Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 09:04

General

  • Target

    2024-06-08_22cfecb668528e4063d5457313c71c6c_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    22cfecb668528e4063d5457313c71c6c

  • SHA1

    31a81b5a3590d2af376751cf16ca5f392e0c6b38

  • SHA256

    6ea274aa925818a86a00bd0e3f34b677ae5aac9db0e232694e6238f99b6ec894

  • SHA512

    4885e14672af58593ecff1e6845823c9c3695a83ddeb81faf5402e078cb772fa125f6e5993cd3afd1bff1b3c23c940a8d7ecdc0b013ba5d12c2bec2de38dd45e

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lU7:Q+856utgpPF8u/77

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_22cfecb668528e4063d5457313c71c6c_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_22cfecb668528e4063d5457313c71c6c_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Windows\System\TUVOMTf.exe
      C:\Windows\System\TUVOMTf.exe
      2⤵
      • Executes dropped EXE
      PID:3612
    • C:\Windows\System\WHaBAXc.exe
      C:\Windows\System\WHaBAXc.exe
      2⤵
      • Executes dropped EXE
      PID:1556
    • C:\Windows\System\PhhfwHr.exe
      C:\Windows\System\PhhfwHr.exe
      2⤵
      • Executes dropped EXE
      PID:3124
    • C:\Windows\System\KnwEZor.exe
      C:\Windows\System\KnwEZor.exe
      2⤵
      • Executes dropped EXE
      PID:4504
    • C:\Windows\System\bTIWWIM.exe
      C:\Windows\System\bTIWWIM.exe
      2⤵
      • Executes dropped EXE
      PID:3528
    • C:\Windows\System\RUeQpcj.exe
      C:\Windows\System\RUeQpcj.exe
      2⤵
      • Executes dropped EXE
      PID:1232
    • C:\Windows\System\uGIVGVI.exe
      C:\Windows\System\uGIVGVI.exe
      2⤵
      • Executes dropped EXE
      PID:3564
    • C:\Windows\System\tgCXGRN.exe
      C:\Windows\System\tgCXGRN.exe
      2⤵
      • Executes dropped EXE
      PID:1832
    • C:\Windows\System\Vjpfpaf.exe
      C:\Windows\System\Vjpfpaf.exe
      2⤵
      • Executes dropped EXE
      PID:3996
    • C:\Windows\System\woqEzcE.exe
      C:\Windows\System\woqEzcE.exe
      2⤵
      • Executes dropped EXE
      PID:2364
    • C:\Windows\System\BbVkmLf.exe
      C:\Windows\System\BbVkmLf.exe
      2⤵
      • Executes dropped EXE
      PID:4780
    • C:\Windows\System\obUFaEJ.exe
      C:\Windows\System\obUFaEJ.exe
      2⤵
      • Executes dropped EXE
      PID:2760
    • C:\Windows\System\dBsVzWk.exe
      C:\Windows\System\dBsVzWk.exe
      2⤵
      • Executes dropped EXE
      PID:4584
    • C:\Windows\System\CZgaMfJ.exe
      C:\Windows\System\CZgaMfJ.exe
      2⤵
      • Executes dropped EXE
      PID:3384
    • C:\Windows\System\iQdFyVA.exe
      C:\Windows\System\iQdFyVA.exe
      2⤵
      • Executes dropped EXE
      PID:628
    • C:\Windows\System\WNORmkU.exe
      C:\Windows\System\WNORmkU.exe
      2⤵
      • Executes dropped EXE
      PID:4676
    • C:\Windows\System\SlnGsVg.exe
      C:\Windows\System\SlnGsVg.exe
      2⤵
      • Executes dropped EXE
      PID:2904
    • C:\Windows\System\TBhMmKk.exe
      C:\Windows\System\TBhMmKk.exe
      2⤵
      • Executes dropped EXE
      PID:2684
    • C:\Windows\System\SLebjxk.exe
      C:\Windows\System\SLebjxk.exe
      2⤵
      • Executes dropped EXE
      PID:4592
    • C:\Windows\System\rQGbmFu.exe
      C:\Windows\System\rQGbmFu.exe
      2⤵
      • Executes dropped EXE
      PID:4192
    • C:\Windows\System\lcWZwPS.exe
      C:\Windows\System\lcWZwPS.exe
      2⤵
      • Executes dropped EXE
      PID:1244
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3124,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:8
    1⤵
      PID:4924

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\BbVkmLf.exe

      Filesize

      5.9MB

      MD5

      66fb32c59a6dfabe7080dcf9ed9773dc

      SHA1

      76e5139cefa75c544a10a192c7fe162bb42ffbcc

      SHA256

      0455d973d087e3da827702e0c901bae85065ddb0562aea2bc6160594d2cb9b0c

      SHA512

      0e318ab66796eaa43776950f9fe3285d8b85617e081e59c4e4dd86c5c2be93b9a37afd7da43f501d9dfe30febd65e26418c0b40a9a3a2e420460d61f96b95b86

    • C:\Windows\System\CZgaMfJ.exe

      Filesize

      5.9MB

      MD5

      670f46d4287d813f57bdba762ed824f9

      SHA1

      46ec1b07a241d7822a0844c15f3106b09288f52f

      SHA256

      6ccbd18ce33c460715ff524f8326c479015ddee700640abdfaffa1da14446c80

      SHA512

      373f332a6607cb9f98fd66d059ba9d95328ebaff3aee0ebc78ec873095a218a3560984d2b92c79a0aad30559d8b5ea9f245c8a32959b9c9a4e65ab59a4b8667f

    • C:\Windows\System\KnwEZor.exe

      Filesize

      5.9MB

      MD5

      4020239607cc08b80016026a95ec10cb

      SHA1

      951c2b2faf6c6ea3e337ae26b2d94c6b7721d680

      SHA256

      49c64985d73baee13f66119725e9670cda64ab90ff20fc17fc26b105dad11950

      SHA512

      0c602362562d081c7c4d659f93004d892e0f3f4c2757f277c4fb74bb1e0a1fdd21ed1269f8e6d5b7db6342922d492ece542c70674b0b5c22f74333019c18ceb4

    • C:\Windows\System\PhhfwHr.exe

      Filesize

      5.9MB

      MD5

      dd69d2c7870b390a01068ee49100487a

      SHA1

      6d0972150b5c5e73cada6db944dda2b9f3503c89

      SHA256

      a21f9eb4f5bee9e6034f9fe293ff5d0ef51560380b9b477ccfe095e7a88b55ac

      SHA512

      0658fe21ea52852e90748ff598a36df6cf887efb6c3b5c05f44886942b5f0a65ff5c40de890a6ce786c10e652b4e28b67ed503b1e5710c9bb1a9918ce59ef5c6

    • C:\Windows\System\RUeQpcj.exe

      Filesize

      5.9MB

      MD5

      3e380138fae5a4e3654574eed80814c7

      SHA1

      1f76bbdb56bd5106971070021ba156197a6e722e

      SHA256

      d0647a206c7ba5f0051bd0fdf4541b77332d305e7de50d54515a14762a2b382b

      SHA512

      0d8507aeec7009d30c34bfe20345cf2575d64edbac699df42ca04e7da14157d6c32e451edc217ae345b253d13b3277c5717108da70efd4540bc3fc95c2578cdf

    • C:\Windows\System\SLebjxk.exe

      Filesize

      5.9MB

      MD5

      a7a0691f83f3901d3c94524f1218ce7e

      SHA1

      e9e615f5afc6e241950f61bbc391fb43e5046b1f

      SHA256

      1b91324f6c2f6d5dff6d12b6aeadb3a8080372a54cc129bf5e5fb88c25c3dfa4

      SHA512

      bf439343201bb270565b3e4b5c7d6ebcab142886f7be9877f56d5cc174dd9023dab4e2ed335afa98a10f6006974480fd6504f69792d937d65e83fa600663a47f

    • C:\Windows\System\SlnGsVg.exe

      Filesize

      5.9MB

      MD5

      1e3d9950f0ef208f876dcbaebb61bfcf

      SHA1

      f7db24b834d0a2176ef518676bd3b35d41d09418

      SHA256

      c50aec4018ac7eb65f6921a3ed5e89c5c421e74ba1af16a025ee226027a32076

      SHA512

      429097d5b771e96ec8c9da602a2c729dc5aa8c56ee265bbb6fa0bfd89854909eb6f7acb33bce6c761b69999ddd88cf065c582236f471c0aa52d459d3ed8b3405

    • C:\Windows\System\TBhMmKk.exe

      Filesize

      5.9MB

      MD5

      ce27105b4bd16bea0482d052065281f4

      SHA1

      9238b96d7fc2b1df0f64c02dab699d768be753cc

      SHA256

      de695b222be23a3c48ba8a424ceb693c4d20b3a3a83aa1a337ef41c908e95230

      SHA512

      44f13320674abc60e98c28e4d9df8c9209ed93c34a9f32b9e041f10120129142359f35b0c00f2b34985457430354bbb0940c662c87bdb8cb85790f2703e70810

    • C:\Windows\System\TUVOMTf.exe

      Filesize

      5.9MB

      MD5

      919ba07af50e10f0ef22abec1bb151bd

      SHA1

      8dd462dec3fd50711c41be0f9b6e10e642b88558

      SHA256

      8c842b53946eea50200ae5ba5ba5da6b695096a6acccb08095b6b7e129149e98

      SHA512

      3a56d33123ebe2efa1a78524a111b8f296562c079180bc6985b3c9cac83a70a591bc673f183994a1a60a836672cda5c1b0257fd13a28a1e5affebe9243451226

    • C:\Windows\System\Vjpfpaf.exe

      Filesize

      5.9MB

      MD5

      38bb1cc5ce9c50c59fc7e6625fc1051b

      SHA1

      90fbfb44af7ef264fbe3e41987bb5e5c2a911b0c

      SHA256

      fc1e69b28f3a589ccbd1dd8d6268904c00a9dc9712aaa6f80e32a2ec68a3ce82

      SHA512

      30f27fd342115f1bdfe1663f6724f42696870c125f8268eca58d533641c89e40ed465f3e6c874dd4bbb26a8d31cc7966cfc7e09925b50bc6ed6dfe37f1769e65

    • C:\Windows\System\WHaBAXc.exe

      Filesize

      5.9MB

      MD5

      2a0ee99c29716ef0795f2fa85088c321

      SHA1

      87b76e7e0f55c7a6e909f62aa0d30be9a09491e2

      SHA256

      abb0b9d35c368a31b599492317cb73b548e7835a802157303b1b8e452bee2235

      SHA512

      d7cee8aa4574a9650b9259520dc1121a5747d001c2ac9d58dbd4d130d9dfb61ad49edbf3cd82be0709549b21ff4bccc60475295353a8de69a8ac56c53edea18f

    • C:\Windows\System\WNORmkU.exe

      Filesize

      5.9MB

      MD5

      a7e44af4ac5fe58c4dec42d63b358a2d

      SHA1

      e3d2e18f59d989d26c50e1e1cbcbe85610f8832e

      SHA256

      ea97a78f3edbb390dad6bff0241dd03cb1884a09bbf144413428b5d18afb7d9d

      SHA512

      c4dac3bea8b9f001b5f724f21246507df775ff7d614aa6b4bcefbe7f68afeb39f4879cccbc6c604243b3ee5793c2cb295a262b6b72f04c1f6805dd9fd71c51e2

    • C:\Windows\System\bTIWWIM.exe

      Filesize

      5.9MB

      MD5

      b4d6a702de531acc326d6ca2f01f9911

      SHA1

      9af352c25147595db57367a94082fcb8e1b82e4a

      SHA256

      e067f7a5720864080e04dbe19e37db2e2451ed8886e911047bfeb210cf228f3a

      SHA512

      112f5b098e1615b6886273b23b995f472d6a490f0ad7380af3f8dba004b3248a9862d811d4437916376f95ee643b8db937b471537cc68753d3736b5138fc3c4f

    • C:\Windows\System\dBsVzWk.exe

      Filesize

      5.9MB

      MD5

      26b3bdffac4221d92d08b4ed8b37d683

      SHA1

      53071baea2f74a14357562c6fe413ed077c00755

      SHA256

      6d6cfe285bf81c625dabc9f6b13438abd4cc83a9701cbe707f2d554290e1cb46

      SHA512

      7ff0a31446022e2af2f64e78a27eec248b9f008e0a4e04d1289633d3aaf91fa9a1a7022d2de3e256d708b3af289d0b8bdceb7ff8e487103ddbfbc2e306b0fa39

    • C:\Windows\System\iQdFyVA.exe

      Filesize

      5.9MB

      MD5

      2e0cf3e559228f769f5c8981851509a3

      SHA1

      1bc2fdb90d7c21591ed3747098a0e89f39936180

      SHA256

      109954158e5a81b2f951c20a28b771d5ce4f509258bbc70f9e323adb2643445d

      SHA512

      2b1e8129931a74420250d902929026afe7adc44cd5c61321714a7240b7d052bac4e4e7555b1fb9a9506667f3ee83e1b52960c3851aeea61d498b3f94bd733b8d

    • C:\Windows\System\lcWZwPS.exe

      Filesize

      5.9MB

      MD5

      050a2b01047d1ad6cb8ce07c86e42433

      SHA1

      22af2e3a4fa130087f02941bc8900846c1c41ee2

      SHA256

      70defd32b17c8b0255052f3f7bfc27b60146ed93b28c993705ff03d049f2cd1a

      SHA512

      8745b774a4eae34eb2a4a790be259de8123dc1bf6b8935b3939a44c6dab23568058cf2d8446af549f3bb58be21787f7d5eb70941943ee65a5ef06138063a0a8a

    • C:\Windows\System\obUFaEJ.exe

      Filesize

      5.9MB

      MD5

      ccf05b8efc767b25ae20a6954262e776

      SHA1

      cdbfdea60af30146b111ded01bd754915503df53

      SHA256

      48c9d4ee8e75c8719c5463daba5ad51fe680bd9724f8a4690fdf70e4aed56151

      SHA512

      a8e49b07361a4a58133097c566fc24336bed26e24e72a36b9d6c30f3859ed82d7ce19482d49b43b36220026cd2c2e378e5f096cbe999baa2c5be85e40b3edf88

    • C:\Windows\System\rQGbmFu.exe

      Filesize

      5.9MB

      MD5

      0dcc90008ea269d55274d3cd8ad2cc76

      SHA1

      62e6a5b580b3d08b65c5037c6ba78b007e46a8f0

      SHA256

      908bed583ad69012f77cca8b120bc902e62dfb7f4d3cbae2d875246853229536

      SHA512

      2a271efe7202c8fe56b53cfb54208d06add62a49689639257761276011c20549fdd12dda90927867e36d991a0d257a978ccbe3939cffb83e5d782b0313bc754e

    • C:\Windows\System\tgCXGRN.exe

      Filesize

      5.9MB

      MD5

      8c548bf9b36aec9bcc02a04795549411

      SHA1

      ec63a9233ccdfa74b5a5bbea9fcd413d3508a005

      SHA256

      58ced8dd4c3b0c65ba9b2b31bdf38bf828482e7cdb29bf10466e1ea587e50c72

      SHA512

      f1687efc1aa085640036f58f8c521dc58caae46899b726dcd9d5d5b6284b71ffeb63927bfa37ec52d2976b486204bf213ff72ec592150fb9b999da3a1f4af52f

    • C:\Windows\System\uGIVGVI.exe

      Filesize

      5.9MB

      MD5

      661f2549669cf10b2a08bc1ad8f9d5af

      SHA1

      73a4ebf657f5a83c961418162f517e8d4ba1a8ce

      SHA256

      3859a375f8d92a56e65e218909874dd084454eec61aa827ca28de5b2880b5193

      SHA512

      6ba00e9553a200104ea2488e39ffcf06f060544bbcbd8fc328f6f26473823b510fd24dc7ae0965f223f450e4be846796bb5b914fe2a24e86d7b437834beeb768

    • C:\Windows\System\woqEzcE.exe

      Filesize

      5.9MB

      MD5

      0310000481264d4644f1b7b483298a8e

      SHA1

      6e1ab3708276c0b32d9324ea8a5fab4851a64f8e

      SHA256

      18912905b1e2f6265371c67f72371e86b54f63279719da9c35a70fc64d1cae55

      SHA512

      6db30427dce98e04281a2ea247ec693fec7218c406b8aefeb3f55ce974e81c105e3b9515a1fd69ca3dac37ce1dd90c3c7f2b5267297366373bf6e44093308bb8

    • memory/628-90-0x00007FF71D570000-0x00007FF71D8C4000-memory.dmp

      Filesize

      3.3MB

    • memory/628-156-0x00007FF71D570000-0x00007FF71D8C4000-memory.dmp

      Filesize

      3.3MB

    • memory/628-138-0x00007FF71D570000-0x00007FF71D8C4000-memory.dmp

      Filesize

      3.3MB

    • memory/1232-148-0x00007FF6CF380000-0x00007FF6CF6D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1232-92-0x00007FF6CF380000-0x00007FF6CF6D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1232-40-0x00007FF6CF380000-0x00007FF6CF6D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1244-162-0x00007FF662E70000-0x00007FF6631C4000-memory.dmp

      Filesize

      3.3MB

    • memory/1244-132-0x00007FF662E70000-0x00007FF6631C4000-memory.dmp

      Filesize

      3.3MB

    • memory/1556-144-0x00007FF78D340000-0x00007FF78D694000-memory.dmp

      Filesize

      3.3MB

    • memory/1556-16-0x00007FF78D340000-0x00007FF78D694000-memory.dmp

      Filesize

      3.3MB

    • memory/1832-150-0x00007FF7B28F0000-0x00007FF7B2C44000-memory.dmp

      Filesize

      3.3MB

    • memory/1832-50-0x00007FF7B28F0000-0x00007FF7B2C44000-memory.dmp

      Filesize

      3.3MB

    • memory/2364-68-0x00007FF742DF0000-0x00007FF743144000-memory.dmp

      Filesize

      3.3MB

    • memory/2364-152-0x00007FF742DF0000-0x00007FF743144000-memory.dmp

      Filesize

      3.3MB

    • memory/2684-140-0x00007FF658A50000-0x00007FF658DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/2684-112-0x00007FF658A50000-0x00007FF658DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/2684-159-0x00007FF658A50000-0x00007FF658DA4000-memory.dmp

      Filesize

      3.3MB

    • memory/2760-135-0x00007FF759740000-0x00007FF759A94000-memory.dmp

      Filesize

      3.3MB

    • memory/2760-153-0x00007FF759740000-0x00007FF759A94000-memory.dmp

      Filesize

      3.3MB

    • memory/2760-78-0x00007FF759740000-0x00007FF759A94000-memory.dmp

      Filesize

      3.3MB

    • memory/2904-160-0x00007FF6021F0000-0x00007FF602544000-memory.dmp

      Filesize

      3.3MB

    • memory/2904-139-0x00007FF6021F0000-0x00007FF602544000-memory.dmp

      Filesize

      3.3MB

    • memory/2904-111-0x00007FF6021F0000-0x00007FF602544000-memory.dmp

      Filesize

      3.3MB

    • memory/3124-145-0x00007FF626040000-0x00007FF626394000-memory.dmp

      Filesize

      3.3MB

    • memory/3124-20-0x00007FF626040000-0x00007FF626394000-memory.dmp

      Filesize

      3.3MB

    • memory/3384-88-0x00007FF736C50000-0x00007FF736FA4000-memory.dmp

      Filesize

      3.3MB

    • memory/3384-137-0x00007FF736C50000-0x00007FF736FA4000-memory.dmp

      Filesize

      3.3MB

    • memory/3384-157-0x00007FF736C50000-0x00007FF736FA4000-memory.dmp

      Filesize

      3.3MB

    • memory/3528-147-0x00007FF6FA390000-0x00007FF6FA6E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3528-33-0x00007FF6FA390000-0x00007FF6FA6E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3528-91-0x00007FF6FA390000-0x00007FF6FA6E4000-memory.dmp

      Filesize

      3.3MB

    • memory/3564-104-0x00007FF798100000-0x00007FF798454000-memory.dmp

      Filesize

      3.3MB

    • memory/3564-149-0x00007FF798100000-0x00007FF798454000-memory.dmp

      Filesize

      3.3MB

    • memory/3564-42-0x00007FF798100000-0x00007FF798454000-memory.dmp

      Filesize

      3.3MB

    • memory/3612-9-0x00007FF6BD350000-0x00007FF6BD6A4000-memory.dmp

      Filesize

      3.3MB

    • memory/3612-143-0x00007FF6BD350000-0x00007FF6BD6A4000-memory.dmp

      Filesize

      3.3MB

    • memory/3996-126-0x00007FF64A930000-0x00007FF64AC84000-memory.dmp

      Filesize

      3.3MB

    • memory/3996-151-0x00007FF64A930000-0x00007FF64AC84000-memory.dmp

      Filesize

      3.3MB

    • memory/3996-56-0x00007FF64A930000-0x00007FF64AC84000-memory.dmp

      Filesize

      3.3MB

    • memory/4192-142-0x00007FF605F10000-0x00007FF606264000-memory.dmp

      Filesize

      3.3MB

    • memory/4192-163-0x00007FF605F10000-0x00007FF606264000-memory.dmp

      Filesize

      3.3MB

    • memory/4192-127-0x00007FF605F10000-0x00007FF606264000-memory.dmp

      Filesize

      3.3MB

    • memory/4504-146-0x00007FF66B010000-0x00007FF66B364000-memory.dmp

      Filesize

      3.3MB

    • memory/4504-24-0x00007FF66B010000-0x00007FF66B364000-memory.dmp

      Filesize

      3.3MB

    • memory/4504-89-0x00007FF66B010000-0x00007FF66B364000-memory.dmp

      Filesize

      3.3MB

    • memory/4584-83-0x00007FF606E40000-0x00007FF607194000-memory.dmp

      Filesize

      3.3MB

    • memory/4584-136-0x00007FF606E40000-0x00007FF607194000-memory.dmp

      Filesize

      3.3MB

    • memory/4584-154-0x00007FF606E40000-0x00007FF607194000-memory.dmp

      Filesize

      3.3MB

    • memory/4592-141-0x00007FF64ECC0000-0x00007FF64F014000-memory.dmp

      Filesize

      3.3MB

    • memory/4592-161-0x00007FF64ECC0000-0x00007FF64F014000-memory.dmp

      Filesize

      3.3MB

    • memory/4592-119-0x00007FF64ECC0000-0x00007FF64F014000-memory.dmp

      Filesize

      3.3MB

    • memory/4676-105-0x00007FF6C5A00000-0x00007FF6C5D54000-memory.dmp

      Filesize

      3.3MB

    • memory/4676-158-0x00007FF6C5A00000-0x00007FF6C5D54000-memory.dmp

      Filesize

      3.3MB

    • memory/4780-70-0x00007FF7334A0000-0x00007FF7337F4000-memory.dmp

      Filesize

      3.3MB

    • memory/4780-155-0x00007FF7334A0000-0x00007FF7337F4000-memory.dmp

      Filesize

      3.3MB

    • memory/4780-134-0x00007FF7334A0000-0x00007FF7337F4000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-64-0x00007FF7143F0000-0x00007FF714744000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-0-0x00007FF7143F0000-0x00007FF714744000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-1-0x00000285D4C10000-0x00000285D4C20000-memory.dmp

      Filesize

      64KB