Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 06:46

General

  • Target

    2024-06-08_c58d1fa6168b55c339f71794fb20898d_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    c58d1fa6168b55c339f71794fb20898d

  • SHA1

    5eef8fadef7d7bb7706b7885cf6c3f285e0a02fd

  • SHA256

    90719454e16bd774106b9c5123f793ce64d797664a77f3643a68d8440694bc92

  • SHA512

    156494127f6371379191e08d66499588ac9f13e868e660a463d5673eecaf97b882383f21b4f9cb42a5089e906193498c591b2ae1cf327c034555d013d5365a07

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUp:Q+856utgpPF8u/7p

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_c58d1fa6168b55c339f71794fb20898d_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_c58d1fa6168b55c339f71794fb20898d_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\System\FgwRaQm.exe
      C:\Windows\System\FgwRaQm.exe
      2⤵
      • Executes dropped EXE
      PID:2120
    • C:\Windows\System\nsrldcj.exe
      C:\Windows\System\nsrldcj.exe
      2⤵
      • Executes dropped EXE
      PID:2692
    • C:\Windows\System\vDFUBBR.exe
      C:\Windows\System\vDFUBBR.exe
      2⤵
      • Executes dropped EXE
      PID:3292
    • C:\Windows\System\iSsWthy.exe
      C:\Windows\System\iSsWthy.exe
      2⤵
      • Executes dropped EXE
      PID:2408
    • C:\Windows\System\kkSxHGO.exe
      C:\Windows\System\kkSxHGO.exe
      2⤵
      • Executes dropped EXE
      PID:1420
    • C:\Windows\System\PRkPQgq.exe
      C:\Windows\System\PRkPQgq.exe
      2⤵
      • Executes dropped EXE
      PID:2248
    • C:\Windows\System\zkXZDmi.exe
      C:\Windows\System\zkXZDmi.exe
      2⤵
      • Executes dropped EXE
      PID:992
    • C:\Windows\System\MrDbTaT.exe
      C:\Windows\System\MrDbTaT.exe
      2⤵
      • Executes dropped EXE
      PID:3172
    • C:\Windows\System\aUJVChz.exe
      C:\Windows\System\aUJVChz.exe
      2⤵
      • Executes dropped EXE
      PID:3496
    • C:\Windows\System\IiQZbIM.exe
      C:\Windows\System\IiQZbIM.exe
      2⤵
      • Executes dropped EXE
      PID:4004
    • C:\Windows\System\bSAWPEs.exe
      C:\Windows\System\bSAWPEs.exe
      2⤵
      • Executes dropped EXE
      PID:688
    • C:\Windows\System\VYMmdfQ.exe
      C:\Windows\System\VYMmdfQ.exe
      2⤵
      • Executes dropped EXE
      PID:1444
    • C:\Windows\System\qhHmZTL.exe
      C:\Windows\System\qhHmZTL.exe
      2⤵
      • Executes dropped EXE
      PID:1940
    • C:\Windows\System\KafNdsj.exe
      C:\Windows\System\KafNdsj.exe
      2⤵
      • Executes dropped EXE
      PID:1472
    • C:\Windows\System\cjCxUGs.exe
      C:\Windows\System\cjCxUGs.exe
      2⤵
      • Executes dropped EXE
      PID:4764
    • C:\Windows\System\aEXhfvr.exe
      C:\Windows\System\aEXhfvr.exe
      2⤵
      • Executes dropped EXE
      PID:1440
    • C:\Windows\System\QwXDTcT.exe
      C:\Windows\System\QwXDTcT.exe
      2⤵
      • Executes dropped EXE
      PID:2472
    • C:\Windows\System\OOCLMbq.exe
      C:\Windows\System\OOCLMbq.exe
      2⤵
      • Executes dropped EXE
      PID:1036
    • C:\Windows\System\guELymC.exe
      C:\Windows\System\guELymC.exe
      2⤵
      • Executes dropped EXE
      PID:848
    • C:\Windows\System\jKcXMnQ.exe
      C:\Windows\System\jKcXMnQ.exe
      2⤵
      • Executes dropped EXE
      PID:2464
    • C:\Windows\System\TJZnlgm.exe
      C:\Windows\System\TJZnlgm.exe
      2⤵
      • Executes dropped EXE
      PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\FgwRaQm.exe

    Filesize

    5.9MB

    MD5

    873470d907a364e3035107c8571852bd

    SHA1

    4c3bebcd67199277e832aa9955a7d23ae15de4f5

    SHA256

    44efa421c39054ecadaff05816887bcc67dfbec4741d881f7bc649e5cb64a346

    SHA512

    76ed4bc889a687615aae9fe0acac69046e6235f644045e505cde5cd382df52af228690b9d9392cf8679db78128b2a58c2f0401469722a3bfa1a714701e6e131f

  • C:\Windows\System\IiQZbIM.exe

    Filesize

    5.9MB

    MD5

    c54273518dd993b9547aa1349a8a99ca

    SHA1

    a232c259dfc9143a5bbcd1d0bc6109bdcecfca15

    SHA256

    74c269aa3a330279ae4cbb8d1ef778402996f242cc95ff0ff3f8743db5c4d683

    SHA512

    8f683c6e73662910d4d44e4d04e4884c8c39c636294dd7c37b20cf5551480e331cb86edc0e3c2bdc7702e74b958a7c4d5b2fde1233ed9e5bc1cbfd940dc190ae

  • C:\Windows\System\KafNdsj.exe

    Filesize

    5.9MB

    MD5

    b3e77a75ab0bb563376a7630203062d5

    SHA1

    09edd60ec55b5129c22ffc9580c553fa2545408f

    SHA256

    8d6f95773e75f61263ea67c960f63f57f3f6be7d7543959d663284dbe8cfcfe8

    SHA512

    f6c74d8393952320f3a2049963ba95463fd6687f69fe2ae9211519ab2bd818d7c690ba74a6207c0f75f2cb9da2f20acb3e5da32bdc576e58b21dbfcd742a84a2

  • C:\Windows\System\MrDbTaT.exe

    Filesize

    5.9MB

    MD5

    8a9d14f1220cf50c4d51a5b76b8c9522

    SHA1

    7917fda4b462341b43ac3c57abfbed5dd68cf59d

    SHA256

    1a83ce3fd429307dadc3264371d876e4406c4f09580f590bc554a2aa5a229a7d

    SHA512

    a398e60ceed261714dbf35bc677ba4c1404043717d22a03cb19963fb81ffb829d007837b3f6e63e204284c9e558b636700e37a533155bc9e719d35f392fe9dee

  • C:\Windows\System\OOCLMbq.exe

    Filesize

    5.9MB

    MD5

    979557cb2fd9f0f1a1af4e7e07a9bbac

    SHA1

    e78c9d638403e3df5478080aefd2b185cd3da491

    SHA256

    8ed71f141b9051b0c81d38d7f31584a2d3d6bb0ab309fc99cfd42b19dd3e1796

    SHA512

    12487841b51e3eed4cb1f29987eb5c3a9759fff9b819d32d1ca2d33d449490b58ffb8d79bb516385354c982404c55d72a0066aff97cc0f248b4af7667e30eab1

  • C:\Windows\System\PRkPQgq.exe

    Filesize

    5.9MB

    MD5

    305af1a957c289bf29643e436ccea4eb

    SHA1

    51dd904a0708c821af419ef31a0a72a5a31262c4

    SHA256

    1ff043858dd92938be0e92df1a412aa6765291f3994abc6acee976c9e818d316

    SHA512

    614c2d6dab9453a1d8eebcbd955bd3684de490206818d6de071064a377744f116ca92d122dff85d345baaa2ba9294d285bc75ee868c7ecc11ae473736c7bae51

  • C:\Windows\System\QwXDTcT.exe

    Filesize

    5.9MB

    MD5

    27d8e30c6fdae93db8dc7dcf4e896cfd

    SHA1

    e01752f1f16142a7ec4d5dfbc155b0c41e5aa1f6

    SHA256

    ad4f8afb165be2b9453fa8985ed0675ef4eb9f4cc201a0b23835c60c8a0c29c2

    SHA512

    96efb52c9c6596004ddc4f8067b6bf1fd710283bdfbffacd37a7df12fb020a49f095c09db81a78c1e415ec9d3f233428b9884cd1d82dc5dd6ea11d0a930641a1

  • C:\Windows\System\TJZnlgm.exe

    Filesize

    5.9MB

    MD5

    c60314c5450e09bdb439da02f3dc9bb0

    SHA1

    f773023c6889f05de4c3a3ec42a06c3c472a9b0b

    SHA256

    968687cb6964293430d18ebd022983a2f1ffb15adc03b6bb5bf669a2f17359d7

    SHA512

    ceda93d7bca3f0662c4a481f2c7d06ba9e4d2971fa80ca1d2615a5056bef107b30c6c2e35b9806af65dd3b73a989c5197cd189482a911fb4951470836d9f13a8

  • C:\Windows\System\VYMmdfQ.exe

    Filesize

    5.9MB

    MD5

    b6a6e4b5c7c2e45bba4ff84978897dcf

    SHA1

    e55e860d4b4fdaf8d4207b6ab9558bd9fb95c0de

    SHA256

    cc4d40e16afc4453454e0670bb280d016a1dbd1ec6c2271125e81a1013965994

    SHA512

    85f5ceb91e0cf060003fd4adbf2107594ccef36c3e201a895d6c11b00af7e32f02cc950b34f63c55faab81fdfe7bfcb2f7737ebc5fcf3854e52cb834a2f3518f

  • C:\Windows\System\aEXhfvr.exe

    Filesize

    5.9MB

    MD5

    0784353cf508e8d8d0effed8f5332030

    SHA1

    b9c7c899fea244b03d079ca7a255ea0b4994b170

    SHA256

    d0f38ae5743117527b5dd94b57b91cf7b8946f117af42cc5000e80a93a6a17d0

    SHA512

    76bbc1a05cbef0fe50c1b9136643ef0e93385a2f4ec5d5f3364d6236bf4dc243e6ac11a6f60c4b7bf4fcbb4eecfd516001a54dde51d0e8d77e567ba751e3735a

  • C:\Windows\System\aUJVChz.exe

    Filesize

    5.9MB

    MD5

    060fb1ed5e7feed557bbaf1dfbd8fff6

    SHA1

    a588076a1527027376187efbde3c638e837fd8f9

    SHA256

    73d73d7bf66a24ec4ed1ec2b9da1fc3c8bbd9593593a9e63a5cfe912c51b5025

    SHA512

    82d7e30e67c19ab64f1a76ba75b7ab8f8b2d01970759134df7867b36f24bbc938cf2add48a25abcdcca9ec0c31431b3a769767ebf7add5618952853741df6871

  • C:\Windows\System\bSAWPEs.exe

    Filesize

    5.9MB

    MD5

    bbbd63b9307e65e77c91b1e97964ac7c

    SHA1

    794138e2b6abbfd282a326231e017bdd733f6f2b

    SHA256

    5f4773d5c2121d03124ac7e885d0c36d5392410d9d9231e4d2524b1f890513a8

    SHA512

    8f1a67b7bb09c52c25e90ed5fbcd93a4f187fab88ee1b11daccbebb30519c18ac86d64add7fb9dd66392d81380e742aecf2f5a786cb7a78aa76f8d72cbac0f69

  • C:\Windows\System\cjCxUGs.exe

    Filesize

    5.9MB

    MD5

    1cee4b0392637e83a150028fe0643e93

    SHA1

    62f3bc010c6dd560f81543c9a5c38c6eb71ed9e1

    SHA256

    f3aff6f6019412304ec074405f5646f623f97012f2293ae05fa588fa174bbcd9

    SHA512

    5de2c5d269c8fdac1b6a157860bb0937d3489337b0897f4f92c3b00bc12309166e966bfc8aa381545f44af55f021838d8cbbee7d06317ef4228e0339d3c0347a

  • C:\Windows\System\guELymC.exe

    Filesize

    5.9MB

    MD5

    378c731e3cfd420919bac38aa4e1f3e4

    SHA1

    731aab77f6b9dc462d8a0fe75e4201e6eab4b194

    SHA256

    38b8bdd9d449d6c20e146851c8eb668da9da6da1a584baeed62b6229f76e4fdb

    SHA512

    ba93c3e49b35d8273f6be57a13f324b02af3528d770449bc91cbb1f625453e39435c801a377b9ac77e2017f7de1681270e249affc6edfff583266b8e839d3cd1

  • C:\Windows\System\iSsWthy.exe

    Filesize

    5.9MB

    MD5

    b31d126e82573ff1bb32ca13e40b0901

    SHA1

    74d5c6ff66001d60ebe27504988a02869f421af7

    SHA256

    e19b7a010288aebd88a0ee16d33d561cfbe17388f1837c6df8e6e5f0fd266043

    SHA512

    1c76400fbffc4d33b061e18042706771e14de167f811d7a0105de44ac54d68edd5ee1c2151e6dc8071dc8577b946c5d9ff6ef4fad8ddf404e1cf1a32bbdbb6a6

  • C:\Windows\System\jKcXMnQ.exe

    Filesize

    5.9MB

    MD5

    688ae6d734f3c7565a6f80feb13e39f4

    SHA1

    dc088e46416e05e8c0b25e119d311e9995e7d1c6

    SHA256

    39e2c57670d237eef982e15246590d67f153aed2a584aa3ffb5bed3bc700ed5d

    SHA512

    5f3484e5c3e9471bee0bfb997cebe6fca4f2eeae594b785a9950a2ef399206a58f6639bfe2cf6c9282beb78e490273fe1c8281b7977b598e4588fb6d6acddbe9

  • C:\Windows\System\kkSxHGO.exe

    Filesize

    5.9MB

    MD5

    ae2e4b4720a1378316891ab9d4ba1f9c

    SHA1

    8e4d46ae18592c0d89f95897be7412c908ffd853

    SHA256

    071a95c47cf98c7f45cf154b1372d15ecd7efb2d50f1085cb409b20f7cdb2bd2

    SHA512

    5263acd71ba11ee3922a47ebe8369afa52e07dd7c38c6ed57b74717df49156a3770a30c668b5003e4209bf3c60b3259b0b7c54b01d6e87717fe2fc96fc74ad68

  • C:\Windows\System\nsrldcj.exe

    Filesize

    5.9MB

    MD5

    64a33aeee181c418fd96280eee6cd86a

    SHA1

    c7d3517f10c27f9647da6673480a5458858dd72c

    SHA256

    0454e5ec90c4ce712c78b1afceddb1b5d36d7945cdf4024ac314c849559dc22d

    SHA512

    8d1e3b4cbb6b51a465b3a9af3349faaebcd4f52687f5c5f7b7ac0f337372a48f1beac3dae388f7f7b3ebf768727d4596f49ccffddd8e31d44fdca2dd53137b99

  • C:\Windows\System\qhHmZTL.exe

    Filesize

    5.9MB

    MD5

    fd737af59df9fef7b0d8c4962b30722c

    SHA1

    ffff45b24795aadcefbe75e0d76d9f2aa8f3b142

    SHA256

    1af53f25adf1e6d29609cd8d3bdce1669f3e5bea4195d0f262344b01dcb4d5a9

    SHA512

    5d57b613e67c807290c81923f99cab80e42387dec025831536e86cc2fcf1cc378a9d86d4eff41917b6d8a07d1e5bf1b81d6b5f7b14163f99e9b217546633d374

  • C:\Windows\System\vDFUBBR.exe

    Filesize

    5.9MB

    MD5

    1ddce6cb6c0de3c13a10e3cd14fc473d

    SHA1

    0c20cca3d9362970aed2ef53748f43291bcc687b

    SHA256

    0d5cbaddf99abf639b25638f48ac25692d8f88c30702d738806433866a55561a

    SHA512

    ca828c602fb8fcdb1d19a769a99f04085e81c7dabbb174e7d8da667e6d6f488ec03e72be5d79db8fa636bfbff46b57480ca39cd6e31592bf179441359693ff8c

  • C:\Windows\System\zkXZDmi.exe

    Filesize

    5.9MB

    MD5

    e17b41d25934b7f6ba3278facf163d77

    SHA1

    13e7813a2e78f127e1ff09676ecbf1bd2e22eb50

    SHA256

    4c8770c627b747736e90c69c7649cd06c0e5b24815807d2c2dfbabc13b479bb1

    SHA512

    69fb51760956ceef60267de8ba5422a1437ec9724f1f21c9ab75806dfa9b0cdf69fbaef110630050e6b48d11eb03f0aa4d28e97b190fa180935ec31f29728e3d

  • memory/688-60-0x00007FF7A9230000-0x00007FF7A9584000-memory.dmp

    Filesize

    3.3MB

  • memory/688-148-0x00007FF7A9230000-0x00007FF7A9584000-memory.dmp

    Filesize

    3.3MB

  • memory/688-134-0x00007FF7A9230000-0x00007FF7A9584000-memory.dmp

    Filesize

    3.3MB

  • memory/848-130-0x00007FF6B2320000-0x00007FF6B2674000-memory.dmp

    Filesize

    3.3MB

  • memory/848-139-0x00007FF6B2320000-0x00007FF6B2674000-memory.dmp

    Filesize

    3.3MB

  • memory/848-160-0x00007FF6B2320000-0x00007FF6B2674000-memory.dmp

    Filesize

    3.3MB

  • memory/992-50-0x00007FF7D0BF0000-0x00007FF7D0F44000-memory.dmp

    Filesize

    3.3MB

  • memory/992-124-0x00007FF7D0BF0000-0x00007FF7D0F44000-memory.dmp

    Filesize

    3.3MB

  • memory/992-147-0x00007FF7D0BF0000-0x00007FF7D0F44000-memory.dmp

    Filesize

    3.3MB

  • memory/1036-119-0x00007FF7FDEB0000-0x00007FF7FE204000-memory.dmp

    Filesize

    3.3MB

  • memory/1036-156-0x00007FF7FDEB0000-0x00007FF7FE204000-memory.dmp

    Filesize

    3.3MB

  • memory/1420-104-0x00007FF71D4C0000-0x00007FF71D814000-memory.dmp

    Filesize

    3.3MB

  • memory/1420-144-0x00007FF71D4C0000-0x00007FF71D814000-memory.dmp

    Filesize

    3.3MB

  • memory/1420-31-0x00007FF71D4C0000-0x00007FF71D814000-memory.dmp

    Filesize

    3.3MB

  • memory/1440-100-0x00007FF690950000-0x00007FF690CA4000-memory.dmp

    Filesize

    3.3MB

  • memory/1440-155-0x00007FF690950000-0x00007FF690CA4000-memory.dmp

    Filesize

    3.3MB

  • memory/1444-151-0x00007FF701EF0000-0x00007FF702244000-memory.dmp

    Filesize

    3.3MB

  • memory/1444-75-0x00007FF701EF0000-0x00007FF702244000-memory.dmp

    Filesize

    3.3MB

  • memory/1472-153-0x00007FF7BC130000-0x00007FF7BC484000-memory.dmp

    Filesize

    3.3MB

  • memory/1472-87-0x00007FF7BC130000-0x00007FF7BC484000-memory.dmp

    Filesize

    3.3MB

  • memory/1636-1-0x000001AC40B50000-0x000001AC40B60000-memory.dmp

    Filesize

    64KB

  • memory/1636-74-0x00007FF637940000-0x00007FF637C94000-memory.dmp

    Filesize

    3.3MB

  • memory/1636-0-0x00007FF637940000-0x00007FF637C94000-memory.dmp

    Filesize

    3.3MB

  • memory/1768-159-0x00007FF6DA620000-0x00007FF6DA974000-memory.dmp

    Filesize

    3.3MB

  • memory/1768-133-0x00007FF6DA620000-0x00007FF6DA974000-memory.dmp

    Filesize

    3.3MB

  • memory/1940-136-0x00007FF77C2C0000-0x00007FF77C614000-memory.dmp

    Filesize

    3.3MB

  • memory/1940-152-0x00007FF77C2C0000-0x00007FF77C614000-memory.dmp

    Filesize

    3.3MB

  • memory/1940-80-0x00007FF77C2C0000-0x00007FF77C614000-memory.dmp

    Filesize

    3.3MB

  • memory/2120-140-0x00007FF668450000-0x00007FF6687A4000-memory.dmp

    Filesize

    3.3MB

  • memory/2120-13-0x00007FF668450000-0x00007FF6687A4000-memory.dmp

    Filesize

    3.3MB

  • memory/2248-34-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2248-116-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2248-146-0x00007FF7DA390000-0x00007FF7DA6E4000-memory.dmp

    Filesize

    3.3MB

  • memory/2408-143-0x00007FF6734F0000-0x00007FF673844000-memory.dmp

    Filesize

    3.3MB

  • memory/2408-91-0x00007FF6734F0000-0x00007FF673844000-memory.dmp

    Filesize

    3.3MB

  • memory/2408-29-0x00007FF6734F0000-0x00007FF673844000-memory.dmp

    Filesize

    3.3MB

  • memory/2464-132-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp

    Filesize

    3.3MB

  • memory/2464-158-0x00007FF69DD00000-0x00007FF69E054000-memory.dmp

    Filesize

    3.3MB

  • memory/2472-113-0x00007FF765610000-0x00007FF765964000-memory.dmp

    Filesize

    3.3MB

  • memory/2472-157-0x00007FF765610000-0x00007FF765964000-memory.dmp

    Filesize

    3.3MB

  • memory/2472-138-0x00007FF765610000-0x00007FF765964000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-16-0x00007FF67B3B0000-0x00007FF67B704000-memory.dmp

    Filesize

    3.3MB

  • memory/2692-141-0x00007FF67B3B0000-0x00007FF67B704000-memory.dmp

    Filesize

    3.3MB

  • memory/3172-145-0x00007FF7BEE10000-0x00007FF7BF164000-memory.dmp

    Filesize

    3.3MB

  • memory/3172-59-0x00007FF7BEE10000-0x00007FF7BF164000-memory.dmp

    Filesize

    3.3MB

  • memory/3292-142-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp

    Filesize

    3.3MB

  • memory/3292-22-0x00007FF64E350000-0x00007FF64E6A4000-memory.dmp

    Filesize

    3.3MB

  • memory/3496-149-0x00007FF661E60000-0x00007FF6621B4000-memory.dmp

    Filesize

    3.3MB

  • memory/3496-135-0x00007FF661E60000-0x00007FF6621B4000-memory.dmp

    Filesize

    3.3MB

  • memory/3496-63-0x00007FF661E60000-0x00007FF6621B4000-memory.dmp

    Filesize

    3.3MB

  • memory/4004-150-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp

    Filesize

    3.3MB

  • memory/4004-54-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp

    Filesize

    3.3MB

  • memory/4004-131-0x00007FF745AB0000-0x00007FF745E04000-memory.dmp

    Filesize

    3.3MB

  • memory/4764-92-0x00007FF6DA430000-0x00007FF6DA784000-memory.dmp

    Filesize

    3.3MB

  • memory/4764-154-0x00007FF6DA430000-0x00007FF6DA784000-memory.dmp

    Filesize

    3.3MB

  • memory/4764-137-0x00007FF6DA430000-0x00007FF6DA784000-memory.dmp

    Filesize

    3.3MB