Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 21:17

General

  • Target

    2024-08-14_9ff9f5813a6443ed0b267ca38cca4f01_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.2MB

  • MD5

    9ff9f5813a6443ed0b267ca38cca4f01

  • SHA1

    c0cf2b505e510e23e697a2a97878957a9a91cef0

  • SHA256

    0f6de8be043a6917c54b10570817dc04902e02d0d3694de38a69bfe7f8e548f9

  • SHA512

    86844612fdd07f0928a11fa8b7dc2770c4e4c451baf22fed9fe134ad2e361c843dc8ac52c47a8c6339bb3141de858a23ca6a92490c705f96221722bf738f1635

  • SSDEEP

    49152:ROdWCCi7/raA56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lI:RWWBibj56utgpPFotBER/mQ32lUM

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 46 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-14_9ff9f5813a6443ed0b267ca38cca4f01_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-14_9ff9f5813a6443ed0b267ca38cca4f01_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\System\ZXhiCpP.exe
      C:\Windows\System\ZXhiCpP.exe
      2⤵
      • Executes dropped EXE
      PID:632
    • C:\Windows\System\VIiGlaC.exe
      C:\Windows\System\VIiGlaC.exe
      2⤵
      • Executes dropped EXE
      PID:3692
    • C:\Windows\System\cRqwOKv.exe
      C:\Windows\System\cRqwOKv.exe
      2⤵
      • Executes dropped EXE
      PID:2656
    • C:\Windows\System\XWzxZPF.exe
      C:\Windows\System\XWzxZPF.exe
      2⤵
      • Executes dropped EXE
      PID:2856
    • C:\Windows\System\UBOEikY.exe
      C:\Windows\System\UBOEikY.exe
      2⤵
      • Executes dropped EXE
      PID:2568
    • C:\Windows\System\WhGwPnk.exe
      C:\Windows\System\WhGwPnk.exe
      2⤵
      • Executes dropped EXE
      PID:4728
    • C:\Windows\System\nPtyOku.exe
      C:\Windows\System\nPtyOku.exe
      2⤵
      • Executes dropped EXE
      PID:4596
    • C:\Windows\System\BZvuogp.exe
      C:\Windows\System\BZvuogp.exe
      2⤵
      • Executes dropped EXE
      PID:3912
    • C:\Windows\System\zihzlEw.exe
      C:\Windows\System\zihzlEw.exe
      2⤵
      • Executes dropped EXE
      PID:2072
    • C:\Windows\System\XGNBgCJ.exe
      C:\Windows\System\XGNBgCJ.exe
      2⤵
      • Executes dropped EXE
      PID:1908
    • C:\Windows\System\eEWYUQO.exe
      C:\Windows\System\eEWYUQO.exe
      2⤵
      • Executes dropped EXE
      PID:1884
    • C:\Windows\System\WjpmFfy.exe
      C:\Windows\System\WjpmFfy.exe
      2⤵
      • Executes dropped EXE
      PID:3624
    • C:\Windows\System\DQCjHaw.exe
      C:\Windows\System\DQCjHaw.exe
      2⤵
      • Executes dropped EXE
      PID:4436
    • C:\Windows\System\EqTqaMf.exe
      C:\Windows\System\EqTqaMf.exe
      2⤵
      • Executes dropped EXE
      PID:4332
    • C:\Windows\System\kwdMlSa.exe
      C:\Windows\System\kwdMlSa.exe
      2⤵
      • Executes dropped EXE
      PID:1272
    • C:\Windows\System\oLFcfrZ.exe
      C:\Windows\System\oLFcfrZ.exe
      2⤵
      • Executes dropped EXE
      PID:1136
    • C:\Windows\System\iNFYkjH.exe
      C:\Windows\System\iNFYkjH.exe
      2⤵
      • Executes dropped EXE
      PID:3188
    • C:\Windows\System\TORkLJq.exe
      C:\Windows\System\TORkLJq.exe
      2⤵
      • Executes dropped EXE
      PID:432
    • C:\Windows\System\fbUIqHV.exe
      C:\Windows\System\fbUIqHV.exe
      2⤵
      • Executes dropped EXE
      PID:1240
    • C:\Windows\System\VZYFMFO.exe
      C:\Windows\System\VZYFMFO.exe
      2⤵
      • Executes dropped EXE
      PID:4980
    • C:\Windows\System\hsUYbZh.exe
      C:\Windows\System\hsUYbZh.exe
      2⤵
      • Executes dropped EXE
      PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\BZvuogp.exe

    Filesize

    5.2MB

    MD5

    4c527477bf319bc89104f687fa6b3bd4

    SHA1

    6685ec616a8d9e6cb3e5edbefeaec00b21a8a3e4

    SHA256

    46a42010d6c4f70f1cb40cdf5d401348d27e452dabf4ea855e0fade613b60a8c

    SHA512

    bf8f9e321787db9c03ee7632d631d11b4a0965ef6dc2610f9329f17304327cb9e437c9c88d2fe74c562ea31a1f01b0d33482b86709b1a23d4d229117a11c751e

  • C:\Windows\System\DQCjHaw.exe

    Filesize

    5.2MB

    MD5

    e995c9f11d1e3bcaa80d7369c5fcb323

    SHA1

    7a26eb5921ec06faf0b7b80b652ae78f2cbb08ec

    SHA256

    b1581254b13949a888f31d3db13e8bd813ff02bd4ae76675104e7e7a66fda29d

    SHA512

    1d7dced79e5dfc226ce38229962c651a680b5cef4a7201a9919d0ab54dbfc67e56e22a7b0e51fbc39b98f40f9c3eac97527adad89775ff1989192f609cb43290

  • C:\Windows\System\EqTqaMf.exe

    Filesize

    5.2MB

    MD5

    906e67c051a83a42b12ca6ca03f52a82

    SHA1

    687169b65f5b9f10cdb1800a10faf60b266760c2

    SHA256

    2ce95b423e71ee96174432fd03b9c050edf1b6cca002899a9660b43c1fbb21e4

    SHA512

    14387ee3f121b56bccb4916ab6cbb01b6a162f28b405568bded39f5da810ab5f2379193e671037d0cdb080494766a21d4b991047fa6d3616e5f4cc4f4799d39e

  • C:\Windows\System\TORkLJq.exe

    Filesize

    5.2MB

    MD5

    1c064bb59121d75fcae75c59bddd5743

    SHA1

    5620c719216b0b5aa1b7e427c4fc53fd9d1f609f

    SHA256

    fa09a8f80cfca351ff76d28c2c780dc568691c0006c6dcd46e32561a4fd33181

    SHA512

    5c70b4ff7049d78c6e9bceeaf0da11e03438afa1d8a78565a09a094730c6749fd943411328637e5e4ab314b2b9bbd1b41969d94d85bdab5180c6d455da7f7983

  • C:\Windows\System\UBOEikY.exe

    Filesize

    5.2MB

    MD5

    eb5d3066783f9577914449fcfbb06d9c

    SHA1

    84f57d3acb889c7fa9fed5b4f35ed2330a9cead5

    SHA256

    c00f25a961d71372e5a0272566d794742cef449855191e82f283445bcd4d7e38

    SHA512

    f9ddb7c88e6030006fd64d0b1fbdf24d2365b7d3fed2c430a1bf5496228f967a74dd60b71235d21a34d147128ea8252922c980fe2f710bc054d2ce620491d23b

  • C:\Windows\System\VIiGlaC.exe

    Filesize

    5.2MB

    MD5

    3ba83b26052061c242528266363943bd

    SHA1

    62793415b389f03521974037c38805144bc5e773

    SHA256

    eb4143279f8215cf57ac0f4ba6987046b2bb5d4d4e57005cc5df578ecd9751d1

    SHA512

    3799c0b690a8af4200492b13a827507e02e78f9aa93863cb1e19291a95824745b3526deab1f5c6fddb41691cc6318bcf4e754313c3e7ddaedbee048d71870f58

  • C:\Windows\System\VZYFMFO.exe

    Filesize

    5.2MB

    MD5

    7be6034d75d7b9380c12ba76466aa3dd

    SHA1

    ecdf32913e89342da5e7334ba4b94353df646ffe

    SHA256

    1c89ef45febb2e48ab70c222066cad3b177b30e37b7feaabc925559ed9c41ebb

    SHA512

    ad1fea4c3f3ad79914da3bd8c9adbc60a40a37a1ace8fe2bacab18acbc8b87de867f6d826ca47359d5e372916750ff2c2ce8fcf272a4a809d200020fc932a224

  • C:\Windows\System\WhGwPnk.exe

    Filesize

    5.2MB

    MD5

    208196b210c11667ca08a6608612d6fe

    SHA1

    912c3ef7dfab6d701226dfe03e35142c36f78854

    SHA256

    0680e02263a565b4f40061e4f8284c2e1b67bb3309d50bc8f665a4c53ba7e7cc

    SHA512

    a07f18219f45e22d4343f76f10a76b3d1294d51535e355d35de8792751706e1cd660525f8564a0d5d007fed91c848aadc5fdecfc3e483292f19cc19d69a6a867

  • C:\Windows\System\WjpmFfy.exe

    Filesize

    5.2MB

    MD5

    48fb63eadd62445a13508161368f0ca4

    SHA1

    52f3a34368574c9d220988040bb034cd06f73815

    SHA256

    749d59654b8925696e5d7ea146cfc72aa9f8245a21eba21e0bbe062f536bceb3

    SHA512

    377cda7440e7cf8b0e56bb4bdfec869a77984f535f24d79ad9889ad0bdeaa9720ce749267d8e62ba3ef320643687a11c8067082387d608908f75ade0e2e08ff9

  • C:\Windows\System\XGNBgCJ.exe

    Filesize

    5.2MB

    MD5

    91462f5cdca58729398f7a8696e51ddb

    SHA1

    3927bd1780eea79069fad0317989f9bf88173ee2

    SHA256

    4dc710672fae5b5e06c6e7edd6aeac6200512c957329dae0a8e539f40162e87b

    SHA512

    682f2e10194b216b6dbc5df03daff9007fb18800cc88428bfed70d095c4680be17a3c061c6701cb1e514fbc43c461e823d0958d5d30cdc6e13279484e4f479d2

  • C:\Windows\System\XWzxZPF.exe

    Filesize

    5.2MB

    MD5

    b3a1311b2d026a9988c8d383884babac

    SHA1

    0f8ad4c4d32a7c887a25771f756da9c86145fea0

    SHA256

    60b05058d9e9704a36269762fdefc2e0301efd7650b5023da330d2a0acc99036

    SHA512

    779769cd27c6b54d0e6d9733a79fda18de1483d32230e878fbad2d0f2402f1bc53742def2fb9d9791954c69defce85d992c8dad42e6b85e2960e6dfd43cd8315

  • C:\Windows\System\ZXhiCpP.exe

    Filesize

    5.2MB

    MD5

    042bfa12392a9b3172c6eb7676a6524c

    SHA1

    ccebe52cd3569b08948c9a9b0c05e6ab2ad52dc0

    SHA256

    473da72da83367923d0b9914f4116520d16290eaef2139b830d568e48ca21612

    SHA512

    0aa48a4f211a601febcfe460a15cad199befe81f05d9e6a269985980b8de64f6b2bcd940e4ed936b96578d4af5d2e429c6e0a6334adaeac23db1571723fb0b76

  • C:\Windows\System\cRqwOKv.exe

    Filesize

    5.2MB

    MD5

    c5dc0b89b932b6bfdb368f7ace7041f4

    SHA1

    6639a54da8451fdb827ab278e13ec92dbc665a1e

    SHA256

    c09b69a85647cb35a6419d934b03cf76fdcfabe441ed016c297a79786bd91d3a

    SHA512

    17279a702fb7b2641c79bebc4637211f0d1fbda95c05f36a622454897491b5bc64c8bcad63d252ee4a1277600bd432d2af44dda18f4ea5dc5dc805b0b1d84ea8

  • C:\Windows\System\eEWYUQO.exe

    Filesize

    5.2MB

    MD5

    e1dfd5d6d39ea443fb451f7661e3e9aa

    SHA1

    b8d32fa3062156b6fb42f0fdf797d0c70c8577e4

    SHA256

    bb5abab78ac002c583d3ee76bd412cad82145fc8fae307879bac6ae244131097

    SHA512

    6fe6953d98af2e5c07671d2222c1e0a217e81d879545d3242911e2ea4fabd1950a260028f26177971c3a75aa226a247d897346f68b8293e4dcd4adec634f4dee

  • C:\Windows\System\fbUIqHV.exe

    Filesize

    5.2MB

    MD5

    da0f4ab5c56abc9fddcb91da366a3d8e

    SHA1

    253f61a5fcf71e99b23ee928ddbc8b3b4b62a713

    SHA256

    b28413e8d5e9c31b07d9251526ada307547d673e3f8c14f75346543cee58219a

    SHA512

    8412782fc5b4298b349a2f35aed1155200e7b136aafe88020ecf0318fc7e1df142b45f3fe5882fa3388739f93b9fd0e7ddbc013f1c8f6dc1767509ab2666e1a6

  • C:\Windows\System\hsUYbZh.exe

    Filesize

    5.2MB

    MD5

    3c522bf0848f2222a21af2153263533d

    SHA1

    b7a682c799f2cc5bf951a170656b7c2587df1d62

    SHA256

    efdde5d41be9cde81d27ec750bc7cfda8cf3b6ab5bfbe5b782be6a95b1bb1ae8

    SHA512

    52be7155d31750ef787c186d334cb50354961043bb390257b843000868fa67f10728ef434034a995eadca31bb8e31a0b0cd3c4910e3af7badcf4e9b43c124a0b

  • C:\Windows\System\iNFYkjH.exe

    Filesize

    5.2MB

    MD5

    7d8e9cf88f1f546706ae4a0eb015c447

    SHA1

    518c11caaa36523208dad129a45545ba3862293e

    SHA256

    6abbe1dfec7e9c4ee4f0e1f841f5e3fb849d2b9188c5f06986100d74969af49d

    SHA512

    32a3270f4b8fbd6f9eb75cd5c593aeb4657027f25ab859a723677980d53a20cf4c36bb56c96f754312980435f62e6c5252b78cc9832566aa2bbffc1e8c79add8

  • C:\Windows\System\kwdMlSa.exe

    Filesize

    5.2MB

    MD5

    33f1fc723dda1ff857a9276b460b9d4c

    SHA1

    e008d1ab515ef7b139ece723afd4d1d05724d0d0

    SHA256

    472b783d851a8ed7cbb75df6b663d5f5e72db00f4f9345bd7d7b56517e4b059a

    SHA512

    2dbc7cbe520ed3ae51b8221cf9a28b3d62805711cf01b35dbda8a48ecc09ebcefb50ff74511ee57852abe748d3987c98185d98d239e976da08594f523ef3b30f

  • C:\Windows\System\nPtyOku.exe

    Filesize

    5.2MB

    MD5

    33afb174aa583cbb72bf9339093c4048

    SHA1

    9bef3995de00b1f77b2b706680a5763254b3cffb

    SHA256

    a922e8609c2b44a16c53f3298e01990beab49f3d8e384e929b3fc639a0194a95

    SHA512

    39071c4ef8fe8a4de5e1ac12ebea924a7aac072d01be4b37943274049e740d6dfeae062cd9701bce521d2343764759996a33662334eb2db46aa2f7c6a5736128

  • C:\Windows\System\oLFcfrZ.exe

    Filesize

    5.2MB

    MD5

    fad115af8f2eb97e4c1072fb5e688add

    SHA1

    bac15faaed299769e655253c78da87b8233b602b

    SHA256

    808879bd356ce9764f4f3534f3915ee78c0fbc90ec53a821ff2cfb6d5c468680

    SHA512

    af9529dd44450e2d5444eba438558a0085a0ac4aca3bfbb15c9f5ba66b7ec3b59485f8df688fb371d26dfb1cfbe0e1c5873fb24728746d3f5ca7dcdefa866648

  • C:\Windows\System\zihzlEw.exe

    Filesize

    5.2MB

    MD5

    4da2b0a5675c6a76591accec32363c46

    SHA1

    7c072b476b0ac2b2e7f2e588c9eb5bb8be3de513

    SHA256

    55c717c1ee400481ceeb5c4f88abf986f71a7b476049bb19104baa9d520ec791

    SHA512

    7392ea1da9a70e013315937f1aa83c1d42af8a861f85d90da4f7eca745607036d810c0e33279394ed3b908808161e0c43b35e543f898d412f73e51ef1045bf88

  • memory/432-114-0x00007FF688370000-0x00007FF6886C1000-memory.dmp

    Filesize

    3.3MB

  • memory/432-151-0x00007FF688370000-0x00007FF6886C1000-memory.dmp

    Filesize

    3.3MB

  • memory/432-256-0x00007FF688370000-0x00007FF6886C1000-memory.dmp

    Filesize

    3.3MB

  • memory/632-213-0x00007FF621570000-0x00007FF6218C1000-memory.dmp

    Filesize

    3.3MB

  • memory/632-14-0x00007FF621570000-0x00007FF6218C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1136-252-0x00007FF6DDF60000-0x00007FF6DE2B1000-memory.dmp

    Filesize

    3.3MB

  • memory/1136-149-0x00007FF6DDF60000-0x00007FF6DE2B1000-memory.dmp

    Filesize

    3.3MB

  • memory/1136-107-0x00007FF6DDF60000-0x00007FF6DE2B1000-memory.dmp

    Filesize

    3.3MB

  • memory/1240-255-0x00007FF7DA470000-0x00007FF7DA7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1240-152-0x00007FF7DA470000-0x00007FF7DA7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1240-115-0x00007FF7DA470000-0x00007FF7DA7C1000-memory.dmp

    Filesize

    3.3MB

  • memory/1272-250-0x00007FF7D4560000-0x00007FF7D48B1000-memory.dmp

    Filesize

    3.3MB

  • memory/1272-100-0x00007FF7D4560000-0x00007FF7D48B1000-memory.dmp

    Filesize

    3.3MB

  • memory/1424-262-0x00007FF6B8F90000-0x00007FF6B92E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1424-128-0x00007FF6B8F90000-0x00007FF6B92E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1424-154-0x00007FF6B8F90000-0x00007FF6B92E1000-memory.dmp

    Filesize

    3.3MB

  • memory/1884-66-0x00007FF7C8510000-0x00007FF7C8861000-memory.dmp

    Filesize

    3.3MB

  • memory/1884-233-0x00007FF7C8510000-0x00007FF7C8861000-memory.dmp

    Filesize

    3.3MB

  • memory/1884-144-0x00007FF7C8510000-0x00007FF7C8861000-memory.dmp

    Filesize

    3.3MB

  • memory/1908-63-0x00007FF7D6FC0000-0x00007FF7D7311000-memory.dmp

    Filesize

    3.3MB

  • memory/1908-230-0x00007FF7D6FC0000-0x00007FF7D7311000-memory.dmp

    Filesize

    3.3MB

  • memory/1908-143-0x00007FF7D6FC0000-0x00007FF7D7311000-memory.dmp

    Filesize

    3.3MB

  • memory/2072-227-0x00007FF6DA000000-0x00007FF6DA351000-memory.dmp

    Filesize

    3.3MB

  • memory/2072-52-0x00007FF6DA000000-0x00007FF6DA351000-memory.dmp

    Filesize

    3.3MB

  • memory/2568-109-0x00007FF7D3000000-0x00007FF7D3351000-memory.dmp

    Filesize

    3.3MB

  • memory/2568-34-0x00007FF7D3000000-0x00007FF7D3351000-memory.dmp

    Filesize

    3.3MB

  • memory/2568-223-0x00007FF7D3000000-0x00007FF7D3351000-memory.dmp

    Filesize

    3.3MB

  • memory/2656-26-0x00007FF6BEF50000-0x00007FF6BF2A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2656-217-0x00007FF6BEF50000-0x00007FF6BF2A1000-memory.dmp

    Filesize

    3.3MB

  • memory/2716-133-0x00007FF7CB310000-0x00007FF7CB661000-memory.dmp

    Filesize

    3.3MB

  • memory/2716-155-0x00007FF7CB310000-0x00007FF7CB661000-memory.dmp

    Filesize

    3.3MB

  • memory/2716-92-0x00007FF7CB310000-0x00007FF7CB661000-memory.dmp

    Filesize

    3.3MB

  • memory/2716-0-0x00007FF7CB310000-0x00007FF7CB661000-memory.dmp

    Filesize

    3.3MB

  • memory/2716-1-0x0000023E69780000-0x0000023E69790000-memory.dmp

    Filesize

    64KB

  • memory/2856-33-0x00007FF6C5D00000-0x00007FF6C6051000-memory.dmp

    Filesize

    3.3MB

  • memory/2856-215-0x00007FF6C5D00000-0x00007FF6C6051000-memory.dmp

    Filesize

    3.3MB

  • memory/3188-150-0x00007FF67A5D0000-0x00007FF67A921000-memory.dmp

    Filesize

    3.3MB

  • memory/3188-259-0x00007FF67A5D0000-0x00007FF67A921000-memory.dmp

    Filesize

    3.3MB

  • memory/3188-123-0x00007FF67A5D0000-0x00007FF67A921000-memory.dmp

    Filesize

    3.3MB

  • memory/3624-74-0x00007FF6EFA80000-0x00007FF6EFDD1000-memory.dmp

    Filesize

    3.3MB

  • memory/3624-244-0x00007FF6EFA80000-0x00007FF6EFDD1000-memory.dmp

    Filesize

    3.3MB

  • memory/3692-25-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp

    Filesize

    3.3MB

  • memory/3692-117-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp

    Filesize

    3.3MB

  • memory/3692-219-0x00007FF6D13B0000-0x00007FF6D1701000-memory.dmp

    Filesize

    3.3MB

  • memory/3912-232-0x00007FF607AB0000-0x00007FF607E01000-memory.dmp

    Filesize

    3.3MB

  • memory/3912-141-0x00007FF607AB0000-0x00007FF607E01000-memory.dmp

    Filesize

    3.3MB

  • memory/3912-59-0x00007FF607AB0000-0x00007FF607E01000-memory.dmp

    Filesize

    3.3MB

  • memory/4332-248-0x00007FF68E4D0000-0x00007FF68E821000-memory.dmp

    Filesize

    3.3MB

  • memory/4332-88-0x00007FF68E4D0000-0x00007FF68E821000-memory.dmp

    Filesize

    3.3MB

  • memory/4332-147-0x00007FF68E4D0000-0x00007FF68E821000-memory.dmp

    Filesize

    3.3MB

  • memory/4436-84-0x00007FF70D7E0000-0x00007FF70DB31000-memory.dmp

    Filesize

    3.3MB

  • memory/4436-246-0x00007FF70D7E0000-0x00007FF70DB31000-memory.dmp

    Filesize

    3.3MB

  • memory/4596-225-0x00007FF63DC00000-0x00007FF63DF51000-memory.dmp

    Filesize

    3.3MB

  • memory/4596-39-0x00007FF63DC00000-0x00007FF63DF51000-memory.dmp

    Filesize

    3.3MB

  • memory/4596-129-0x00007FF63DC00000-0x00007FF63DF51000-memory.dmp

    Filesize

    3.3MB

  • memory/4728-222-0x00007FF73FA70000-0x00007FF73FDC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4728-51-0x00007FF73FA70000-0x00007FF73FDC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4728-130-0x00007FF73FA70000-0x00007FF73FDC1000-memory.dmp

    Filesize

    3.3MB

  • memory/4980-153-0x00007FF6957D0000-0x00007FF695B21000-memory.dmp

    Filesize

    3.3MB

  • memory/4980-261-0x00007FF6957D0000-0x00007FF695B21000-memory.dmp

    Filesize

    3.3MB

  • memory/4980-124-0x00007FF6957D0000-0x00007FF695B21000-memory.dmp

    Filesize

    3.3MB