Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-06-2024 09:23

General

  • Target

    2024-06-08_44232025fe1cf7b1133884013145f509_cobalt-strike_cobaltstrike.exe

  • Size

    5.9MB

  • MD5

    44232025fe1cf7b1133884013145f509

  • SHA1

    0738ca723031ceadf12c033df728074b85015cd1

  • SHA256

    f30a992b2dfd53e2b8283141dd6948853bace5acaa6fad73a563aed6c4f88fd4

  • SHA512

    dad9b4909777807fddd7d20cb8b6af5841689c78e7fcf9bd0316e459dfb49323c02afbe5a1f0fe2dfbb17c6146900779d2503d99c7f2c76685b7209d671e62e1

  • SSDEEP

    98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lUt:Q+856utgpPF8u/7t

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • Detects Reflective DLL injection artifacts 21 IoCs
  • UPX dump on OEP (original entry point) 64 IoCs
  • XMRig Miner payload 64 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-08_44232025fe1cf7b1133884013145f509_cobalt-strike_cobaltstrike.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-08_44232025fe1cf7b1133884013145f509_cobalt-strike_cobaltstrike.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Windows\System\bcIoBfw.exe
      C:\Windows\System\bcIoBfw.exe
      2⤵
      • Executes dropped EXE
      PID:4980
    • C:\Windows\System\JtqREbF.exe
      C:\Windows\System\JtqREbF.exe
      2⤵
      • Executes dropped EXE
      PID:4188
    • C:\Windows\System\PRlcgCr.exe
      C:\Windows\System\PRlcgCr.exe
      2⤵
      • Executes dropped EXE
      PID:2996
    • C:\Windows\System\dYdrawY.exe
      C:\Windows\System\dYdrawY.exe
      2⤵
      • Executes dropped EXE
      PID:2576
    • C:\Windows\System\XKiDroH.exe
      C:\Windows\System\XKiDroH.exe
      2⤵
      • Executes dropped EXE
      PID:3004
    • C:\Windows\System\JShmXEi.exe
      C:\Windows\System\JShmXEi.exe
      2⤵
      • Executes dropped EXE
      PID:1412
    • C:\Windows\System\JlWVhuS.exe
      C:\Windows\System\JlWVhuS.exe
      2⤵
      • Executes dropped EXE
      PID:2872
    • C:\Windows\System\NavLHGS.exe
      C:\Windows\System\NavLHGS.exe
      2⤵
      • Executes dropped EXE
      PID:2948
    • C:\Windows\System\aDFwzHz.exe
      C:\Windows\System\aDFwzHz.exe
      2⤵
      • Executes dropped EXE
      PID:5112
    • C:\Windows\System\YqNEtwu.exe
      C:\Windows\System\YqNEtwu.exe
      2⤵
      • Executes dropped EXE
      PID:4808
    • C:\Windows\System\kbHPPwt.exe
      C:\Windows\System\kbHPPwt.exe
      2⤵
      • Executes dropped EXE
      PID:952
    • C:\Windows\System\ykpjTtU.exe
      C:\Windows\System\ykpjTtU.exe
      2⤵
      • Executes dropped EXE
      PID:5068
    • C:\Windows\System\tltOkuM.exe
      C:\Windows\System\tltOkuM.exe
      2⤵
      • Executes dropped EXE
      PID:2896
    • C:\Windows\System\QnWnfYL.exe
      C:\Windows\System\QnWnfYL.exe
      2⤵
      • Executes dropped EXE
      PID:1580
    • C:\Windows\System\NMxYyYV.exe
      C:\Windows\System\NMxYyYV.exe
      2⤵
      • Executes dropped EXE
      PID:860
    • C:\Windows\System\dRnEByc.exe
      C:\Windows\System\dRnEByc.exe
      2⤵
      • Executes dropped EXE
      PID:2660
    • C:\Windows\System\nTfUBaz.exe
      C:\Windows\System\nTfUBaz.exe
      2⤵
      • Executes dropped EXE
      PID:2024
    • C:\Windows\System\FgMFCUj.exe
      C:\Windows\System\FgMFCUj.exe
      2⤵
      • Executes dropped EXE
      PID:224
    • C:\Windows\System\PBGmWxv.exe
      C:\Windows\System\PBGmWxv.exe
      2⤵
      • Executes dropped EXE
      PID:4660
    • C:\Windows\System\oJxGGgu.exe
      C:\Windows\System\oJxGGgu.exe
      2⤵
      • Executes dropped EXE
      PID:4380
    • C:\Windows\System\hfDQSIy.exe
      C:\Windows\System\hfDQSIy.exe
      2⤵
      • Executes dropped EXE
      PID:4708
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3840 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System\FgMFCUj.exe

      Filesize

      5.9MB

      MD5

      ad6e52eaad271b58317deb6f1228eedf

      SHA1

      2632fedd69c70ef26afb517c42dfa1c7085a895d

      SHA256

      a9d085805179b71f4f3fa346c102ad1052e217112a479cc95b31ae3ec4304932

      SHA512

      86ae01fe7b80de057e1dec8a6c2295e31600e79e4ac66cbbf0ffb70ecb2f0dbff916e3177011e90b8b72ff3c693d519453a44a5cdbf00532d0af8436fd3c3a31

    • C:\Windows\System\JShmXEi.exe

      Filesize

      5.9MB

      MD5

      0e71746aa2d3cc36adb6a66cc8f181aa

      SHA1

      dd4bead81b87103db255b1f46f7e79288b41490b

      SHA256

      2aa94cc5353ec0679df56a6a01733605fe7356b7dff66f75eacbee4cb4f729ad

      SHA512

      5dcda1e40fa6c85ec4c550ddf0e628f8b6908f3cebd4500416cd99b34fe0fd82ce80f4b4761ed8bc1b7655c3db188fc33fd5257d5538ef4aef1024f6411ab86d

    • C:\Windows\System\JlWVhuS.exe

      Filesize

      5.9MB

      MD5

      50d0dc79fe86a84feb7d7b600bba5064

      SHA1

      5eeeb85b1df359d3f0d77b9188d1f1e0154431e7

      SHA256

      c141b5ae613dc38d647133605475345ebb6ec74baceae94bec25bc05c4972793

      SHA512

      722afdac8ee0b30c6ddcd6a8f7ef4c686b6bacb723ace0a9e881d24c8451fdd0226558e7347e72e2b44dbb64bf33e118ef28950983d63fff1e6e335eea297d84

    • C:\Windows\System\JtqREbF.exe

      Filesize

      5.9MB

      MD5

      3e2f9ad6487f3683ecb116188980c80c

      SHA1

      14dcf0e1932ef45301f15ab5487503b5bdd6852f

      SHA256

      0f5b2f4f62c1022ec9716a05337b6c5842665d20ca2db4b0c4c231a987919d2a

      SHA512

      e109043c1b41f13d60abfe9c5dcfde8f7631187b6aa23af8e9fb5d954a9d506c2c99ae36ba32fa397f32c283d69d1f85b8865513056ec35f8aad88e41e6c0195

    • C:\Windows\System\NMxYyYV.exe

      Filesize

      5.9MB

      MD5

      083dd11909a769285b223e1e0c92378f

      SHA1

      619a404a97a62fa1fde6755b84157400876f80f0

      SHA256

      564f852ba0c81b7948345a5c2066d85d80f07ab110ac97eef1c4c09e50bb99a2

      SHA512

      f3c3853fe64ee414b860ece1e77450b943f0b655858f238f70559569d15c7a64d47926c77146bb05243d8bd52c93d814ffda484aebf9cad93234d1c8e217ea03

    • C:\Windows\System\NavLHGS.exe

      Filesize

      5.9MB

      MD5

      973b774de24d0805dd8b657e64f1119a

      SHA1

      fb1d66b6f121a753c70f3d91587ae332bf5b69b3

      SHA256

      84f1fe938e9662d6591a68dc23eac07db14271dc5c2dc5c60c6299c1ee7271e9

      SHA512

      fb3f4330dbc3e1fc3d5ac6a138a769c6511212d7d3c1f5d7092cefa401680f187c98b0d856bfbdc4090b39c82eacfc20420937297c321919e992d8b2c94a187e

    • C:\Windows\System\PBGmWxv.exe

      Filesize

      5.9MB

      MD5

      d4a60d9c4ab3c4d6c8d4517fb55d5187

      SHA1

      c2f047e700b2a8236f18ad8aa377e54d1e24b9b9

      SHA256

      9802d32a7ce95ac614b1ecd1a07d4bd0ab67d6f512e36ed347063f0901dc5ba3

      SHA512

      5cfee2b25d31c624afce33f67011b5fe787e74ac2a52e973ec553b1c5e950ad7e4635428913547bb74702847f096cd797fe78d75fed82fdb245395d47538cc8d

    • C:\Windows\System\PRlcgCr.exe

      Filesize

      5.9MB

      MD5

      d076d48ffff2bdda59725b628e3fa7c4

      SHA1

      58532032a054f28c68f50cd7bd4632ea098a45a8

      SHA256

      bd3084fd6dd17da33f7f6829a42d629364da7b228e868137dd9e8972849fea68

      SHA512

      ddf70871cbc7de8d097011c50d35790cffc923c8a05d61732aad3f1df8e5116057022f4148fef5111e5ca6660945e2eddadb6246a703d6775dd2265b081a63c2

    • C:\Windows\System\QnWnfYL.exe

      Filesize

      5.9MB

      MD5

      ae152fccf51b711cea4a9334934b9b88

      SHA1

      38b3c2306d0d80c27543a10934dad9bebb29b7d6

      SHA256

      fa5b956bbc2a5ec14e1448b74cc8bcc26787bd70b286f37b7b165e2591cdd4f5

      SHA512

      bfae8b7fc0ee6c6e8f29dfea58da7acd0d9162289852f205adf965423cb94243b40a2eead16c18350c561523d272e713f4c50c159c66103dcb5878238020f711

    • C:\Windows\System\XKiDroH.exe

      Filesize

      5.9MB

      MD5

      a62572f117a58c5c985eb4e6aa51f353

      SHA1

      ca0587dfb604faa37f27e76f100685c7308659cb

      SHA256

      be66662aaaa4aac240dee235190fef5fc73401615edad15ba63980116e893a3f

      SHA512

      c57f3a60cb0cab2caae2766751c3e89e6e6b343c969561904082884c60d43a07c826290feeb028fd38a2fe37c87c8b411bd8e7cad95c8dc6e913dfce6165b643

    • C:\Windows\System\YqNEtwu.exe

      Filesize

      5.9MB

      MD5

      30399492166c3a762399d7c097a6b519

      SHA1

      1f4fb48717ff7c708b9b7cb440ebe371264fd696

      SHA256

      e901289a69da6480d405bdaa7ad06decc5c8eb3ec687a1b2baca26461a92ca3a

      SHA512

      6d02fef56bb1fa9d7ad3341f8e43a9a0543ebe25ebba4fb934bea240e538ade5ed5ad3df92c035a18f58fd955eb4b3ef45e027343658ac214f0084eeb63c33bc

    • C:\Windows\System\aDFwzHz.exe

      Filesize

      5.9MB

      MD5

      9f1152c923b412604214df01d30290ea

      SHA1

      62f4e6df7f3d9e97911cbdfaa2b7445564074e3a

      SHA256

      d8cae2a3eb5bd4063aaaf2cef21546604cc039db40207dbe535cbb9b410c91ab

      SHA512

      0fc3620a094cfc289ad60d244dcb251db03a9d74d0837611578a7f547aafbdbde1c4e59fab4adcbf490f24dd054ab11bf7267aba9f57567d6c475f8898836c75

    • C:\Windows\System\bcIoBfw.exe

      Filesize

      5.9MB

      MD5

      fe601c9b551dd1e954abb41b4f0c7347

      SHA1

      d4866ce79ea9b04dc43d343a69af3aff8211b02d

      SHA256

      8f815c9282fb988639b65c0dcaf6a1be28cf642302d892506fe85a842b6bb8af

      SHA512

      2c9b1bf3942f5cf2d54b677f4ee0bc8387940f5e80efd92067627b29c78b0a05ad9482227c1728bcbc537c7f386aeced2543cf444b26f97aac16d0227e12c3de

    • C:\Windows\System\dRnEByc.exe

      Filesize

      5.9MB

      MD5

      3e616c3c46e6ad446af9626448726b37

      SHA1

      fa0566c5e1b471a5c4ed6043e028fbdccb194565

      SHA256

      167ff2568435e6f8daaf5aa3cddf07fab8e5c878ad0487e1eb2c6f65f7004487

      SHA512

      f8196949de4dfb1c2cb38d67b1fb0567c458ba51022c95047d9d709bfb3ee8bb6108e8381969829d7b8a156af12f0d38c1762f8932ee2948636b9316b6910547

    • C:\Windows\System\dYdrawY.exe

      Filesize

      5.9MB

      MD5

      dc0494be5d22ca92710ca2d0db65e64b

      SHA1

      1b2015955d2b775ef2e41f4c32f0cac58ed9f2dd

      SHA256

      1f505cc752e7111767458e11f7dd667077d395bb5d915c346cf04cf5070d2f25

      SHA512

      e39b31e91dad3e055041506394be9644434df5449906c1b7ddae860d7d9214e9bd12f02279b737e4ccbb46640aad4b79ff03a301fb7b150380f1429a0089a7e9

    • C:\Windows\System\hfDQSIy.exe

      Filesize

      5.9MB

      MD5

      66ab5bfbbf3afb7f1daa17ce0581daa8

      SHA1

      ac993d75fd4e6e50887f6dba65dfe6ab5916b122

      SHA256

      0e6984d0000411444fff2e2f72250212e7684e2061217288cee6ba1df91e0da7

      SHA512

      75da79bb532bc7d32eb29c4b6164ae1463ee5f092247707ac7c7cd038d91b2e9312c3da066a2affaee78273f97fe27ac002258e6b8e3e8a64d6913d778bb2101

    • C:\Windows\System\kbHPPwt.exe

      Filesize

      5.9MB

      MD5

      9cf705b331fe1776f63456eb746b05e1

      SHA1

      7693ff91c7aafc851406b1f0e4a6adcb0273fa9c

      SHA256

      323b69ea8b4e3a4037c4d93f5454de9cb6e68737a557f2a287e596cad865d209

      SHA512

      a073f1b8173deb4bfa690850adb4a21e005bb2e2da579a425e4e59160ada5f8d8559c2eafc6185eeab4f08a045c9bb673638b526de0795377c4c7c5e8b748d69

    • C:\Windows\System\nTfUBaz.exe

      Filesize

      5.9MB

      MD5

      e2f35c4fdf43c9dbd6f4b7698e81f68b

      SHA1

      fe3a8848aa888595cf6db6de6908fd0d84973b87

      SHA256

      ff9368c134a676316554dd7f80daa2e79d6490b52886c99ef1bc38182e208870

      SHA512

      ec5d964058212c9c50a2b95a985381b3fd1803ee14af20f90dae981c7507a0bbc631ca76dfbed2ada4ae32b02424db2a90c38070815af672b6905648714f0af1

    • C:\Windows\System\oJxGGgu.exe

      Filesize

      5.9MB

      MD5

      eb722647d69de306657ab17b2f37c6c2

      SHA1

      3baf6603c9b2917b39f1a3e04aa2b1e0e4202c97

      SHA256

      5f8e14284244658f478e38a17e3a96929ffcba6ce1b0795b6d72b6a67d1ace66

      SHA512

      c89e472494f034600b1ee7ecbd362d9ef451540d21e863e37af1b1b04e7bbd369620d4855c37a82a294d8a081ef4f9b5c275a31d37c5e86ac98f0b260b4db068

    • C:\Windows\System\tltOkuM.exe

      Filesize

      5.9MB

      MD5

      7fd35bfd958b412fc6f987c4aa557c16

      SHA1

      acee60e0f0bb9d2617ddfce6b5b8dfa1456d2a4d

      SHA256

      ecb3d5f784cbc73c5c01bdaeb02078e25894b899c9e7d126b0d0cc58cec8495c

      SHA512

      a994079db76788189ff76199ceff92aa172e7a8da1cf4c6894a9fea55f09d11465cb62abe1406bd3bf90f744fbf1a72fbc4601a2147ea5e970614310f5866484

    • C:\Windows\System\ykpjTtU.exe

      Filesize

      5.9MB

      MD5

      343edb5ad666e8de232d603008e43b92

      SHA1

      b0544df9a84e521ba31ccd7a84a5b770170f9593

      SHA256

      cd09d5602018485c1927a5c279136498c8499888f51451caa960fe2aaeb4fffa

      SHA512

      60b06e69b2169c05acbe95af3a28a3ab114517fa23047e1caad805e5d3c7354eb83b9a29c4d488c6cc7c1015f5b347b78ff52d9e4275c34be554c89f197c9ffb

    • memory/224-125-0x00007FF682610000-0x00007FF682964000-memory.dmp

      Filesize

      3.3MB

    • memory/224-154-0x00007FF682610000-0x00007FF682964000-memory.dmp

      Filesize

      3.3MB

    • memory/860-149-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp

      Filesize

      3.3MB

    • memory/860-122-0x00007FF76E980000-0x00007FF76ECD4000-memory.dmp

      Filesize

      3.3MB

    • memory/952-146-0x00007FF6742E0000-0x00007FF674634000-memory.dmp

      Filesize

      3.3MB

    • memory/952-119-0x00007FF6742E0000-0x00007FF674634000-memory.dmp

      Filesize

      3.3MB

    • memory/1412-140-0x00007FF781E80000-0x00007FF7821D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1412-134-0x00007FF781E80000-0x00007FF7821D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1412-36-0x00007FF781E80000-0x00007FF7821D4000-memory.dmp

      Filesize

      3.3MB

    • memory/1580-121-0x00007FF72ACF0000-0x00007FF72B044000-memory.dmp

      Filesize

      3.3MB

    • memory/1580-150-0x00007FF72ACF0000-0x00007FF72B044000-memory.dmp

      Filesize

      3.3MB

    • memory/1848-64-0x00007FF632310000-0x00007FF632664000-memory.dmp

      Filesize

      3.3MB

    • memory/1848-0-0x00007FF632310000-0x00007FF632664000-memory.dmp

      Filesize

      3.3MB

    • memory/1848-1-0x0000018BAA7A0000-0x0000018BAA7B0000-memory.dmp

      Filesize

      64KB

    • memory/2024-151-0x00007FF600A70000-0x00007FF600DC4000-memory.dmp

      Filesize

      3.3MB

    • memory/2024-124-0x00007FF600A70000-0x00007FF600DC4000-memory.dmp

      Filesize

      3.3MB

    • memory/2576-24-0x00007FF6F9200000-0x00007FF6F9554000-memory.dmp

      Filesize

      3.3MB

    • memory/2576-138-0x00007FF6F9200000-0x00007FF6F9554000-memory.dmp

      Filesize

      3.3MB

    • memory/2576-132-0x00007FF6F9200000-0x00007FF6F9554000-memory.dmp

      Filesize

      3.3MB

    • memory/2660-148-0x00007FF633410000-0x00007FF633764000-memory.dmp

      Filesize

      3.3MB

    • memory/2660-123-0x00007FF633410000-0x00007FF633764000-memory.dmp

      Filesize

      3.3MB

    • memory/2872-141-0x00007FF621280000-0x00007FF6215D4000-memory.dmp

      Filesize

      3.3MB

    • memory/2872-44-0x00007FF621280000-0x00007FF6215D4000-memory.dmp

      Filesize

      3.3MB

    • memory/2896-120-0x00007FF7AE3B0000-0x00007FF7AE704000-memory.dmp

      Filesize

      3.3MB

    • memory/2896-147-0x00007FF7AE3B0000-0x00007FF7AE704000-memory.dmp

      Filesize

      3.3MB

    • memory/2948-142-0x00007FF717F50000-0x00007FF7182A4000-memory.dmp

      Filesize

      3.3MB

    • memory/2948-50-0x00007FF717F50000-0x00007FF7182A4000-memory.dmp

      Filesize

      3.3MB

    • memory/2996-20-0x00007FF7B34E0000-0x00007FF7B3834000-memory.dmp

      Filesize

      3.3MB

    • memory/2996-137-0x00007FF7B34E0000-0x00007FF7B3834000-memory.dmp

      Filesize

      3.3MB

    • memory/2996-131-0x00007FF7B34E0000-0x00007FF7B3834000-memory.dmp

      Filesize

      3.3MB

    • memory/3004-29-0x00007FF7AC3B0000-0x00007FF7AC704000-memory.dmp

      Filesize

      3.3MB

    • memory/3004-133-0x00007FF7AC3B0000-0x00007FF7AC704000-memory.dmp

      Filesize

      3.3MB

    • memory/3004-139-0x00007FF7AC3B0000-0x00007FF7AC704000-memory.dmp

      Filesize

      3.3MB

    • memory/4188-130-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp

      Filesize

      3.3MB

    • memory/4188-14-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp

      Filesize

      3.3MB

    • memory/4188-136-0x00007FF73BBC0000-0x00007FF73BF14000-memory.dmp

      Filesize

      3.3MB

    • memory/4380-127-0x00007FF71A4C0000-0x00007FF71A814000-memory.dmp

      Filesize

      3.3MB

    • memory/4380-155-0x00007FF71A4C0000-0x00007FF71A814000-memory.dmp

      Filesize

      3.3MB

    • memory/4660-126-0x00007FF6285C0000-0x00007FF628914000-memory.dmp

      Filesize

      3.3MB

    • memory/4660-153-0x00007FF6285C0000-0x00007FF628914000-memory.dmp

      Filesize

      3.3MB

    • memory/4708-128-0x00007FF697B70000-0x00007FF697EC4000-memory.dmp

      Filesize

      3.3MB

    • memory/4708-152-0x00007FF697B70000-0x00007FF697EC4000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-144-0x00007FF6463F0000-0x00007FF646744000-memory.dmp

      Filesize

      3.3MB

    • memory/4808-66-0x00007FF6463F0000-0x00007FF646744000-memory.dmp

      Filesize

      3.3MB

    • memory/4980-135-0x00007FF7FC090000-0x00007FF7FC3E4000-memory.dmp

      Filesize

      3.3MB

    • memory/4980-8-0x00007FF7FC090000-0x00007FF7FC3E4000-memory.dmp

      Filesize

      3.3MB

    • memory/4980-67-0x00007FF7FC090000-0x00007FF7FC3E4000-memory.dmp

      Filesize

      3.3MB

    • memory/5068-145-0x00007FF6ABA70000-0x00007FF6ABDC4000-memory.dmp

      Filesize

      3.3MB

    • memory/5068-129-0x00007FF6ABA70000-0x00007FF6ABDC4000-memory.dmp

      Filesize

      3.3MB

    • memory/5112-143-0x00007FF7CB910000-0x00007FF7CBC64000-memory.dmp

      Filesize

      3.3MB

    • memory/5112-62-0x00007FF7CB910000-0x00007FF7CBC64000-memory.dmp

      Filesize

      3.3MB