Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 07:04

General

  • Target

    2024-06-08_5df16383f9e943639b6bb34484e8005e_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    5df16383f9e943639b6bb34484e8005e

  • SHA1

    2469786d33777ac9f3e24125b932cba9177739b4

  • SHA256

    afc79d2e838171062903255a34fce33f67f71ea7b99964184e1d728223dd8334

  • SHA512

    d6257c20baf1a592c65def6faec400cabe8a9ff85841e2fabf0bb88e08a644709a8e1d09d3c31863566b07a138afc0ed8993ce1557f8c994843bb89935390d8a

  • SSDEEP

    98304:oemTLkNdfE0pZrt56utgpPFotBER/mQ32lU2:T+856utgpPF8u/72

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_5df16383f9e943639b6bb34484e8005e_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_5df16383f9e943639b6bb34484e8005e_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Windows\System\rZaCosZ.exe
      C:\Windows\System\rZaCosZ.exe
      2⤵
      • Executes dropped EXE
      PID:448
    • C:\Windows\System\TLDAbdt.exe
      C:\Windows\System\TLDAbdt.exe
      2⤵
      • Executes dropped EXE
      PID:5036
    • C:\Windows\System\XhVDaPf.exe
      C:\Windows\System\XhVDaPf.exe
      2⤵
      • Executes dropped EXE
      PID:5068
    • C:\Windows\System\DpJYvdS.exe
      C:\Windows\System\DpJYvdS.exe
      2⤵
      • Executes dropped EXE
      PID:1620
    • C:\Windows\System\NdeOoWH.exe
      C:\Windows\System\NdeOoWH.exe
      2⤵
      • Executes dropped EXE
      PID:3052
    • C:\Windows\System\ShkOjtu.exe
      C:\Windows\System\ShkOjtu.exe
      2⤵
      • Executes dropped EXE
      PID:116
    • C:\Windows\System\fSuZkpq.exe
      C:\Windows\System\fSuZkpq.exe
      2⤵
      • Executes dropped EXE
      PID:1520
    • C:\Windows\System\xacYmWA.exe
      C:\Windows\System\xacYmWA.exe
      2⤵
      • Executes dropped EXE
      PID:3836
    • C:\Windows\System\yOmMuDV.exe
      C:\Windows\System\yOmMuDV.exe
      2⤵
      • Executes dropped EXE
      PID:2000
    • C:\Windows\System\GUrpjBj.exe
      C:\Windows\System\GUrpjBj.exe
      2⤵
      • Executes dropped EXE
      PID:4492
    • C:\Windows\System\suPwPEy.exe
      C:\Windows\System\suPwPEy.exe
      2⤵
      • Executes dropped EXE
      PID:2608
    • C:\Windows\System\QtFfwdg.exe
      C:\Windows\System\QtFfwdg.exe
      2⤵
      • Executes dropped EXE
      PID:2492
    • C:\Windows\System\NJmhuxr.exe
      C:\Windows\System\NJmhuxr.exe
      2⤵
      • Executes dropped EXE
      PID:432
    • C:\Windows\System\rPUdZSz.exe
      C:\Windows\System\rPUdZSz.exe
      2⤵
      • Executes dropped EXE
      PID:3860
    • C:\Windows\System\nuDBTrg.exe
      C:\Windows\System\nuDBTrg.exe
      2⤵
      • Executes dropped EXE
      PID:3204
    • C:\Windows\System\UfxlDhr.exe
      C:\Windows\System\UfxlDhr.exe
      2⤵
      • Executes dropped EXE
      PID:2216
    • C:\Windows\System\UrHVZhY.exe
      C:\Windows\System\UrHVZhY.exe
      2⤵
      • Executes dropped EXE
      PID:1808
    • C:\Windows\System\CqLhvnH.exe
      C:\Windows\System\CqLhvnH.exe
      2⤵
      • Executes dropped EXE
      PID:1048
    • C:\Windows\System\TdaHuVg.exe
      C:\Windows\System\TdaHuVg.exe
      2⤵
      • Executes dropped EXE
      PID:2176
    • C:\Windows\System\YtJVRuE.exe
      C:\Windows\System\YtJVRuE.exe
      2⤵
      • Executes dropped EXE
      PID:1128
    • C:\Windows\System\kYbUEwZ.exe
      C:\Windows\System\kYbUEwZ.exe
      2⤵
      • Executes dropped EXE
      PID:4664
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1684

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\CqLhvnH.exe

      Filesize

      5.9MB

      MD5

      eac5cafa4fcd4d14aa591c797adfc4d2

      SHA1

      07f7d0e837c04c2a800e7f0823318bd79c93801e

      SHA256

      13c3e92289da62d51fedb8821b15323ffb94cf8186f555be65eed68210588507

      SHA512

      1f727c13379e3d6943daea43f52d46d8e264a6a70a3882bcd07d0688e02a43910bcc5c104c4f583a381105098a9a6ac46bf80c503d1f81f9c34b2a0a7fdddcbf

    • C:\Windows\System\DpJYvdS.exe

      Filesize

      5.9MB

      MD5

      83dc01f8353045ad1b50b5215b5029c9

      SHA1

      261935aa4da28e6bf6c8c19d60b4b8aa1f91d606

      SHA256

      3783f9024186da81bc2461824e428659a8fba909c93f5a4b8e69c949bda0fee6

      SHA512

      213863e980a5ad9e84ec6b446158e309e823fe809e91dbaa0c541bd564541a4f9b7f1303c0cd8011e9d94b908d6b6474a169887f2ea8d126a4d8697c69300a12

    • C:\Windows\System\GUrpjBj.exe

      Filesize

      5.9MB

      MD5

      49dca0cdca0fec4e211d79dca5ba6c48

      SHA1

      930d7ad29da52af9260e6daae17f31c5898b30cd

      SHA256

      85512f93949926a06f0f5d024de64b26f112472c7ed1627fdf71efa304ecf7cb

      SHA512

      e4dadd26b85312d55fb3f099ae466abdd366bdb2a928e98709471dab2265015647ef927fd78f719c449b0c9bf7c0c66fa631618404c6f40919c89257ac68ceb7

    • C:\Windows\System\NJmhuxr.exe

      Filesize

      5.9MB

      MD5

      a021f064c1a9c188748adfbbae66e038

      SHA1

      a65899afff666e9dbefcf1737786045c46239465

      SHA256

      77e8c87a36c396568fb79129476084a6f3f55aafb2d12c2d9a4f183c898bb2e5

      SHA512

      cc4b8ad0dae49d493a92ea7bf1ac57f5a67d1245eb8a1e565129643a3b722b249a730c461877d792cd00ea7a6404b16e79594e5a477cc5ec47ee608006d5e03d

    • C:\Windows\System\NdeOoWH.exe

      Filesize

      5.9MB

      MD5

      65b8702d7ce0314a52a678be919a0a4c

      SHA1

      9e3da4085af891abee5ceacdc2884fdd13173308

      SHA256

      e5ff01d938149da87ba1bf7b3284d4274f748afa4b1f8d8f29a7ace44d967313

      SHA512

      7e5ad5d9a94906624cffbbb7ee57b3063614e2beb54195145f74d19fd834da04b4374f96a59363685c23da6152c9028243819ffd01f70b2f6d0dd8b2abd2fd18

    • C:\Windows\System\QtFfwdg.exe

      Filesize

      5.9MB

      MD5

      9d9fe62280a596f81d6c6ae25ade3992

      SHA1

      d4915f15b753227a10833bdcb887617dec337376

      SHA256

      80c1128f95fff471effdfa7fd051bc327d1b4203aff10f5437eaa15cc1a6e312

      SHA512

      903f91c4843f677c128ffe3bde57e9b4a8b6aaf90e30e255f14122f9c3818504402c040c205ea62081ab5aabedef25086c58b08e5ca87c61dbe3511678923e58

    • C:\Windows\System\ShkOjtu.exe

      Filesize

      5.9MB

      MD5

      6cbd71eb1243979185d56d333df9adad

      SHA1

      18053fa7ad128401924379dca2f84d5dbedd29cc

      SHA256

      87e60ec8b8daa8364dac665f39944d87596a163e4e90cdba6c20f0d837a6eb02

      SHA512

      daa76334e79da1b977268870bd814c9659b7b68ef49f03f9f43bec165b7b7a2c6455752894ee54d8ad7546f1b9816417454ff125e31b3541a488fdcda822970d

    • C:\Windows\System\TLDAbdt.exe

      Filesize

      5.9MB

      MD5

      207f9305f3b2648189d6403d74f53853

      SHA1

      be38521c6dd86e6a74ea63e4de1e43131672b845

      SHA256

      eaffd790be4abf02d47ef24cec1512e7891adb6a4f1db5b0fd2a3d47a9061d46

      SHA512

      dbc8284bf7e0f0580027a9b35d9a1aec37c4b4a17f911735a83900e2d4eb72265fd26e0d075d47ab4a55463dc24eb62816e7b9a3310e0cedb0be71c66072923c

    • C:\Windows\System\TdaHuVg.exe

      Filesize

      5.9MB

      MD5

      815342602360f7be137516f639bf1f3b

      SHA1

      ebac87375fa02d97120b254a8f9791beb04c907e

      SHA256

      5d2c52b0cd751b1f2b35f80433d2c2a815841ad02d1583b50a77320c92540b25

      SHA512

      34321227082fce15068e48afc2cb2e856db24d97b32acadecbd3e75790a5b1e317160fa50b4d3feec72c24ab515e67a78b8bad39d999884b884279efb04118d6

    • C:\Windows\System\UfxlDhr.exe

      Filesize

      5.9MB

      MD5

      9ebf627471171082eee9f328a3d7b5ce

      SHA1

      2c79e67a3b4c54660912c92fa08709346f528e76

      SHA256

      af9fc0598a15328ae37c7c8271fdcf1a186c2aebef0303f464e8fcab1e00dbbf

      SHA512

      5a45591a845d8c131bf3b6efde88256360047dcd7be926fda34eb9610891b3c2c019e6783e49b17f9247622bb14a7e2ccdfb996b563980b42b6fd18d182dc8c1

    • C:\Windows\System\UrHVZhY.exe

      Filesize

      5.9MB

      MD5

      1f734523a55e3fe76eb512470d89f9d0

      SHA1

      b25d8be99b0c2037b6b6d09e493498a97ac60a88

      SHA256

      e03b05e83bd61025551580ced3a3210dc212e12888a7b91165a9f7ca7e24a7c1

      SHA512

      494a191d6ba8d9f53656ad47915eeb30d398523bc8ed36f117db4ffd0a94934a06542a7a30a5d30a406c27f27dc58401fc7cc6e1441ce056588fda03de79fa8a

    • C:\Windows\System\XhVDaPf.exe

      Filesize

      5.9MB

      MD5

      b43521159319c0148406028e2f7bea94

      SHA1

      f25a391551be10feb9c8d7241dce677baabd8d77

      SHA256

      b1bcb99072c891bcdff24aa6451279e9220b168ccda1e8b652e9435fcb76679f

      SHA512

      1d1ca3451c17a94c97a660cd2cb79e855611ab811c487b767b2f2981968d694978807e032ae2a63eddb193ebf72ce6215350a6119d8f158518dfc047d333c106

    • C:\Windows\System\YtJVRuE.exe

      Filesize

      5.9MB

      MD5

      5444dd0b9f211dfeda429b000b6eeb7f

      SHA1

      7d0f4094c17ecb7aec95df14ab974a5938b312f0

      SHA256

      34b9bcc62f30b0551c49c2c5582a9a14bf8f04fead4f12a58860bb82c206c9c2

      SHA512

      97f703abc2b51b48ab7a8b4608f833ed3139ee34607fcbccf26549dc2190e53ae916a2ad487a34218d008ad05be752045c9bd01e0e42b6878fe57c6e9169c92c

    • C:\Windows\System\fSuZkpq.exe

      Filesize

      5.9MB

      MD5

      04d007705c8d38c12cd2e4c6006a26f6

      SHA1

      1d063625d8847f6a5ca7e76ae59f3683c49e99ab

      SHA256

      4cda961d19cde8184808f822c762a1a6a4728967a1598d307c4893d6f83c6123

      SHA512

      41f0f14f77f4e81cd615988f24b1eea834078845e063ea046e68e0e54cafd247f9149b6a8ecc880635a0c0c234e90222dfe06107d29f4d9da1c137e083bce355

    • C:\Windows\System\kYbUEwZ.exe

      Filesize

      5.9MB

      MD5

      6686b15fdd22bbb34e1fa2315c272361

      SHA1

      365c20a19873b66784c4a2abe1041b3354d21086

      SHA256

      5bf78396ffae00ae28c36b4c8b6bd3a6b652a0f58009c8cb4b8c2313d41f1d54

      SHA512

      e9c2787d074380b7b63fe0d2b2f843bf13bfb559fe9bc5ad1bfc890129b850c296533f473a873d2004571933488fbe6e337ae4adad9c46212d72491aed937941

    • C:\Windows\System\nuDBTrg.exe

      Filesize

      5.9MB

      MD5

      3ef655a2fe8a9615724d445317376250

      SHA1

      b30ab733ad994f32584a1b8ce7a502c21723d4d4

      SHA256

      0190f291d43b049f274050fb67d1188febf5c5ea5c6849767a9ac4423c6d446e

      SHA512

      0f29d1c64d8dd617ed28621da03a6b39bca7aae43600495d940c51153a7f1440dfeec2b76e123e7fe15b1afb55425deff0f4472455dc5a34811a96fa9515c935

    • C:\Windows\System\rPUdZSz.exe

      Filesize

      5.9MB

      MD5

      5956718358a7db6fcfcfcbc5f70e4146

      SHA1

      c376dafa961a1727b6cb56115966b93cf28b304c

      SHA256

      7cf1dc537f90a850fdbb3ab65b8a9cb52289aaaab9f79347d8ca428da973036b

      SHA512

      2cd598470f116d66f5c6e61abd0ddc37ea7fd56c55e9df236561a86398dcac24d25103c5b87edf7a081167bc8ccd3fa4054395a7ff7ef5af08fcb85f82afdc37

    • C:\Windows\System\rZaCosZ.exe

      Filesize

      5.9MB

      MD5

      b16a3a27c549195bee899fbfd962c3b3

      SHA1

      092a4a7bdac9824ea3d7bc2fcd3238beb92d5c21

      SHA256

      2f7c4a0a3ece38cb360f81ce0fb39655e83fd7f91345dcfadfd68acf2b948dbc

      SHA512

      0762bf998163aa9c5c960947b29b68d469523dc44544b92f6fccc1b11b9c516b352a094516a8d56ba0634f1c4f9d48511774e696f2c43e517ca572f77be15c03

    • C:\Windows\System\suPwPEy.exe

      Filesize

      5.9MB

      MD5

      214f4a4ff9d66316ab2211b13ae6c25d

      SHA1

      a04a28b4044866231db72cfa9a9b421d0b8e3aa4

      SHA256

      c2d3acea6a79291ffdd86cf9f07dbb4b79e72262609d299ae4e08182dbf25dac

      SHA512

      16f8a33ea0d67e09e333c90f6a62d06ef6a3b88c425659cfbe50725b5722d16f559d0a8fb099798ae0b54ffeb8d6a05269fd0fc0c037cb87aebbfd81f6235b74

    • C:\Windows\System\xacYmWA.exe

      Filesize

      5.9MB

      MD5

      20daa7c7311992888d4e448923d6f528

      SHA1

      093a0f0f233449cd3a78922d7151020efe8c445b

      SHA256

      fa5b00ea09bd01301f88536f5547b17f0593870c0b0169b7b545372c84e09e01

      SHA512

      3ded8a35a8e4188af225a111474116af32a2330883b5c6a6fbbdd729bd79473ad8ea33f23c643dee084855a685c25aa6273d49b98078250dd6101f4b69b0cd03

    • C:\Windows\System\yOmMuDV.exe

      Filesize

      5.9MB

      MD5

      1cc8b3a430fda581b3eb1d04f9868439

      SHA1

      4dc59b5c1571a68bc8ce700ee1c7857ac74b10da

      SHA256

      b05d285dac9bbdf94ab960537447bb7f8e2caa6cec68fe60757f36744505eff0

      SHA512

      6882427cf107d898b927b30387563ebe6e86246a97017f83044585ec4872e229cfa817e6541b94c093a723c3da3f217b00d9a777b414992d37f6cdef9335e9c7

    • memory/116-139-0x00007FF6F4110000-0x00007FF6F4464000-memory.dmp

      Filesize

      3.3MB

    • memory/116-134-0x00007FF6F4110000-0x00007FF6F4464000-memory.dmp

      Filesize

      3.3MB

    • memory/116-112-0x00007FF6F4110000-0x00007FF6F4464000-memory.dmp

      Filesize

      3.3MB

    • memory/432-148-0x00007FF7E3390000-0x00007FF7E36E4000-memory.dmp

      Filesize

      3.3MB

    • memory/432-118-0x00007FF7E3390000-0x00007FF7E36E4000-memory.dmp

      Filesize

      3.3MB

    • memory/448-8-0x00007FF618730000-0x00007FF618A84000-memory.dmp

      Filesize

      3.3MB

    • memory/448-135-0x00007FF618730000-0x00007FF618A84000-memory.dmp

      Filesize

      3.3MB

    • memory/448-129-0x00007FF618730000-0x00007FF618A84000-memory.dmp

      Filesize

      3.3MB

    • memory/1048-152-0x00007FF760E60000-0x00007FF7611B4000-memory.dmp

      Filesize

      3.3MB

    • memory/1048-123-0x00007FF760E60000-0x00007FF7611B4000-memory.dmp

      Filesize

      3.3MB

    • memory/1128-154-0x00007FF736590000-0x00007FF7368E4000-memory.dmp

      Filesize

      3.3MB

    • memory/1128-125-0x00007FF736590000-0x00007FF7368E4000-memory.dmp

      Filesize

      3.3MB

    • memory/1520-141-0x00007FF7FD250000-0x00007FF7FD5A4000-memory.dmp

      Filesize

      3.3MB

    • memory/1520-127-0x00007FF7FD250000-0x00007FF7FD5A4000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-138-0x00007FF779FA0000-0x00007FF77A2F4000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-26-0x00007FF779FA0000-0x00007FF77A2F4000-memory.dmp

      Filesize

      3.3MB

    • memory/1620-132-0x00007FF779FA0000-0x00007FF77A2F4000-memory.dmp

      Filesize

      3.3MB

    • memory/1808-151-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1808-122-0x00007FF694D80000-0x00007FF6950D4000-memory.dmp

      Filesize

      3.3MB

    • memory/2000-114-0x00007FF785560000-0x00007FF7858B4000-memory.dmp

      Filesize

      3.3MB

    • memory/2000-143-0x00007FF785560000-0x00007FF7858B4000-memory.dmp

      Filesize

      3.3MB

    • memory/2176-124-0x00007FF65D9F0000-0x00007FF65DD44000-memory.dmp

      Filesize

      3.3MB

    • memory/2176-153-0x00007FF65D9F0000-0x00007FF65DD44000-memory.dmp

      Filesize

      3.3MB

    • memory/2216-150-0x00007FF605D30000-0x00007FF606084000-memory.dmp

      Filesize

      3.3MB

    • memory/2216-121-0x00007FF605D30000-0x00007FF606084000-memory.dmp

      Filesize

      3.3MB

    • memory/2492-117-0x00007FF707890000-0x00007FF707BE4000-memory.dmp

      Filesize

      3.3MB

    • memory/2492-146-0x00007FF707890000-0x00007FF707BE4000-memory.dmp

      Filesize

      3.3MB

    • memory/2608-116-0x00007FF74FA20000-0x00007FF74FD74000-memory.dmp

      Filesize

      3.3MB

    • memory/2608-145-0x00007FF74FA20000-0x00007FF74FD74000-memory.dmp

      Filesize

      3.3MB

    • memory/3052-133-0x00007FF6390F0000-0x00007FF639444000-memory.dmp

      Filesize

      3.3MB

    • memory/3052-30-0x00007FF6390F0000-0x00007FF639444000-memory.dmp

      Filesize

      3.3MB

    • memory/3052-140-0x00007FF6390F0000-0x00007FF639444000-memory.dmp

      Filesize

      3.3MB

    • memory/3204-120-0x00007FF70D610000-0x00007FF70D964000-memory.dmp

      Filesize

      3.3MB

    • memory/3204-147-0x00007FF70D610000-0x00007FF70D964000-memory.dmp

      Filesize

      3.3MB

    • memory/3836-113-0x00007FF638C40000-0x00007FF638F94000-memory.dmp

      Filesize

      3.3MB

    • memory/3836-142-0x00007FF638C40000-0x00007FF638F94000-memory.dmp

      Filesize

      3.3MB

    • memory/3860-149-0x00007FF7F22B0000-0x00007FF7F2604000-memory.dmp

      Filesize

      3.3MB

    • memory/3860-119-0x00007FF7F22B0000-0x00007FF7F2604000-memory.dmp

      Filesize

      3.3MB

    • memory/4492-115-0x00007FF6FCFF0000-0x00007FF6FD344000-memory.dmp

      Filesize

      3.3MB

    • memory/4492-144-0x00007FF6FCFF0000-0x00007FF6FD344000-memory.dmp

      Filesize

      3.3MB

    • memory/4664-126-0x00007FF7BAAF0000-0x00007FF7BAE44000-memory.dmp

      Filesize

      3.3MB

    • memory/4664-155-0x00007FF7BAAF0000-0x00007FF7BAE44000-memory.dmp

      Filesize

      3.3MB

    • memory/5020-0-0x00007FF641780000-0x00007FF641AD4000-memory.dmp

      Filesize

      3.3MB

    • memory/5020-128-0x00007FF641780000-0x00007FF641AD4000-memory.dmp

      Filesize

      3.3MB

    • memory/5020-1-0x00000222C6E20000-0x00000222C6E30000-memory.dmp

      Filesize

      64KB

    • memory/5036-136-0x00007FF790E40000-0x00007FF791194000-memory.dmp

      Filesize

      3.3MB

    • memory/5036-130-0x00007FF790E40000-0x00007FF791194000-memory.dmp

      Filesize

      3.3MB

    • memory/5036-13-0x00007FF790E40000-0x00007FF791194000-memory.dmp

      Filesize

      3.3MB

    • memory/5068-137-0x00007FF6D1A50000-0x00007FF6D1DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/5068-20-0x00007FF6D1A50000-0x00007FF6D1DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/5068-131-0x00007FF6D1A50000-0x00007FF6D1DA4000-memory.dmp

      Filesize

      3.3MB