Analysis

  • max time kernel
    133s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07-06-2024 00:33

General

  • Target

    2024-06-07_40519c64e03a0fe6c0a59e7ecf008feb_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    40519c64e03a0fe6c0a59e7ecf008feb

  • SHA1

    8dc22d65c8f1c805e776a9cb3b5e8b4af52a1285

  • SHA256

    f160177f543ca6ab008a5b1701414de51726e418b5e3a27b73048776d235ee42

  • SHA512

    b5efdffbf8be2e1b60b9df1088a270a139e719529025c661927c6d0adc814f8def64cd77ae0d47eb1d10dc64e1dbf544458c39b9dd9ecba4d86ddfb81c2fb04a

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUC:Q+856utgpPF8u/7C

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 4 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 4 IoCs
  • UPX dump on OEP (original entry point) 29 IoCs
  • XMRig Miner payload 43 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 47 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-07_40519c64e03a0fe6c0a59e7ecf008feb_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-07_40519c64e03a0fe6c0a59e7ecf008feb_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\System\ZWWHgvh.exe
      C:\Windows\System\ZWWHgvh.exe
      2⤵
      • Executes dropped EXE
      PID:2744
    • C:\Windows\System\ssKIOYz.exe
      C:\Windows\System\ssKIOYz.exe
      2⤵
      • Executes dropped EXE
      PID:3044
    • C:\Windows\System\LVYHduv.exe
      C:\Windows\System\LVYHduv.exe
      2⤵
      • Executes dropped EXE
      PID:2132
    • C:\Windows\System\UHAiqUV.exe
      C:\Windows\System\UHAiqUV.exe
      2⤵
      • Executes dropped EXE
      PID:1944
    • C:\Windows\System\xcWJwgA.exe
      C:\Windows\System\xcWJwgA.exe
      2⤵
      • Executes dropped EXE
      PID:2596
    • C:\Windows\System\AUWiRwX.exe
      C:\Windows\System\AUWiRwX.exe
      2⤵
      • Executes dropped EXE
      PID:2668
    • C:\Windows\System\nduGlfI.exe
      C:\Windows\System\nduGlfI.exe
      2⤵
      • Executes dropped EXE
      PID:2712
    • C:\Windows\System\hgRgYao.exe
      C:\Windows\System\hgRgYao.exe
      2⤵
      • Executes dropped EXE
      PID:2872
    • C:\Windows\System\GiTBmZi.exe
      C:\Windows\System\GiTBmZi.exe
      2⤵
      • Executes dropped EXE
      PID:2820
    • C:\Windows\System\UaRkdvH.exe
      C:\Windows\System\UaRkdvH.exe
      2⤵
      • Executes dropped EXE
      PID:2488
    • C:\Windows\System\FJygThd.exe
      C:\Windows\System\FJygThd.exe
      2⤵
      • Executes dropped EXE
      PID:2456
    • C:\Windows\System\KmDBUtn.exe
      C:\Windows\System\KmDBUtn.exe
      2⤵
      • Executes dropped EXE
      PID:1524
    • C:\Windows\System\LpyUcog.exe
      C:\Windows\System\LpyUcog.exe
      2⤵
      • Executes dropped EXE
      PID:1252
    • C:\Windows\System\NvgScMj.exe
      C:\Windows\System\NvgScMj.exe
      2⤵
      • Executes dropped EXE
      PID:2804
    • C:\Windows\System\auNCmEh.exe
      C:\Windows\System\auNCmEh.exe
      2⤵
      • Executes dropped EXE
      PID:2828
    • C:\Windows\System\MVnNppt.exe
      C:\Windows\System\MVnNppt.exe
      2⤵
      • Executes dropped EXE
      PID:1436
    • C:\Windows\System\pORdPTn.exe
      C:\Windows\System\pORdPTn.exe
      2⤵
      • Executes dropped EXE
      PID:636
    • C:\Windows\System\FpWkxbn.exe
      C:\Windows\System\FpWkxbn.exe
      2⤵
      • Executes dropped EXE
      PID:1572
    • C:\Windows\System\StPcVvv.exe
      C:\Windows\System\StPcVvv.exe
      2⤵
      • Executes dropped EXE
      PID:772
    • C:\Windows\System\yLvXuyS.exe
      C:\Windows\System\yLvXuyS.exe
      2⤵
      • Executes dropped EXE
      PID:2736
    • C:\Windows\System\CWWDuIR.exe
      C:\Windows\System\CWWDuIR.exe
      2⤵
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\AUWiRwX.exe

    Filesize

    2.3MB

    MD5

    9d367348bc2b0a338371873ab92b5ce0

    SHA1

    7f656575ff1e475fc391f43341a8d5f4ac819b19

    SHA256

    54a48f3a9df4f2d2df5308f04d9bbc5bfb754b7f4236b7d31d49f71134f2b309

    SHA512

    8ea158cb453b86b762270e2cebce91cbe9a0e8b60ddc4e0fb3c531068e04df9f568fe69f34e169c5bdf6255c4c79c801e5f4b3c040f45ef12c24211a5d1dd454

  • C:\Windows\system\CWWDuIR.exe

    Filesize

    576KB

    MD5

    2b325ba998218e1724cf0adeb30ee980

    SHA1

    91c91f972b93ca21c02dbae5cc375d4e1212c0a0

    SHA256

    3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9

    SHA512

    d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

  • C:\Windows\system\KmDBUtn.exe

    Filesize

    1.9MB

    MD5

    0b1dc771469fa6753e7aace834956918

    SHA1

    ab392eb1cb5fc16a55a2c41b7c5a6d56cfdeced7

    SHA256

    60a5948084400707991c40b4413636168d0f0501efbc67fab461d4937de55fb6

    SHA512

    6ff29d03eaaae06a15e3efe1ea402940d3f7a6e2ebae2266481a1a80576dd91702b1cbddedd5f74c67cdfdf217582f180323fa66c29c2525747039f60c34ba60

  • C:\Windows\system\LVYHduv.exe

    Filesize

    2.8MB

    MD5

    7ca4c7d08ec840a69d3101c638d4b72f

    SHA1

    9a0bd3c709f755b63121fadc936f446aec1e7ee6

    SHA256

    ad375c6a067690acfdb9ba070a3a7e26450ca7423af526c703ce192d7173f7e7

    SHA512

    93ae69558c6397f1d10b68fc7e156b1c23dffe4348c43264d4d2484e88db3346ef1d13b6b607cc291558edc2cbc35a0667021d52c5cf7e17eeb41ed495e23c3b

  • C:\Windows\system\MVnNppt.exe

    Filesize

    5.9MB

    MD5

    2999532dc35b49213ea1ffa0fdce5d12

    SHA1

    ef43e59a954e41cd0180ed84faad7585b07377db

    SHA256

    0ee4b22749bab39e71bc09cb3061d879611cd302ace5f52d0ee39806fc242cfa

    SHA512

    3390b1a0356277742902797504aa40220556ffc2c1668d719d4a11fe617a089d12a6483eb05a231e0f0e41e230164474503313859fb63fd87f30bf0df1935ba3

  • C:\Windows\system\StPcVvv.exe

    Filesize

    2.1MB

    MD5

    fbb6a602f644dbf57142122f30692c9a

    SHA1

    8158aaa7168744874ea387599d6d2cead21e28a3

    SHA256

    3ededef3bd2586830b0a8597cb8ce36b4909b0421f6d3ed699083dfd6f8c0a7d

    SHA512

    594ad340712d040831c50ecaffbc2dabd957ed3d1d45fbdcb2c0a001df0ecad88502ea7ae79d922d80e7ca9a296427129145281a618e70a75857e869e5c45bfe

  • C:\Windows\system\UaRkdvH.exe

    Filesize

    5.9MB

    MD5

    b0446695b4f6959fd89a363b056867e1

    SHA1

    a151e9cc9c24cdebc07f104d747406379efe19cd

    SHA256

    ce470b3d75e279b518ce166ee9bbc38db16bea110ec8fb660a2c550d54c2e1ca

    SHA512

    c86dc9b22ad90229c44185eb4e4950e1ab7d56741a7b48345cd57d5c9da0e8462ca09523b4069b58300170180b1a9e074d18956838a56f1c1427c1503d07190c

  • C:\Windows\system\hgRgYao.exe

    Filesize

    1.6MB

    MD5

    2c29c56557704a5af675ac862b6acadc

    SHA1

    8095e9a472d534a6ef5dc3ab384273149ae12d48

    SHA256

    ad78076137bb51fd4326f7a646d70c5d984effb3c1176184b92e2481afe8ee9d

    SHA512

    f76c7cafe7089612bd2c5136e03dfbe423618b3b68e64692820e5dfa2eb3d816fbca1bfa4bd5be14823ba5172f77c777b526463c4d46646574bc76ae1535f049

  • C:\Windows\system\ssKIOYz.exe

    Filesize

    448KB

    MD5

    0642442db4acbbfb6037e06789624264

    SHA1

    923aee440a6887c7a7a8a78085aa492b2cdcee65

    SHA256

    5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

    SHA512

    7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

  • \Windows\system\CWWDuIR.exe

    Filesize

    5.9MB

    MD5

    625ce47337ec454a33d1093ebb762a13

    SHA1

    ae84a5a7af055e1dcd1cfa215ed4e31329213bf9

    SHA256

    282cb2c6e835d7fbf977167a0015c254c6f44d191b45362715a418fa0b1c1910

    SHA512

    a5e8a61c6450e5e1626fb9c41d48ecf1d923c7479852e4851e9cc9d9d7858d8bafec111b97d26417936ab43c946231ee3186a9980b45659b1912e80063179f2d

  • \Windows\system\GiTBmZi.exe

    Filesize

    1.7MB

    MD5

    170dd624fc04fc3839f9c4b66a089ce7

    SHA1

    689050489367e9d7989856de58d7dae4b3e867bb

    SHA256

    2882c9c886d8464419d873a9064b43411cb65ebce3e3928914a03cf014d51b3b

    SHA512

    6c2577b1133dc0e707ddd0582933138a814bc91876e45b902c1ce646d61afa9efa2788e7db3f897838eebb25c1faa4d564ec0bef69844aab72cc22ec6531ab9a

  • \Windows\system\LVYHduv.exe

    Filesize

    2.2MB

    MD5

    90be846177ebce09b1bfa8b40630684a

    SHA1

    43a2c66ff47d9e295f18f8c18fe76b69e8850154

    SHA256

    2237948f07e37d90442b50a92836356588f3ae1e31ae0d8dac227315cf2c7f65

    SHA512

    f4ff566c9eaa4a50bcad3cfa87bbb92d072dc2249f94ae304b8cb104e61cee98dba9f3ef0ceebfe48bef05c9c2df36d9188d043c7aa83ca58742993e634b68a6

  • \Windows\system\LpyUcog.exe

    Filesize

    5.9MB

    MD5

    700f275fa85ed6a694cc643a3e6b2d07

    SHA1

    81d7f0b5782d4650c1ffc7f4ce129e2628efd0f3

    SHA256

    9e676c985bfc2e0eebd92922b559476103dfa5b924653ac6ceb075c9d642299f

    SHA512

    b94579b0ff3aa24dcf186b42ebb4cd1eb44ffa1cdd3f47e6b1a391d05e5994b7ad5eba921b0a20caed26a34ea5b55ddc1e96e64aab45e1e6708d46d079f15944

  • \Windows\system\MVnNppt.exe

    Filesize

    2.0MB

    MD5

    ce95ecfd82cad989d07f01bb5a4e0e62

    SHA1

    9c404e62c6a147d88e2c4214a4a0c1206972e9c1

    SHA256

    593e7bd118d819d8e39ef2651ab132601260307c705634ada0a2db317b292576

    SHA512

    c2ff795a22229b7c15805b1e961a5dfe271dec3d9731c58be06511c88be95cff0caaac2a29a6db9c14604bb11c8d799f874a0f83a490e055a4995d26515db084

  • \Windows\system\NvgScMj.exe

    Filesize

    1.2MB

    MD5

    711965c0ed770375b388ea9b5ea57c70

    SHA1

    21f7ffc0c96b29ee6bc8176dc97f6fd049d110a2

    SHA256

    c07d701eb04ab4f8699484a3bd23da869373ffe5abb89855dad47bf019625666

    SHA512

    1805d8628649a043140bc3aafe1e7909e2e2c4d13967ba772fc49046b58f359c9204953c678c902e0a7afe7ca922f35fcfea6266309db91efb45c72ff619c428

  • \Windows\system\hgRgYao.exe

    Filesize

    2.1MB

    MD5

    2543c4760bd9af7f70b7834411ab61af

    SHA1

    ed963cb76a076b222f6cdae99e8563d4444f6351

    SHA256

    c5992c95fef0e281d0ce0d741b02048e13663a833b3e0a3351e4871cc0042001

    SHA512

    37d8c491a184de94728c08add4a199f5cd8ae60d7cd02c39ad185a2859dd5e731e72c9b8cd0fd70525b0b413284ba12790037144a49d111203eb80cb9afcba56

  • \Windows\system\ssKIOYz.exe

    Filesize

    832KB

    MD5

    fe23d8f2a683ea3c37e211db5c47c198

    SHA1

    c8d98757080f758fa71fe2947f967f4c2ba26b77

    SHA256

    e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

    SHA512

    ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

  • memory/1252-89-0x000000013FC70000-0x000000013FFC4000-memory.dmp

    Filesize

    3.3MB

  • memory/1252-147-0x000000013FC70000-0x000000013FFC4000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-88-0x000000013F200000-0x000000013F554000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-146-0x000000013F200000-0x000000013F554000-memory.dmp

    Filesize

    3.3MB

  • memory/1944-55-0x000000013F310000-0x000000013F664000-memory.dmp

    Filesize

    3.3MB

  • memory/1944-138-0x000000013F310000-0x000000013F664000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-57-0x000000013FF20000-0x0000000140274000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-75-0x000000013F480000-0x000000013F7D4000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-96-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-90-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-133-0x000000013F940000-0x000000013FC94000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-87-0x000000013F200000-0x000000013F554000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-0-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

  • memory/2060-2-0x000000013F940000-0x000000013FC94000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-43-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-8-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-103-0x000000013F2C0000-0x000000013F614000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-58-0x000000013F410000-0x000000013F764000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-59-0x000000013FF60000-0x00000001402B4000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-71-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-86-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2060-134-0x00000000022F0000-0x0000000002644000-memory.dmp

    Filesize

    3.3MB

  • memory/2132-137-0x000000013F770000-0x000000013FAC4000-memory.dmp

    Filesize

    3.3MB

  • memory/2132-36-0x000000013F770000-0x000000013FAC4000-memory.dmp

    Filesize

    3.3MB

  • memory/2456-79-0x000000013F480000-0x000000013F7D4000-memory.dmp

    Filesize

    3.3MB

  • memory/2456-145-0x000000013F480000-0x000000013F7D4000-memory.dmp

    Filesize

    3.3MB

  • memory/2488-72-0x000000013F960000-0x000000013FCB4000-memory.dmp

    Filesize

    3.3MB

  • memory/2488-144-0x000000013F960000-0x000000013FCB4000-memory.dmp

    Filesize

    3.3MB

  • memory/2596-140-0x000000013FF20000-0x0000000140274000-memory.dmp

    Filesize

    3.3MB

  • memory/2596-41-0x000000013FF20000-0x0000000140274000-memory.dmp

    Filesize

    3.3MB

  • memory/2668-44-0x000000013F7E0000-0x000000013FB34000-memory.dmp

    Filesize

    3.3MB

  • memory/2668-139-0x000000013F7E0000-0x000000013FB34000-memory.dmp

    Filesize

    3.3MB

  • memory/2712-141-0x000000013F410000-0x000000013F764000-memory.dmp

    Filesize

    3.3MB

  • memory/2712-50-0x000000013F410000-0x000000013F764000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-23-0x000000013F650000-0x000000013F9A4000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-135-0x000000013F650000-0x000000013F9A4000-memory.dmp

    Filesize

    3.3MB

  • memory/2804-102-0x000000013FB30000-0x000000013FE84000-memory.dmp

    Filesize

    3.3MB

  • memory/2804-148-0x000000013FB30000-0x000000013FE84000-memory.dmp

    Filesize

    3.3MB

  • memory/2820-143-0x000000013F8B0000-0x000000013FC04000-memory.dmp

    Filesize

    3.3MB

  • memory/2820-84-0x000000013F8B0000-0x000000013FC04000-memory.dmp

    Filesize

    3.3MB

  • memory/2872-142-0x000000013FF60000-0x00000001402B4000-memory.dmp

    Filesize

    3.3MB

  • memory/2872-64-0x000000013FF60000-0x00000001402B4000-memory.dmp

    Filesize

    3.3MB

  • memory/3044-136-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

    Filesize

    3.3MB

  • memory/3044-35-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

    Filesize

    3.3MB