Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 21:10

General

  • Target

    2024-08-14_855a935a36c711934493ce4dcc4f4fb1_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.2MB

  • MD5

    855a935a36c711934493ce4dcc4f4fb1

  • SHA1

    bfac817b70a51b2a55671109c2708496928ba836

  • SHA256

    64ee0b608fe5812fc7aa29fa780e9c02cf96c6ea729664449c51cad8ec4507ec

  • SHA512

    4c078eae8fd2a53fb0fced5eb128d04b03db2c1c4b48b26ceae53a960473feb183240cc055eea1bbe978378fee0399d88071d15e9144930b72376588c1e02f5d

  • SSDEEP

    49152:ROdWCCi7/raA56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6li:RWWBibj56utgpPFotBER/mQ32lUW

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 45 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-14_855a935a36c711934493ce4dcc4f4fb1_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-14_855a935a36c711934493ce4dcc4f4fb1_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Windows\System\AikdlhE.exe
      C:\Windows\System\AikdlhE.exe
      2⤵
      • Executes dropped EXE
      PID:3512
    • C:\Windows\System\DlhrASY.exe
      C:\Windows\System\DlhrASY.exe
      2⤵
      • Executes dropped EXE
      PID:1956
    • C:\Windows\System\ZxJLmWR.exe
      C:\Windows\System\ZxJLmWR.exe
      2⤵
      • Executes dropped EXE
      PID:2280
    • C:\Windows\System\zxShMCC.exe
      C:\Windows\System\zxShMCC.exe
      2⤵
      • Executes dropped EXE
      PID:3696
    • C:\Windows\System\gqVaDnH.exe
      C:\Windows\System\gqVaDnH.exe
      2⤵
      • Executes dropped EXE
      PID:2244
    • C:\Windows\System\HIMjgsB.exe
      C:\Windows\System\HIMjgsB.exe
      2⤵
      • Executes dropped EXE
      PID:2744
    • C:\Windows\System\nbxrFiB.exe
      C:\Windows\System\nbxrFiB.exe
      2⤵
      • Executes dropped EXE
      PID:2960
    • C:\Windows\System\TlfnAYe.exe
      C:\Windows\System\TlfnAYe.exe
      2⤵
      • Executes dropped EXE
      PID:2904
    • C:\Windows\System\rWRXKaS.exe
      C:\Windows\System\rWRXKaS.exe
      2⤵
      • Executes dropped EXE
      PID:5008
    • C:\Windows\System\KctMqqC.exe
      C:\Windows\System\KctMqqC.exe
      2⤵
      • Executes dropped EXE
      PID:4816
    • C:\Windows\System\INCOoCF.exe
      C:\Windows\System\INCOoCF.exe
      2⤵
      • Executes dropped EXE
      PID:1524
    • C:\Windows\System\kugoGIG.exe
      C:\Windows\System\kugoGIG.exe
      2⤵
      • Executes dropped EXE
      PID:2968
    • C:\Windows\System\YAeXbJT.exe
      C:\Windows\System\YAeXbJT.exe
      2⤵
      • Executes dropped EXE
      PID:1752
    • C:\Windows\System\iBSrVcy.exe
      C:\Windows\System\iBSrVcy.exe
      2⤵
      • Executes dropped EXE
      PID:3308
    • C:\Windows\System\QeAIVrD.exe
      C:\Windows\System\QeAIVrD.exe
      2⤵
      • Executes dropped EXE
      PID:1936
    • C:\Windows\System\otejBUs.exe
      C:\Windows\System\otejBUs.exe
      2⤵
      • Executes dropped EXE
      PID:3132
    • C:\Windows\System\ABagijM.exe
      C:\Windows\System\ABagijM.exe
      2⤵
      • Executes dropped EXE
      PID:1160
    • C:\Windows\System\FjSwNNg.exe
      C:\Windows\System\FjSwNNg.exe
      2⤵
      • Executes dropped EXE
      PID:4392
    • C:\Windows\System\VSKvxoF.exe
      C:\Windows\System\VSKvxoF.exe
      2⤵
      • Executes dropped EXE
      PID:908
    • C:\Windows\System\oypJoDb.exe
      C:\Windows\System\oypJoDb.exe
      2⤵
      • Executes dropped EXE
      PID:1716
    • C:\Windows\System\Itbmddo.exe
      C:\Windows\System\Itbmddo.exe
      2⤵
      • Executes dropped EXE
      PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\ABagijM.exe

    Filesize

    5.2MB

    MD5

    d61b8b06ce4d5d3de29771efd1083371

    SHA1

    44cb202031ee3a58f1364d061ac3769bb5c63629

    SHA256

    e9f60ac597f7575a56f0be6f201e288b9cf7833e8843fcbfb393842112f32091

    SHA512

    c0b5621d58b643714e5b573965644a593a453f175e16fc6a8edc5491e187553b1c83181967bd041332a5f8c09a30836a0396e4d63df3f2cb2432cb32a9251a2b

  • C:\Windows\System\AikdlhE.exe

    Filesize

    5.2MB

    MD5

    92d8543a2a161f9e64a530651574e360

    SHA1

    6af2aa86d9a030124e80de1cbbe81407f5db3959

    SHA256

    2b267b8d5a5e3ccf57e95df0fd2276574f382d6211dfdd0a24d8279d9ba6df03

    SHA512

    836f699ed640acc3f023005edd4b151a412bb1c56014a56a784967e3830448f6681fc184fbb01e50fd5badbe8df2ba953c27fa2ea75a7881e6e7c58642f8f093

  • C:\Windows\System\DlhrASY.exe

    Filesize

    5.2MB

    MD5

    1e46b7893d7e63a240d1955692e77521

    SHA1

    66216a0b8d3e4458fb4e8f3b255c2b7e1d49f625

    SHA256

    56b60e36b161c704b29a4a07d1d526f4ba8b475b1d3c9ac78a738fd34cb8dc1e

    SHA512

    58832daa934f560b6e765a648ce5832b0671f3e35eba3949c0b43c0d464d2d6343a090a253ae4e9271cb5cc2814631d8f14e7c345bd5f46d6195a7eef228e8d1

  • C:\Windows\System\FjSwNNg.exe

    Filesize

    5.2MB

    MD5

    97b89f99656db47133feb93f9beb70e2

    SHA1

    a84ce949c0eae235d1fed788ed52dff689cb352c

    SHA256

    84f6561416a87cb6976e2143cfec6ac7d074fc66d24f13f46ceac504d4450738

    SHA512

    8d0310a7a6cffc9d3c182941509463b6bdec2796e9de3ef362dd1be4aff227a6f03b43ec6436f94901dbc2f27fbd9e7784375a77a4925c703ad0cfc09625a3c6

  • C:\Windows\System\HIMjgsB.exe

    Filesize

    5.2MB

    MD5

    8ec6b0c211b677d586d29563490f0ef0

    SHA1

    f0f6c17bfc06bcba65031088106589ec938c30c3

    SHA256

    eb3114953f1861051143ad9409e6297d7d9ab83da8af56f5d3463195d8eb7e51

    SHA512

    2b656fb76a0e9ca1f44d3e26dbbd34294f9d288c26e81ef556447cdc2ff0258b762e4de4195996af40726c886013d3b2a8c1819567755723f6cfb7b34c540099

  • C:\Windows\System\INCOoCF.exe

    Filesize

    5.2MB

    MD5

    e182c5e45f3defd6c1914438a06e7189

    SHA1

    fcc293ecf8ac2b03ca8c38af43dd940ee665081d

    SHA256

    320e566b189cec7d9e6c4c838d0ce25b0866964af0656c1b61b2d598497dc92c

    SHA512

    46da11dd74ec021c9feb8c06e130f594c8ee51d4b916d5425ad5db2de5ec7caf2581eb5e76992f85863cb53cfe4aa594dd3e77cbab3854275bd5bfb1d0d3e8fa

  • C:\Windows\System\Itbmddo.exe

    Filesize

    5.2MB

    MD5

    05616a33de4c71390530b44e2f29d753

    SHA1

    73cabd04176ce645d521e494f07c03d0323ba99d

    SHA256

    fa26a6c3b3bccfa553ad2b3b2d57c321d3f0823051cbdce9c9dd84a9ce52b015

    SHA512

    dc765361b8a6f6139115205097cebd135d98c02a2c7a7ff855f4bf19d691c279fc17ee1079e2678dfeb63ee7922c0c5b048ecd51f4e4cddd5be1c0abf49946ca

  • C:\Windows\System\KctMqqC.exe

    Filesize

    5.2MB

    MD5

    eb8a4e4c6ca9d5906dbdad69ff8cad67

    SHA1

    2fc9e05e690576d4d6f5f32ad491735ade1989cb

    SHA256

    35564b54ac7eb97db007ac8d8a0da050def5f8280e00a5c8b4c15dbf48e5f635

    SHA512

    b5418bc1d285b0651a45d3c4865bb214f5b170a780c87fb16f8322b971ae9cd1f95d0edf3658895313b97a2527e89720b002a00a45cb69fe57990aa7aee4e7a3

  • C:\Windows\System\QeAIVrD.exe

    Filesize

    5.2MB

    MD5

    c33c607750787c54e0e99ba17a45623c

    SHA1

    c24b360a1ff3f4bcfb28d73394e30474946af0b8

    SHA256

    88de352b2fa97a6ed24eafb767344c9252940a792ce373fb1c7365820c998002

    SHA512

    a824295dfe2ec643ca2bf5255552bd216f2ced91904ceb55d205e88ad9a0fe441ff5a5d5da9329c1830aee0a5eedc40e3ea569116bceb50400cf7407c2630212

  • C:\Windows\System\TlfnAYe.exe

    Filesize

    5.2MB

    MD5

    6d66314c645d9320648db4fcb16092e3

    SHA1

    f4b7684299b4806510d5da41cf15668ebde74e35

    SHA256

    16e01ef7c298acb34dcbdcdaf61ee4550c5f17ffc03452c01b6dc55c557e7f41

    SHA512

    183184e54b1a0b95614b87c8940ac0062701335465287ad2b368f5faed5d4c1fb4a64d9426e082b7b622d581bdcb6825ea83fd68fd376ad1cd2a23850f6640e7

  • C:\Windows\System\VSKvxoF.exe

    Filesize

    5.2MB

    MD5

    5665e3568ffaccc41e7469c7efaf855e

    SHA1

    519b0663911829594b7333864e07c370a786513b

    SHA256

    44a83b08ae3e51a6c3408cf30200cb1b4f1f5cbcfadc399b80cc2403085dc819

    SHA512

    0b57ba3cea3f87b8f5053fe620a9d837f7e88577fd63e96426e9bbbe57fbeecf8925656ee22b9beca71f0be75d29234858313521f7dcffcaf7fea561779092cc

  • C:\Windows\System\YAeXbJT.exe

    Filesize

    5.2MB

    MD5

    eb683221617c26036d25f9144b256fbb

    SHA1

    6dcca45dc52e1098f1c923ebaea8e9f45d62894d

    SHA256

    f9295cd783dcc7c39d2bbdf8ab1170808ea3a61dc28a8b98d12554dada564b16

    SHA512

    7cecc81de3ef035c9c623e2d6c5f1ada631ce3f73164b6f596be6c446f57238fb41c5c82bef8a1fb3a8537757d90dc698a760d7dcdef0fd0b3ca4409c3f47244

  • C:\Windows\System\ZxJLmWR.exe

    Filesize

    5.2MB

    MD5

    f4f7779e228832904bd42253e320b6f6

    SHA1

    a99c76f75a2ba3cfd6c9b78800de5e4c34758174

    SHA256

    b04cd53afdf3c95b92f64c90f9ccd660e090bf1ca72abb38e2be2e68055f2a6d

    SHA512

    ba50d255677a937a848ccc2e75a019e6562631b94666ed99b2773de624f9085aa8ba3d1bf73792c3dd8ac229ac1574160482d2286a4149b881c12343c9832b2e

  • C:\Windows\System\gqVaDnH.exe

    Filesize

    5.2MB

    MD5

    dff11f2bba55c33b4e2a3fdf841934f8

    SHA1

    773586fb08623d1d027eff68323778d224c09b82

    SHA256

    e6b7101367be295e63903d74ba712e5709c6c72b25ed0c0729d304e22662f25d

    SHA512

    bae9ae5cba1f3a1372a2a5544115d0e458e209cafdf5b53dc5f567ed113179db972bda9e737e5f11f95bf4cc176c0c5aa13a012c239766d461f47bea92fe29f4

  • C:\Windows\System\iBSrVcy.exe

    Filesize

    5.2MB

    MD5

    c11444a303917648c5c85b802e87e861

    SHA1

    14aac14177a68296c9c39da64c356cfc966fa3de

    SHA256

    5cc32e82ef5848d157a7457b68fc76b4583c879b57f8d321a85334f5beb6f6bc

    SHA512

    4b2ffdbb445edd824656bd07cd3558bba1203c805a649d77ce6901dbd1935ebd5b9f0dcda10b5bd6192f1578e871d569c859d9d2db192d137c1377304509644e

  • C:\Windows\System\kugoGIG.exe

    Filesize

    5.2MB

    MD5

    5944afcb16ba0be5201e786c3300396a

    SHA1

    b66170853733acc3c5278b4f8d1acc1d88a4f50b

    SHA256

    aacf581533ee45bd5ca9fa732b92c8d9159164e5d9ff6f5d9e56781972a80025

    SHA512

    5f2ecbe25b8bea4571b4b249f48387d247a2ca07bc05b9ccaf5e98cab61aee9c5505daf07529dcc28ecde105112fe41e4d8a069f8acba20e2ea1b307b93f385c

  • C:\Windows\System\nbxrFiB.exe

    Filesize

    5.2MB

    MD5

    099864b6b059cf72c4b36446b2534b0b

    SHA1

    750d08310a6dcb0c82765c6323e4de08354c876d

    SHA256

    621de712af8259b3f83910467c8ba17ca1effbe43f632c153bfc018946896d59

    SHA512

    8bf5693a172c327b83b6a0eeafe9357aa2ec5d4efe4e8473b9657c97fdcc19c1691e18c980e682fbfb03cf5e4ea26680411b17a2c44ba5946d604302c45bb628

  • C:\Windows\System\otejBUs.exe

    Filesize

    5.2MB

    MD5

    7c92dcb030a350e085513ec8ec2c6555

    SHA1

    fa28b2f0c70fbeb482bac2fcc4c51d311cef8b43

    SHA256

    6eff39ed2d388e49d47e800dddda5c6331da0e8b9cca6566a1408537d7e2a937

    SHA512

    7affad651532ba81d4fb384d014df304156796d313cfbb4d873fe8c820a0ae3b8e3b405be3c7268dc30114c9fba6127004ea421d9d591222b18e326e707006f1

  • C:\Windows\System\oypJoDb.exe

    Filesize

    5.2MB

    MD5

    b74e9479479167ca3b5116d692741dfe

    SHA1

    efde9e1e6db4d8017236ff1dab0437766300b3a7

    SHA256

    12aa025bc907484e501256f61d22c74ef140c6cb24a46b40b53912e0d9b1d132

    SHA512

    9602a78266bef37099ce404fabb21a64c7a99c2f88ce540f429b675af6019569ba66b7ade9e7021ebf8ad44ecd84748c22ef32792ee155e73ecd799e5dbbd71a

  • C:\Windows\System\rWRXKaS.exe

    Filesize

    5.2MB

    MD5

    dcd486581d196cca59542ff9ad67cf80

    SHA1

    bb640ea3f9baabba0236dc0b45e09c0a4a3e0195

    SHA256

    f6a6d645278935cd71f788228dbad25e98d3e47d0496488b0a32f0fce91913ad

    SHA512

    3df3be2b1aa6b3ab6adf7096e4f0483adb51dbb4765fd8692333bc63b2047b5489c9ca55eee575217344a8e0333e282364c3b4c86a5037443d19f327cb9b4ad1

  • C:\Windows\System\zxShMCC.exe

    Filesize

    5.2MB

    MD5

    344a54fc841c5da26d0891e9c0319501

    SHA1

    1fe1e7a14f71935a1a182201aa75c5a14eca7166

    SHA256

    cf6e569ca21ed84688fd7bf26a831b158a897143cbe0bf677021f23a7243bc41

    SHA512

    0983f941f27703bcef4bf92df8eb3a030a2c3a0c4c59a232355ca5e73e255d15f1ef904412c6704e47336423fdab6a36230027dc86b38f2d467ad2aa7e320bef

  • memory/908-248-0x00007FF7A30B0000-0x00007FF7A3401000-memory.dmp

    Filesize

    3.3MB

  • memory/908-148-0x00007FF7A30B0000-0x00007FF7A3401000-memory.dmp

    Filesize

    3.3MB

  • memory/908-118-0x00007FF7A30B0000-0x00007FF7A3401000-memory.dmp

    Filesize

    3.3MB

  • memory/1160-104-0x00007FF644730000-0x00007FF644A81000-memory.dmp

    Filesize

    3.3MB

  • memory/1160-242-0x00007FF644730000-0x00007FF644A81000-memory.dmp

    Filesize

    3.3MB

  • memory/1160-146-0x00007FF644730000-0x00007FF644A81000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-78-0x00007FF6EFBA0000-0x00007FF6EFEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/1524-226-0x00007FF6EFBA0000-0x00007FF6EFEF1000-memory.dmp

    Filesize

    3.3MB

  • memory/1716-244-0x00007FF6D1630000-0x00007FF6D1981000-memory.dmp

    Filesize

    3.3MB

  • memory/1716-122-0x00007FF6D1630000-0x00007FF6D1981000-memory.dmp

    Filesize

    3.3MB

  • memory/1716-149-0x00007FF6D1630000-0x00007FF6D1981000-memory.dmp

    Filesize

    3.3MB

  • memory/1752-233-0x00007FF68D3F0000-0x00007FF68D741000-memory.dmp

    Filesize

    3.3MB

  • memory/1752-88-0x00007FF68D3F0000-0x00007FF68D741000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-235-0x00007FF7A02E0000-0x00007FF7A0631000-memory.dmp

    Filesize

    3.3MB

  • memory/1936-92-0x00007FF7A02E0000-0x00007FF7A0631000-memory.dmp

    Filesize

    3.3MB

  • memory/1956-46-0x00007FF73DBD0000-0x00007FF73DF21000-memory.dmp

    Filesize

    3.3MB

  • memory/1956-209-0x00007FF73DBD0000-0x00007FF73DF21000-memory.dmp

    Filesize

    3.3MB

  • memory/2244-133-0x00007FF7C7550000-0x00007FF7C78A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2244-217-0x00007FF7C7550000-0x00007FF7C78A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2244-28-0x00007FF7C7550000-0x00007FF7C78A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2280-23-0x00007FF73BEF0000-0x00007FF73C241000-memory.dmp

    Filesize

    3.3MB

  • memory/2280-131-0x00007FF73BEF0000-0x00007FF73C241000-memory.dmp

    Filesize

    3.3MB

  • memory/2280-211-0x00007FF73BEF0000-0x00007FF73C241000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-134-0x00007FF7F6E50000-0x00007FF7F71A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-37-0x00007FF7F6E50000-0x00007FF7F71A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2744-215-0x00007FF7F6E50000-0x00007FF7F71A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2904-220-0x00007FF708C70000-0x00007FF708FC1000-memory.dmp

    Filesize

    3.3MB

  • memory/2904-136-0x00007FF708C70000-0x00007FF708FC1000-memory.dmp

    Filesize

    3.3MB

  • memory/2904-43-0x00007FF708C70000-0x00007FF708FC1000-memory.dmp

    Filesize

    3.3MB

  • memory/2960-221-0x00007FF67B940000-0x00007FF67BC91000-memory.dmp

    Filesize

    3.3MB

  • memory/2960-73-0x00007FF67B940000-0x00007FF67BC91000-memory.dmp

    Filesize

    3.3MB

  • memory/2968-81-0x00007FF737340000-0x00007FF737691000-memory.dmp

    Filesize

    3.3MB

  • memory/2968-224-0x00007FF737340000-0x00007FF737691000-memory.dmp

    Filesize

    3.3MB

  • memory/3000-151-0x00007FF78FA00000-0x00007FF78FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/3000-0-0x00007FF78FA00000-0x00007FF78FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/3000-1-0x0000023D8C5B0000-0x0000023D8C5C0000-memory.dmp

    Filesize

    64KB

  • memory/3000-128-0x00007FF78FA00000-0x00007FF78FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/3000-145-0x00007FF78FA00000-0x00007FF78FD51000-memory.dmp

    Filesize

    3.3MB

  • memory/3132-144-0x00007FF79F990000-0x00007FF79FCE1000-memory.dmp

    Filesize

    3.3MB

  • memory/3132-238-0x00007FF79F990000-0x00007FF79FCE1000-memory.dmp

    Filesize

    3.3MB

  • memory/3132-103-0x00007FF79F990000-0x00007FF79FCE1000-memory.dmp

    Filesize

    3.3MB

  • memory/3308-91-0x00007FF6FF690000-0x00007FF6FF9E1000-memory.dmp

    Filesize

    3.3MB

  • memory/3308-231-0x00007FF6FF690000-0x00007FF6FF9E1000-memory.dmp

    Filesize

    3.3MB

  • memory/3512-16-0x00007FF681720000-0x00007FF681A71000-memory.dmp

    Filesize

    3.3MB

  • memory/3512-207-0x00007FF681720000-0x00007FF681A71000-memory.dmp

    Filesize

    3.3MB

  • memory/3696-213-0x00007FF6FE2B0000-0x00007FF6FE601000-memory.dmp

    Filesize

    3.3MB

  • memory/3696-57-0x00007FF6FE2B0000-0x00007FF6FE601000-memory.dmp

    Filesize

    3.3MB

  • memory/4008-119-0x00007FF78FC70000-0x00007FF78FFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4008-150-0x00007FF78FC70000-0x00007FF78FFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4008-246-0x00007FF78FC70000-0x00007FF78FFC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4392-113-0x00007FF744CB0000-0x00007FF745001000-memory.dmp

    Filesize

    3.3MB

  • memory/4392-240-0x00007FF744CB0000-0x00007FF745001000-memory.dmp

    Filesize

    3.3MB

  • memory/4392-147-0x00007FF744CB0000-0x00007FF745001000-memory.dmp

    Filesize

    3.3MB

  • memory/4816-229-0x00007FF77DDF0000-0x00007FF77E141000-memory.dmp

    Filesize

    3.3MB

  • memory/4816-77-0x00007FF77DDF0000-0x00007FF77E141000-memory.dmp

    Filesize

    3.3MB

  • memory/5008-228-0x00007FF696F60000-0x00007FF6972B1000-memory.dmp

    Filesize

    3.3MB

  • memory/5008-86-0x00007FF696F60000-0x00007FF6972B1000-memory.dmp

    Filesize

    3.3MB