Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 04:12

General

  • Target

    2024-06-08_514dbdf838f0a7941ce7613757923aa7_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    514dbdf838f0a7941ce7613757923aa7

  • SHA1

    08493ea943e8c5fce8c6d772988dd1177ca284fc

  • SHA256

    b53e744188b53ef6158c9c543d739155cf618f05e276d9286c3f4af740d6e50c

  • SHA512

    4ebf075cae44f81715c73fc8a394b1b1f638b4aa7bd51b2293edb5a12100e773c45fd6a788756eb2c817d1a4ca2ec2e19fe09e0635101a4c6456ed9864926fe6

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUX:Q+856utgpPF8u/7X

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_514dbdf838f0a7941ce7613757923aa7_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_514dbdf838f0a7941ce7613757923aa7_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\System\rezbDyk.exe
      C:\Windows\System\rezbDyk.exe
      2⤵
      • Executes dropped EXE
      PID:4020
    • C:\Windows\System\ICNKbLx.exe
      C:\Windows\System\ICNKbLx.exe
      2⤵
      • Executes dropped EXE
      PID:3976
    • C:\Windows\System\oMMaSGG.exe
      C:\Windows\System\oMMaSGG.exe
      2⤵
      • Executes dropped EXE
      PID:4052
    • C:\Windows\System\FaOOhZR.exe
      C:\Windows\System\FaOOhZR.exe
      2⤵
      • Executes dropped EXE
      PID:3932
    • C:\Windows\System\iGnuqsO.exe
      C:\Windows\System\iGnuqsO.exe
      2⤵
      • Executes dropped EXE
      PID:4716
    • C:\Windows\System\YuMHpyr.exe
      C:\Windows\System\YuMHpyr.exe
      2⤵
      • Executes dropped EXE
      PID:844
    • C:\Windows\System\gXTVHQW.exe
      C:\Windows\System\gXTVHQW.exe
      2⤵
      • Executes dropped EXE
      PID:4808
    • C:\Windows\System\SNomiOt.exe
      C:\Windows\System\SNomiOt.exe
      2⤵
      • Executes dropped EXE
      PID:4956
    • C:\Windows\System\FylkGdW.exe
      C:\Windows\System\FylkGdW.exe
      2⤵
      • Executes dropped EXE
      PID:2600
    • C:\Windows\System\WoIaPnq.exe
      C:\Windows\System\WoIaPnq.exe
      2⤵
      • Executes dropped EXE
      PID:4880
    • C:\Windows\System\SUPKLoA.exe
      C:\Windows\System\SUPKLoA.exe
      2⤵
      • Executes dropped EXE
      PID:1116
    • C:\Windows\System\SSklPbO.exe
      C:\Windows\System\SSklPbO.exe
      2⤵
      • Executes dropped EXE
      PID:1100
    • C:\Windows\System\czaDPPX.exe
      C:\Windows\System\czaDPPX.exe
      2⤵
      • Executes dropped EXE
      PID:400
    • C:\Windows\System\kNUIZXw.exe
      C:\Windows\System\kNUIZXw.exe
      2⤵
      • Executes dropped EXE
      PID:1768
    • C:\Windows\System\PQIRVDv.exe
      C:\Windows\System\PQIRVDv.exe
      2⤵
      • Executes dropped EXE
      PID:2100
    • C:\Windows\System\UPMvsly.exe
      C:\Windows\System\UPMvsly.exe
      2⤵
      • Executes dropped EXE
      PID:3788
    • C:\Windows\System\IJUopgH.exe
      C:\Windows\System\IJUopgH.exe
      2⤵
      • Executes dropped EXE
      PID:1224
    • C:\Windows\System\GwoNuVb.exe
      C:\Windows\System\GwoNuVb.exe
      2⤵
      • Executes dropped EXE
      PID:4436
    • C:\Windows\System\VpCmacb.exe
      C:\Windows\System\VpCmacb.exe
      2⤵
      • Executes dropped EXE
      PID:4440
    • C:\Windows\System\dxgWSCz.exe
      C:\Windows\System\dxgWSCz.exe
      2⤵
      • Executes dropped EXE
      PID:1340
    • C:\Windows\System\RrhOMWi.exe
      C:\Windows\System\RrhOMWi.exe
      2⤵
      • Executes dropped EXE
      PID:4216
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=2856,i,2607710392823067546,4648797561512801463,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:8
    1⤵
      PID:2904

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\FaOOhZR.exe

      Filesize

      5.9MB

      MD5

      1e8f4fd9bc2763341626c33a6bfae62b

      SHA1

      3c49f54a38be8f401bfe31e691730946efb07f6e

      SHA256

      5645ba9c683af2541d08ccaccda1c83de384ca3268642abf2a26c935d7113fd8

      SHA512

      622bdc40634619c00afe91c5e58aa410e3d9a7a525b90c866c3b549575005db02dbeab4cef0069caec3967012933e5a4b9fa981b442331ec9373032e15e667a4

    • C:\Windows\System\FylkGdW.exe

      Filesize

      5.9MB

      MD5

      81a818e966a6e81ddf9305428f1a1a87

      SHA1

      b5447cf75b765318096bc7ec9fc4e87dea3ae1dc

      SHA256

      cde3db972bcf4e46b3c8f87bbc11bdeb984624a3b5f07c073632bc18de1dd5fe

      SHA512

      a758d4c03d9b57046031f5cb87b0fd97cafa2b25b651e4236bf2ffc70af9d0f14494f625cf0adb34b98309a2b686749e9a20678ee2203982231a73fd9a51ee65

    • C:\Windows\System\GwoNuVb.exe

      Filesize

      5.9MB

      MD5

      a8095c514c1bec1de02357135d548b60

      SHA1

      c8fdca17f4e4d6d715548fc4807da69e8f1f50b0

      SHA256

      eb282dded4dab25bea8c10becec49f43c260617c5752dac1277f5012475b5b62

      SHA512

      cad516fceb0849c3c0c153fde8496f2e5ce1f259c9336b1df9a56f8a151141ff551db800e10a92ba635220a4a9f1be7d2262d7c621710114b0228d0bc48aa897

    • C:\Windows\System\ICNKbLx.exe

      Filesize

      5.9MB

      MD5

      4c550832f096464e035df25e40ab567f

      SHA1

      db80231d39e531b279000661b48d1179c91ae89e

      SHA256

      1e5e5a975a5db274f187ce46a29b41b674f750aca78fcec902d7ac1728606728

      SHA512

      51d66c9d1c972b3db080c27cd53b5ad5ed47f27f484cffd42eafe99032266b393ab6510bd6340c33c59735ea9c292bb3d7f1b03ca3f0a39da77c27002850b48e

    • C:\Windows\System\IJUopgH.exe

      Filesize

      5.9MB

      MD5

      b87ba3a4fe621fdb57d912354e430e46

      SHA1

      bd9fe72b508e0595c0fd2a5f4d481d9d97e3ed9d

      SHA256

      4b539c004d825ddb9b71229fa9b2ff28c5bf4a04f5dc9a55299dec174dab0cf6

      SHA512

      3eb62de2d11d8af1af2c373c2bef50c5233ca92ee06f46bdcd84829f3c7e96bceb49cacbf5b59f0951ffa96eda645056d6766493acebd4e96a98b09af131b5d6

    • C:\Windows\System\PQIRVDv.exe

      Filesize

      5.9MB

      MD5

      24a8760281dca8e51bfbaaf59d53e022

      SHA1

      0fbd8847f6ffeeb19b6b2814f5669decc7c2da53

      SHA256

      6c78f42ffa52876e47cdbe48fae72e0f770c0e7582a9be81c392cf3308d948cb

      SHA512

      272efe14b06753b9b63fa3aac8c698b6563308c4e184f658acc13abc155d301948a28d59876a937b000a35fade5dd6c25d3074617db92588b9a62fd151f78e25

    • C:\Windows\System\RrhOMWi.exe

      Filesize

      5.9MB

      MD5

      85b3c3af41eb064eeae851ebce4ba093

      SHA1

      050a6690b98a74f5f969a2772716330813abf35f

      SHA256

      39d1ecef2738be8c26eca38dda6e9fa7d7c175f7055e3f512205474dd55b010b

      SHA512

      a4f6bd8b066918a88a8562ba3dc58b885362740d0e28dc663f92d18d712bb03335315cef017f466857af6356c6528650421021be6348fb4b68839d916048864a

    • C:\Windows\System\SNomiOt.exe

      Filesize

      5.9MB

      MD5

      aab21b7d65623cd35593db2e7b874869

      SHA1

      e6773e8429e6af4cde98b2a5a53d8aa15d8c9447

      SHA256

      ff11870aba6b62e9db16aa133b4427b0a9b23c7d2a10c03cac01bda0ab1f1659

      SHA512

      72ee712f4d7a71b9e023a67c610ebf73c5da0ea27ddd16b913323fdf6afaa25ed6aae9ebe7270e5d5b46160e8d2ffc00060d477430dfdfd1e739b8d8ac6a5f7c

    • C:\Windows\System\SSklPbO.exe

      Filesize

      5.9MB

      MD5

      2537f8b26adcff3ebe9023385088831c

      SHA1

      6d38fa9914a0605a86bb249cb6b7c3b7c89a4cc0

      SHA256

      087a7b0c5ddd7098c8d43fb77428c55013479598fbcb76fdad209ca3eca588fe

      SHA512

      667efdbc77fd2bfa6e3ca2f3570fb591920e6c36952498f54322856eb26765577ac15029e2b678081ef9109355116a0c4671b5debe7d19c101f41013ce08875d

    • C:\Windows\System\SUPKLoA.exe

      Filesize

      5.9MB

      MD5

      ff629ff2ee4958b40dc85ac1bb7e292d

      SHA1

      b8d339d81d0f391e0b02fb6e079ea2f2ef8c6a1c

      SHA256

      c0a81651d9bc2a23973f997aadbb63b53caa61ec65c95e7be0a88d947754ea9e

      SHA512

      aadc07cf8c405a7534afa2da57aaeba11658700a8d1f43049e9064ceb8711b3f96def18d99b18ce1a74c234b10d3335c7e97a20a754af176a3efb65ad13d7d42

    • C:\Windows\System\UPMvsly.exe

      Filesize

      5.9MB

      MD5

      d2136e2a0fb1e23b29df8799e959583d

      SHA1

      321b1a23610e535449c142f1d3a9e1e7f39120b6

      SHA256

      56173f4e1457b7bcea78c1e4467fbafd9f8959d55e24759b4db4719f8accc933

      SHA512

      2e2efed77d686d38d9f2a29a86a59b90d2db5f4fdbbeff34960d2149cf90e3e2b30448f5e9b77e2da59d957063d138deecd0a307c29517878f9ebb3de4097f01

    • C:\Windows\System\VpCmacb.exe

      Filesize

      5.9MB

      MD5

      1256ae5ff2e440f86404a0118b08a315

      SHA1

      083d7d117ed0371781704680fe0763a7111d0ed1

      SHA256

      afca597a6f7330d84d48011ce5f9971c3d9bbc1256d2385a3cf4423a835eaad6

      SHA512

      38e16bd970879c612324d86165161c6d680623f97f1375aab933cdc58e32c7c04f4635a83ec454eda35c10b4c0960e8184bacf96b66de4bd886136e07c2805d3

    • C:\Windows\System\WoIaPnq.exe

      Filesize

      5.9MB

      MD5

      048fc865d99a179ee43c40e472a0a004

      SHA1

      cbf597e58b0e959c7c9b468a77058b65438b983b

      SHA256

      98ad1858258aa29f7c46075ba1829e5e08ff1f80a095ea6b5e1c162069d0f798

      SHA512

      4baea6ed0b88536021f8c72d1b6e6d9e4dcb3d20d37638ffe23449bcaaa5a5faa936a5966f44d23cf2f516bcf7d6ad601972973890c5f13a6073c94c11cca7a8

    • C:\Windows\System\YuMHpyr.exe

      Filesize

      5.9MB

      MD5

      a830c25b464fc28372a67cc0747605fd

      SHA1

      90c914dcd61c7d5116d22527df7a66da131e2804

      SHA256

      07d67984091f5812cff04430d18bb37664c9be7ecb0e767f6793e3d73382ddac

      SHA512

      92d7aa77858d85511d117b2ec25bf2eff1b1f80c9c462d47c1496eedffa9a3538657661c378b0fd7b646259c1a982a4bef0e71a0526ccb45a673455b1fdfdb95

    • C:\Windows\System\czaDPPX.exe

      Filesize

      5.9MB

      MD5

      72bb6b5c8aaa98c3500e8b7ca20e8153

      SHA1

      972726d66ef2eca5659536569bbd07fd2381e8ee

      SHA256

      30940356ff74d7ac3e7968cd11d9671444d3a0d2064d8e2abe0515b3ed1d258d

      SHA512

      b5d22d862adca178ca553109cc13f4ece1a85182004d77a09989e826a79d47a00b520bf2191de29b461e09f5ba8de579841905b2445c35135342effff8b72817

    • C:\Windows\System\dxgWSCz.exe

      Filesize

      5.9MB

      MD5

      69684c269d4b117890dc6a30f5d8dbbe

      SHA1

      204bee195c72af86eb198ecae8f9344b0769da3a

      SHA256

      6a0d0224f1ac2e9a7d1ba8e791021e8ceff1e761f08a76c057b7b232417bb1e2

      SHA512

      8f7c0675fa94aa1a35c3715ea8cae6f80c0e7b24c933116230ca04504d059196f6c56acd479c3590ab309fb3b0e8397cfd5e96466fa56c51c76b968be79a41c7

    • C:\Windows\System\gXTVHQW.exe

      Filesize

      5.9MB

      MD5

      cd345ac3f378c924ca24f47c7a0cfbd5

      SHA1

      55c9ae6f9f04e85a78b865cf75eec83a024bbacf

      SHA256

      3314db24bc471c7c2b896afbc40080a1ef181e50182ea4b4fb46eb00a5cb2e61

      SHA512

      a5e71d42c531c6b31337753626a62dc1efffcfeb420fb334e1e03c34a7c9d4d7c61cf43035c3e411d9d00db669c1e765c379ef256c6b5718d7098529ad9aad83

    • C:\Windows\System\iGnuqsO.exe

      Filesize

      5.9MB

      MD5

      29e6a9c84cb0622c51821b292d216b97

      SHA1

      1c61a13081b4be8a7bfa9bc0f055c614363c96b5

      SHA256

      d68dbdf8470385cb845f7a4daa01e734b30babafb5d0ebe9d9fa3c2dbaaacddd

      SHA512

      628cdb47a053a8b8e50c99626df93fa2b63f9bb875a442d64a1a091f6b2210a33c56ebd406fdd1502869041938e26cc17a4ee8709d7b0bcc3aab9be521391c4f

    • C:\Windows\System\kNUIZXw.exe

      Filesize

      5.9MB

      MD5

      d00cec7d06298d2a7170f84f97dab3a0

      SHA1

      6c4729ef7c59eb2e276970069cd71740b18eb278

      SHA256

      9f8a268e3ae855d849665866041d0a0c99b0ae2a45d7df60b9ed07dd5c262fec

      SHA512

      a262aceb4f620c15d3ecb5568209572937dc466ec923953bd0a161f1b74f1ad368b54deee80688912f9cc4d8414273854d963fd78a872f7160f354571445698c

    • C:\Windows\System\oMMaSGG.exe

      Filesize

      5.9MB

      MD5

      e04200b80a537efd39c58668175e0f93

      SHA1

      a4a6e0ac3fc5a4c935ff65f12a951d18ca5a6096

      SHA256

      11efe6ef54669cb540ad07aba1706cb37a4288536dd2df03bb815bdda105e015

      SHA512

      bf6ec8fdd1b2de612b8adb6ca528b12f54b9bc2919e49f5e18b6a1ef78175d35203868b340d49b334052e171a7a77a08e6f30638bee1ff60c9eb2f7acd5264b8

    • C:\Windows\System\rezbDyk.exe

      Filesize

      5.9MB

      MD5

      5e7e9bda2c53928f36556e0361e2b192

      SHA1

      d08c5a46c985bab7f7fcc78a1092ffdac39e0d51

      SHA256

      83606993f2a5c005a4cbdfeb5175a59ce573722665f29934c511f2942723085b

      SHA512

      dddb376b4e6b0f6c3f875fb9cb62aaab8d7de5a07e7c653fe6039e24863146e96b9f94caabd5a6c469320dff5419069fc37208d9c3234981d41275c242602c04

    • memory/400-81-0x00007FF660F00000-0x00007FF661254000-memory.dmp

      Filesize

      3.3MB

    • memory/400-150-0x00007FF660F00000-0x00007FF661254000-memory.dmp

      Filesize

      3.3MB

    • memory/844-41-0x00007FF71E6B0000-0x00007FF71EA04000-memory.dmp

      Filesize

      3.3MB

    • memory/844-143-0x00007FF71E6B0000-0x00007FF71EA04000-memory.dmp

      Filesize

      3.3MB

    • memory/1100-75-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp

      Filesize

      3.3MB

    • memory/1100-149-0x00007FF6A96D0000-0x00007FF6A9A24000-memory.dmp

      Filesize

      3.3MB

    • memory/1116-71-0x00007FF66D530000-0x00007FF66D884000-memory.dmp

      Filesize

      3.3MB

    • memory/1116-148-0x00007FF66D530000-0x00007FF66D884000-memory.dmp

      Filesize

      3.3MB

    • memory/1116-133-0x00007FF66D530000-0x00007FF66D884000-memory.dmp

      Filesize

      3.3MB

    • memory/1224-106-0x00007FF6D3860000-0x00007FF6D3BB4000-memory.dmp

      Filesize

      3.3MB

    • memory/1224-154-0x00007FF6D3860000-0x00007FF6D3BB4000-memory.dmp

      Filesize

      3.3MB

    • memory/1224-136-0x00007FF6D3860000-0x00007FF6D3BB4000-memory.dmp

      Filesize

      3.3MB

    • memory/1340-157-0x00007FF6C9220000-0x00007FF6C9574000-memory.dmp

      Filesize

      3.3MB

    • memory/1340-129-0x00007FF6C9220000-0x00007FF6C9574000-memory.dmp

      Filesize

      3.3MB

    • memory/1768-134-0x00007FF74AD90000-0x00007FF74B0E4000-memory.dmp

      Filesize

      3.3MB

    • memory/1768-93-0x00007FF74AD90000-0x00007FF74B0E4000-memory.dmp

      Filesize

      3.3MB

    • memory/1768-151-0x00007FF74AD90000-0x00007FF74B0E4000-memory.dmp

      Filesize

      3.3MB

    • memory/2100-94-0x00007FF688200000-0x00007FF688554000-memory.dmp

      Filesize

      3.3MB

    • memory/2100-153-0x00007FF688200000-0x00007FF688554000-memory.dmp

      Filesize

      3.3MB

    • memory/2100-135-0x00007FF688200000-0x00007FF688554000-memory.dmp

      Filesize

      3.3MB

    • memory/2124-0-0x00007FF6C1570000-0x00007FF6C18C4000-memory.dmp

      Filesize

      3.3MB

    • memory/2124-62-0x00007FF6C1570000-0x00007FF6C18C4000-memory.dmp

      Filesize

      3.3MB

    • memory/2124-1-0x00000220F3550000-0x00000220F3560000-memory.dmp

      Filesize

      64KB

    • memory/2600-56-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp

      Filesize

      3.3MB

    • memory/2600-146-0x00007FF60F990000-0x00007FF60FCE4000-memory.dmp

      Filesize

      3.3MB

    • memory/3788-152-0x00007FF68CA70000-0x00007FF68CDC4000-memory.dmp

      Filesize

      3.3MB

    • memory/3788-104-0x00007FF68CA70000-0x00007FF68CDC4000-memory.dmp

      Filesize

      3.3MB

    • memory/3932-24-0x00007FF662DE0000-0x00007FF663134000-memory.dmp

      Filesize

      3.3MB

    • memory/3932-141-0x00007FF662DE0000-0x00007FF663134000-memory.dmp

      Filesize

      3.3MB

    • memory/3932-88-0x00007FF662DE0000-0x00007FF663134000-memory.dmp

      Filesize

      3.3MB

    • memory/3976-139-0x00007FF6797C0000-0x00007FF679B14000-memory.dmp

      Filesize

      3.3MB

    • memory/3976-14-0x00007FF6797C0000-0x00007FF679B14000-memory.dmp

      Filesize

      3.3MB

    • memory/4020-8-0x00007FF64DB00000-0x00007FF64DE54000-memory.dmp

      Filesize

      3.3MB

    • memory/4020-138-0x00007FF64DB00000-0x00007FF64DE54000-memory.dmp

      Filesize

      3.3MB

    • memory/4052-80-0x00007FF6BDC10000-0x00007FF6BDF64000-memory.dmp

      Filesize

      3.3MB

    • memory/4052-140-0x00007FF6BDC10000-0x00007FF6BDF64000-memory.dmp

      Filesize

      3.3MB

    • memory/4052-19-0x00007FF6BDC10000-0x00007FF6BDF64000-memory.dmp

      Filesize

      3.3MB

    • memory/4216-137-0x00007FF608E80000-0x00007FF6091D4000-memory.dmp

      Filesize

      3.3MB

    • memory/4216-130-0x00007FF608E80000-0x00007FF6091D4000-memory.dmp

      Filesize

      3.3MB

    • memory/4216-158-0x00007FF608E80000-0x00007FF6091D4000-memory.dmp

      Filesize

      3.3MB

    • memory/4436-115-0x00007FF6AAAA0000-0x00007FF6AADF4000-memory.dmp

      Filesize

      3.3MB

    • memory/4436-155-0x00007FF6AAAA0000-0x00007FF6AADF4000-memory.dmp

      Filesize

      3.3MB

    • memory/4440-156-0x00007FF7EC0F0000-0x00007FF7EC444000-memory.dmp

      Filesize

      3.3MB

    • memory/4440-121-0x00007FF7EC0F0000-0x00007FF7EC444000-memory.dmp

      Filesize

      3.3MB

    • memory/4716-142-0x00007FF702AA0000-0x00007FF702DF4000-memory.dmp

      Filesize

      3.3MB

    • memory/4716-39-0x00007FF702AA0000-0x00007FF702DF4000-memory.dmp

      Filesize

      3.3MB

    • memory/4716-89-0x00007FF702AA0000-0x00007FF702DF4000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-42-0x00007FF677E30000-0x00007FF678184000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-144-0x00007FF677E30000-0x00007FF678184000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-114-0x00007FF677E30000-0x00007FF678184000-memory.dmp

      Filesize

      3.3MB

    • memory/4880-147-0x00007FF68C720000-0x00007FF68CA74000-memory.dmp

      Filesize

      3.3MB

    • memory/4880-66-0x00007FF68C720000-0x00007FF68CA74000-memory.dmp

      Filesize

      3.3MB

    • memory/4956-50-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp

      Filesize

      3.3MB

    • memory/4956-145-0x00007FF7FABE0000-0x00007FF7FAF34000-memory.dmp

      Filesize

      3.3MB