a8c544f6c89ce4a5d2481bd1eb3e46d0fb09850d8568ca776c34b535f4df15d2e0f6c5ab263bbefe38cb8e27373bac31b7e0e438347b6588bc81e44de5e52495

  • C:\Windows\System\dMwAEXR.exe

    Filesize

    5.9MB

    MD5

    1c041147627f82ea041d11ee4e5e0090

    SHA1

    9f6600178e939ba170837406cecefd81adbc1fe7

    SHA256

    5fe22829b792e3a09ddffe262fd3ddc3cb52c7627e8f81f1443bf722edad77bf

    SHA512

    29222fe65f85fd18a608b7332b8308e173b2405be0439c5fd47c2b3c220a643167c34919528aac2e44a0b3b68552eee3341bd6d331c570e4f496cd1d27506309

  • C:\Windows\System\dqmsEun.exe

    Filesize

    5.9MB

    MD5

    98ecb921b856bffbc609e0f2fa960533

    SHA1

    5a1f19ccc17f7177d48328a83177b098cd71cad9

    SHA256

    466ed0e356dbb206755c181a9dc872e1e350343c2762e37b2197ada86f677579

    SHA512

    2395b26bee5b9b5c0c007102df020af7c1fb57a4109ea295dc006040cecc4c19266a4c4c7af464d945853818e64588cb4ba44922ad5f04b93b37392120797b8a

  • C:\Windows\System\gYhrQmq.exe

    Filesize

    5.9MB

    MD5

    c4fcd3b44c54e17a81fd01047e4407ff

    SHA1

    c85b74c81821d5054dabad4ebefd0409f7b814d5

    SHA256

    01e0fa868a9db42aff71fd12cb58a3f0751b54ffa6712a96c24c3dc2aee32aa0

    SHA512

    d22f2d118c03ff5d54863b764e5ae7ad429cda40579992ff7f9be02ffb7e1ee54bf0db56713072f4db1ca6b78ce4d1342498821fa5b95b0aff9b910705477c14

  • C:\Windows\System\iDpPzkH.exe

    Filesize

    5.9MB

    MD5

    4d4486ec79b44f2555acafdfd40589ab

    SHA1

    352000db992706314affdbaf4deff311c60e007f

    SHA256

    fdd5530c97bc8bd6c0181cce2cd6a1b3bb41f02e2dfed82b951b19bdd82ddf5a

    SHA512

    8da6f3b59ff7d4827ef33ae98be1aa4f1aa3e113a0e54af60a9c3ebf983206edcc734ebe228bb08e6f24057cb5530a81800b74be12ac74d4147436670c956bff

  • C:\Windows\System\pENoboS.exe

    Filesize

    5.9MB

    MD5

    c8ba638f4d77a3218eaa06148c5a2d9e

    SHA1

    ac600f58459598992ac353cbe90a4a8200889816

    SHA256

    3337a4ea35dd10d421ff977d2b2b312c16743598e76a18816c01d980855d9795

    SHA512

    6363404899292c206cf42148033997fdeee74d065f436615109a5f9c4a8cf0b31744e3bd3f74b446af964d5ef11619a236e27d2f6e3a4bf1bbcf811f8f9a0e49

  • C:\Windows\System\sLjlkTC.exe

    Filesize

    5.9MB

    MD5

    5f106b104bc3ed0a131f5a45898c8fda

    SHA1

    d98f541b80a9533621c6ff505fb23e9957181c1e

    SHA256

    6d6c98fcfbe7319d681fe1790ba0ebb5bfe9df1b05b8daf5e09bc00cdd7b1150

    SHA512

    90a2d6c510ad76637c01cfe9fed2f766ee2bd98e72c7e50d97c7fcb0f5e31e5ac31c78162a7a7a21c3382af193755e64aaa9ab633d7aa597cf81ec7c0652f42a

  • C:\Windows\System\sazpSih.exe

    Filesize

    5.9MB

    MD5

    47fdc553f160ad2c7368e630f224e22d

    SHA1

    b3e6d156322a1b549a57a37dd0f374974bd4fa17

    SHA256

    24cb971c788d83997a96520c2f10886c62db39c2431747593e79a25b7cf89c43

    SHA512

    b246ec79c091f8ec1867880dfd8731414639ae63014079f0462b3b2957eac230ec4c8e34cc9b40a70e60d4d635a7e661ccb1b87c623bbb4bfdf4ede5c24a9d2b

  • C:\Windows\System\soawhvZ.exe

    Filesize

    5.9MB

    MD5

    a28cc8b397b2f463aba37ef8dcc88b68

    SHA1

    ba53f64b21df672b00f0b3287b69527cfc6a33bb

    SHA256

    8e6dea650c8e380ceb33bb3a4e564f0db1cabee1bd4aae582a1700592832315e

    SHA512

    21c132ba44632dd09f35003611a6b3d889e6436792291cc50ef2cd551d7c1b9cf501b0c3d4443ae150703c2d6b680665a4db805e642786a95ffa493f28b4d884

  • C:\Windows\System\wsHgFaf.exe

    Filesize

    5.9MB

    MD5

    ac7be8545839c5638458b6a021cb057a

    SHA1

    185d93e386b78b7cdae3f3aaa0c7d4661164df0f

    SHA256

    bde422488e2a4d1e1df65e01ba9d82b3eb9e2a0508a2d04d65415295fcff273c

    SHA512

    86f8bb2ae9ca3fa7b316d3ab34e853c9b4afedf9cc0a25f4efee825bac14747e01c96686435b817011db6e33604d93b5b3de29559d3b47529397dbfbaac03596

  • C:\Windows\System\xEltcIq.exe

    Filesize

    5.9MB

    MD5

    5695d0b9e72163defa7b6454ffd1e954

    SHA1

    5432d5de989d117571c4f69952f4874883af1de5

    SHA256

    4fc6a15818cec6e9d5342fc38bd8bac291af16136851760b8d4bab1e2c78a49c

    SHA512

    470ca09f7a44d815f991bf43dac9138b4fa26f3b99e8fe4961f99575a568519d2a957d33bcd30c44deaf4fc12fc9b2df0d81944d0f456e50b3ba2a066291a0e6

  • C:\Windows\System\xagCPGf.exe

    Filesize

    5.9MB

    MD5

    098cf18f10fa99d0cdb927c192c7c7a7

    SHA1

    231a5379468ce2af09891ef94868029f3e19d270

    SHA256

    0afb13fabf495808c9cd6d06c549f965763496c0c8a447ec308b0b723e78bb2c

    SHA512

    b2a6adbd2d18ffee249b06cc098f5c1506ff3e83ad1b0cbfc5f0621d2fb65367eb72e35f82822c72a4af140c53b01ed8ee81446fe7f3f75143be2026c9f281bb

  • C:\Windows\System\zWaviHE.exe

    Filesize

    5.9MB

    MD5

    6693ab9c267e8897ec806852e7c6ab9f

    SHA1

    9869969d594dcf150bdc30d094f7c70fd9813e99

    SHA256

    25f407209af9c2b4d76fc1faedb22523080df8ca939f17577ddfb742df04d14a

    SHA512

    2f9359a395da0a7006acdda5132770be837323464b04c6f39fcc77a745f822f227a84bd0f28537b2d405d6335e32a10415dd8e73dded732893d52953ef26cc34

  • memory/800-41-0x00007FF767C20000-0x00007FF767F74000-memory.dmp

    Filesize

    3.3MB

  • memory/800-128-0x00007FF767C20000-0x00007FF767F74000-memory.dmp

    Filesize

    3.3MB

  • memory/800-147-0x00007FF767C20000-0x00007FF767F74000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-102-0x00007FF747A00000-0x00007FF747D54000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-145-0x00007FF747A00000-0x00007FF747D54000-memory.dmp

    Filesize

    3.3MB

  • memory/1544-29-0x00007FF747A00000-0x00007FF747D54000-memory.dmp

    Filesize

    3.3MB

  • memory/1872-80-0x00007FF7F5AD0000-0x00007FF7F5E24000-memory.dmp

    Filesize

    3.3MB

  • memory/1872-10-0x00007FF7F5AD0000-0x00007FF7F5E24000-memory.dmp

    Filesize

    3.3MB

  • memory/1872-142-0x00007FF7F5AD0000-0x00007FF7F5E24000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-60-0x00007FF715340000-0x00007FF715694000-memory.dmp

    Filesize

    3.3MB

  • memory/2604-149-0x00007FF715340000-0x00007FF715694000-memory.dmp

    Filesize

    3.3MB

  • memory/2660-130-0x00007FF771740000-0x00007FF771A94000-memory.dmp

    Filesize

    3.3MB

  • memory/2660-159-0x00007FF771740000-0x00007FF771A94000-memory.dmp

    Filesize

    3.3MB

  • memory/2728-144-0x00007FF60E790000-0x00007FF60EAE4000-memory.dmp

    Filesize

    3.3MB

  • memory/2728-23-0x00007FF60E790000-0x00007FF60EAE4000-memory.dmp

    Filesize

    3.3MB

  • memory/2728-95-0x00007FF60E790000-0x00007FF60EAE4000-memory.dmp

    Filesize

    3.3MB

  • memory/3164-156-0x00007FF6EB4F0000-0x00007FF6EB844000-memory.dmp

    Filesize

    3.3MB

  • memory/3164-96-0x00007FF6EB4F0000-0x00007FF6EB844000-memory.dmp

    Filesize

    3.3MB

  • memory/3348-17-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

    Filesize

    3.3MB

  • memory/3348-87-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

    Filesize

    3.3MB

  • memory/3348-143-0x00007FF6ED9E0000-0x00007FF6EDD34000-memory.dmp

    Filesize

    3.3MB

  • memory/3412-111-0x00007FF685B00000-0x00007FF685E54000-memory.dmp

    Filesize

    3.3MB

  • memory/3412-146-0x00007FF685B00000-0x00007FF685E54000-memory.dmp

    Filesize

    3.3MB

  • memory/3412-36-0x00007FF685B00000-0x00007FF685E54000-memory.dmp

    Filesize

    3.3MB

  • memory/3532-112-0x00007FF7AA7F0000-0x00007FF7AAB44000-memory.dmp

    Filesize

    3.3MB

  • memory/3532-158-0x00007FF7AA7F0000-0x00007FF7AAB44000-memory.dmp

    Filesize

    3.3MB

  • memory/3628-48-0x00007FF6F3D20000-0x00007FF6F4074000-memory.dmp

    Filesize

    3.3MB

  • memory/3628-129-0x00007FF6F3D20000-0x00007FF6F4074000-memory.dmp

    Filesize

    3.3MB

  • memory/3628-148-0x00007FF6F3D20000-0x00007FF6F4074000-memory.dmp

    Filesize

    3.3MB

  • memory/4124-151-0x00007FF7BD9C0000-0x00007FF7BDD14000-memory.dmp

    Filesize

    3.3MB

  • memory/4124-68-0x00007FF7BD9C0000-0x00007FF7BDD14000-memory.dmp

    Filesize

    3.3MB

  • memory/4348-136-0x00007FF773E20000-0x00007FF774174000-memory.dmp

    Filesize

    3.3MB

  • memory/4348-153-0x00007FF773E20000-0x00007FF774174000-memory.dmp

    Filesize

    3.3MB

  • memory/4348-63-0x00007FF773E20000-0x00007FF774174000-memory.dmp

    Filesize

    3.3MB

  • memory/4416-79-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp

    Filesize

    3.3MB

  • memory/4416-0-0x00007FF76AD30000-0x00007FF76B084000-memory.dmp

    Filesize

    3.3MB

  • memory/4416-1-0x000001FC71080000-0x000001FC71090000-memory.dmp

    Filesize

    64KB

  • memory/4488-72-0x00007FF776730000-0x00007FF776A84000-memory.dmp

    Filesize

    3.3MB

  • memory/4488-152-0x00007FF776730000-0x00007FF776A84000-memory.dmp

    Filesize

    3.3MB

  • memory/4520-155-0x00007FF7503A0000-0x00007FF7506F4000-memory.dmp

    Filesize

    3.3MB

  • memory/4520-139-0x00007FF7503A0000-0x00007FF7506F4000-memory.dmp

    Filesize

    3.3MB

  • memory/4520-91-0x00007FF7503A0000-0x00007FF7506F4000-memory.dmp

    Filesize

    3.3MB

  • memory/4860-160-0x00007FF69C4F0000-0x00007FF69C844000-memory.dmp

    Filesize

    3.3MB

  • memory/4860-118-0x00007FF69C4F0000-0x00007FF69C844000-memory.dmp

    Filesize

    3.3MB

  • memory/4884-157-0x00007FF778260000-0x00007FF7785B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4884-103-0x00007FF778260000-0x00007FF7785B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4948-150-0x00007FF702200000-0x00007FF702554000-memory.dmp

    Filesize

    3.3MB

  • memory/4948-137-0x00007FF702200000-0x00007FF702554000-memory.dmp

    Filesize

    3.3MB

  • memory/4948-71-0x00007FF702200000-0x00007FF702554000-memory.dmp

    Filesize

    3.3MB

  • memory/5000-140-0x00007FF67A120000-0x00007FF67A474000-memory.dmp

    Filesize

    3.3MB

  • memory/5000-161-0x00007FF67A120000-0x00007FF67A474000-memory.dmp

    Filesize

    3.3MB

  • memory/5000-131-0x00007FF67A120000-0x00007FF67A474000-memory.dmp

    Filesize

    3.3MB

  • memory/5076-81-0x00007FF7A7170000-0x00007FF7A74C4000-memory.dmp

    Filesize

    3.3MB

  • memory/5076-154-0x00007FF7A7170000-0x00007FF7A74C4000-memory.dmp

    Filesize

    3.3MB

  • memory/5076-138-0x00007FF7A7170000-0x00007FF7A74C4000-memory.dmp

    Filesize

    3.3MB

  • memory/5616-141-0x00007FF7E20F0000-0x00007FF7E2444000-memory.dmp

    Filesize

    3.3MB

  • memory/5616-132-0x00007FF7E20F0000-0x00007FF7E2444000-memory.dmp

    Filesize

    3.3MB

  • memory/5616-162-0x00007FF7E20F0000-0x00007FF7E2444000-memory.dmp

    Filesize

    3.3MB