Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 20:57

General

  • Target

    2024-08-14_4a884931dd6fed9f9908150d6f769d91_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.2MB

  • MD5

    4a884931dd6fed9f9908150d6f769d91

  • SHA1

    e2f9524d84dfbe92ce2ad83f9a675b93d24c1fcc

  • SHA256

    d99377a546391844c7a4e9917b86ee6d316fceaee76a6ee7cfda39786332d387

  • SHA512

    9ddeab9318bae2180f86f36721a9cf1c398ba43e5d712b63175b652e904e788a52d53773ff5883fb599fb96dc8ef63f54836635523e83b7dfbae794a538f1035

  • SSDEEP

    49152:ROdWCCi7/raA56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6lH:RWWBibj56utgpPFotBER/mQ32lUz

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 45 IoCs
  • Executes dropped EXE 21 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-14_4a884931dd6fed9f9908150d6f769d91_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-14_4a884931dd6fed9f9908150d6f769d91_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4568
    • C:\Windows\System\ucepLGH.exe
      C:\Windows\System\ucepLGH.exe
      2⤵
      • Executes dropped EXE
      PID:1992
    • C:\Windows\System\TeLaRry.exe
      C:\Windows\System\TeLaRry.exe
      2⤵
      • Executes dropped EXE
      PID:4320
    • C:\Windows\System\HvgjWlZ.exe
      C:\Windows\System\HvgjWlZ.exe
      2⤵
      • Executes dropped EXE
      PID:3996
    • C:\Windows\System\FPKYiFG.exe
      C:\Windows\System\FPKYiFG.exe
      2⤵
      • Executes dropped EXE
      PID:3584
    • C:\Windows\System\HFJOcBy.exe
      C:\Windows\System\HFJOcBy.exe
      2⤵
      • Executes dropped EXE
      PID:3992
    • C:\Windows\System\yxxPYkv.exe
      C:\Windows\System\yxxPYkv.exe
      2⤵
      • Executes dropped EXE
      PID:1628
    • C:\Windows\System\IRzMzvw.exe
      C:\Windows\System\IRzMzvw.exe
      2⤵
      • Executes dropped EXE
      PID:1820
    • C:\Windows\System\GJkbsDS.exe
      C:\Windows\System\GJkbsDS.exe
      2⤵
      • Executes dropped EXE
      PID:3676
    • C:\Windows\System\ojPQsed.exe
      C:\Windows\System\ojPQsed.exe
      2⤵
      • Executes dropped EXE
      PID:1060
    • C:\Windows\System\lJqciEY.exe
      C:\Windows\System\lJqciEY.exe
      2⤵
      • Executes dropped EXE
      PID:4580
    • C:\Windows\System\vBUAOmk.exe
      C:\Windows\System\vBUAOmk.exe
      2⤵
      • Executes dropped EXE
      PID:4088
    • C:\Windows\System\dPyoZip.exe
      C:\Windows\System\dPyoZip.exe
      2⤵
      • Executes dropped EXE
      PID:2384
    • C:\Windows\System\KgUEVIr.exe
      C:\Windows\System\KgUEVIr.exe
      2⤵
      • Executes dropped EXE
      PID:4028
    • C:\Windows\System\QTqeJRQ.exe
      C:\Windows\System\QTqeJRQ.exe
      2⤵
      • Executes dropped EXE
      PID:1916
    • C:\Windows\System\cHTaDpl.exe
      C:\Windows\System\cHTaDpl.exe
      2⤵
      • Executes dropped EXE
      PID:3424
    • C:\Windows\System\WaREuyW.exe
      C:\Windows\System\WaREuyW.exe
      2⤵
      • Executes dropped EXE
      PID:3392
    • C:\Windows\System\AKIJWdM.exe
      C:\Windows\System\AKIJWdM.exe
      2⤵
      • Executes dropped EXE
      PID:1908
    • C:\Windows\System\sAvbqqn.exe
      C:\Windows\System\sAvbqqn.exe
      2⤵
      • Executes dropped EXE
      PID:1744
    • C:\Windows\System\SizUtPe.exe
      C:\Windows\System\SizUtPe.exe
      2⤵
      • Executes dropped EXE
      PID:4732
    • C:\Windows\System\eVFSZEo.exe
      C:\Windows\System\eVFSZEo.exe
      2⤵
      • Executes dropped EXE
      PID:5060
    • C:\Windows\System\QassaPW.exe
      C:\Windows\System\QassaPW.exe
      2⤵
      • Executes dropped EXE
      PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\AKIJWdM.exe

    Filesize

    5.2MB

    MD5

    e894d852fb9d070fefdc7eacd24f70f7

    SHA1

    25c807db2b0b6a9b1b822d237ae23efded667cb5

    SHA256

    2e230815330166623b700af7a1b01fb708c7ca102e5e77c90dd02326308919fe

    SHA512

    23cf61ea88d4323e2cdde069bc5c2809e0bfe9d6daef32047908209496417ab57618887a573a0d158ce640c9b61897995fa97ae6af8597e0d189074d7fbd714b

  • C:\Windows\System\FPKYiFG.exe

    Filesize

    5.2MB

    MD5

    dfe7bbca6284020e335b43ecffad0616

    SHA1

    616d39910cecf8d284ae8085bf4393f8f95dc902

    SHA256

    9832da0d946656be7fa17e46e0f62ab5eb04540c7fd632d7ca837ba41052bfe1

    SHA512

    e8d28ef36b2993df118a4ac34cbb611695564b4659032d3e2035e4022b649ac9a85d105cc418aa641a3d8ff119b19df8f60a7db62210a63df9d569a9a51764c2

  • C:\Windows\System\GJkbsDS.exe

    Filesize

    5.2MB

    MD5

    797c00102e63de7e15cd278f967c5780

    SHA1

    d294e2a32a31805f25d7dcfb065e1c8a12de02e5

    SHA256

    4c3853c17a3da21202e2a58ba21ce2b4c7ef03e464d823bbd711605c8307d84f

    SHA512

    8297449362066576a5affe7ffe2117ea6d953e2760f911bd891b2975038094465c7bd1855c8d5a23d3b668a825b05ab2051559bbce1c74e7ab37e19523d06f3c

  • C:\Windows\System\HFJOcBy.exe

    Filesize

    5.2MB

    MD5

    367d96f8cdf1074063ec586c7624725b

    SHA1

    04358aa1a17d724c330bf0bc9d69176069d7e31d

    SHA256

    4ba7412607bacd1c313fdf4a27be60bb7b966dd426322e6f83ad1e443228934b

    SHA512

    7601a7f6f4da996b12cd8b4fed8d774b43b8380ddd76cd465a8bf79862cec2ca3a877a9df1b19e35af9499a028b504d205d92d169082f204bf8163d7cc2f576d

  • C:\Windows\System\HvgjWlZ.exe

    Filesize

    5.2MB

    MD5

    f41f1cb33b0d2f29ee0c834edcc58342

    SHA1

    325ebf79d67675a83a0ba77c74789d1c5bd7d215

    SHA256

    e685c26d3c366299fab874f51d88f1e455109a710e67a032161a2bc524b04faa

    SHA512

    66dab37ca7933f5df9edf74b6b98174a8ebc8565ab3a8f0e68a29dba1022f77fced5dc019fb649b37a64a7a565647892bb017c5aa25d0f952ddacd388caa27f4

  • C:\Windows\System\IRzMzvw.exe

    Filesize

    5.2MB

    MD5

    ab93677cff382852eecd16ede0590a1a

    SHA1

    41d8522d70f796e74b231a9366172790e5022e88

    SHA256

    1befaa94c22dfb7fe9072c046d5d16f6cee4ff9b574d1e37874d1c4e61a1ee34

    SHA512

    4b6061d6098cf25dd0b9770dedd216c0ce9c3c901c1524933daf077ef99ef30ba5cb9a91e3bad29d5494f6295abc1cdaf53b200f64f69d90ff06b359f12616d2

  • C:\Windows\System\KgUEVIr.exe

    Filesize

    5.2MB

    MD5

    bbc3fe288bc7a6721f6e02919f0b7ee3

    SHA1

    161b600a37b8e882a179f2c2b26408097d322976

    SHA256

    4c234ade1298299e216d6f7fc93637fa0bb9e63dea1ea224310db4dd31db685c

    SHA512

    bb7d8476fe66400bd19b67f706ab1f346fae6e9715005e67760ccc578785f906cde1bbe5fb1f526c662619c463a1015f6bd2f769580a24d92d6b56d871dd4de5

  • C:\Windows\System\QTqeJRQ.exe

    Filesize

    5.2MB

    MD5

    b8b40266eb14bd925dddbad3067c1bbb

    SHA1

    babb11bf0384bc39b8e8f305af65c2bd9c031b4e

    SHA256

    d0f31ba30580ec7b682d35f68b01a772b84c83140b0f2f9ab8a0ed1ab26f55d0

    SHA512

    2224b0396ddfe1e1daee709aadbe456eff155c28149c27aaaeaa4e4971a435ab9e96df0c08a9940334e8cc387c05ad62e7c5cbec82dabe53717220072bbbec05

  • C:\Windows\System\QassaPW.exe

    Filesize

    5.2MB

    MD5

    c3981bdae4ebf0c3c3603b1091669bea

    SHA1

    917cd9d2aeb010c1c1b3ed6eccca947acb7a0e0f

    SHA256

    1a95dcccb87c522c00407fbedf9dd35306c203c922096b571f72c476d8271ac2

    SHA512

    e96bc48829d236f25c9e8e2289ffda70563f7cab1167384619e863f5890466b5d859d63d7b02a63d70257c6da7c8de07a4083d425c20c246f4b85a30eaff7e8d

  • C:\Windows\System\SizUtPe.exe

    Filesize

    5.2MB

    MD5

    9c1abb27934197f8ef835521e7723685

    SHA1

    450e06b37a46a1f7612e33c5fb135af2e1ab1229

    SHA256

    a365e5fc29452a5e4dba8a51118d8a7f8a25ee19dfbaa8c6bea40b11028d0527

    SHA512

    909e30b472f6f00d982f76ae46d96c3cedd1ea2302f030c9641e80bec29053faabee2a62e6b2c036068a6c7ef7043a0f9bda2a8538ad527c9f774f22ffc0073c

  • C:\Windows\System\TeLaRry.exe

    Filesize

    5.2MB

    MD5

    791dae4703ddf0d6d3298f9c834aaa54

    SHA1

    bac122d64e283fa1bd581b5980ff428f03ea6d45

    SHA256

    1f3951a16daac4f573034b2f80cb1a15192f8acbee9244bfc738cdea59daf7d9

    SHA512

    b8c87422b98df116fbc8326780375321d819e29260d151c9fbabd96c4a5ce617a4764e2c6390c95ca8b8b832737e1e42caff020f9c43fefc070de3ec31afc56a

  • C:\Windows\System\WaREuyW.exe

    Filesize

    5.2MB

    MD5

    1725c6e02294f9906609eeee99347c49

    SHA1

    38df0a3f6ab3975dd84973a76b98ceb1e2340bf7

    SHA256

    a31be254d1b23a2e99f6c3ef032a5416591f9b0fcb06f9de821d82f659eda550

    SHA512

    6b5d4e5784384403ef7368fe70e276a3be1cae4265604444be17fca8ec3629a5044bbbd022e121bf25c2179ddd14ae6edf13ddc1f70097173e3e81f114079dd0

  • C:\Windows\System\cHTaDpl.exe

    Filesize

    5.2MB

    MD5

    64b58a0f51a0556cd68293af5bfa3b04

    SHA1

    b48f5ac291ef025eb6bf1ba6367c2ad4adcdf9e1

    SHA256

    66aaaad7451906515186e91ac836faffb3d9254137000e20bdd6e2a627cbe5c7

    SHA512

    05974d0b61f2991c4d6e647fbf21b0d498c294e9b84499068a204627a179da018f06bd91dfba6deba95d0ae6bd4408304c47082a283340dcfe99d7d06aa3e733

  • C:\Windows\System\dPyoZip.exe

    Filesize

    5.2MB

    MD5

    ee4f689de6e0bb120608f89c340f2994

    SHA1

    72e01ccfb62ee3bd70df843e91a944f6e3fd91b7

    SHA256

    bc2c9c6ccde69bcf8ccd9de19e6462653c23f2a47afccc11891a42fef70b84e6

    SHA512

    486ead7942a25eedd814438e24bcf085b1fee9344fae0cc70d8673b94985e9ca008aaf72487f37a54d705122115e1db9c6bc5e5548200d0caf50e190e4bbe764

  • C:\Windows\System\eVFSZEo.exe

    Filesize

    5.2MB

    MD5

    66c0162e01e7bb4c1cb1adb12fc45ea7

    SHA1

    2ae3497dcd05d7b4c04e743b97b1699eb8197efd

    SHA256

    f73e51136c3b5f4cb3ce973ee4800946d57806d2dee5d74214ad7f22e696146a

    SHA512

    e47ab24da87a693d7b648144698240904fee186fcf1bcd1dbc42678b40e82abe8f1ee4ee9350526172030f75c855fa06b9d37e477a7e25f1ffcb324fa0ae2737

  • C:\Windows\System\lJqciEY.exe

    Filesize

    5.2MB

    MD5

    cc30d6f70115cfb76b96a65a16aec28d

    SHA1

    35bc1e124148ad37648157088953804369299e07

    SHA256

    fa3e0cf902792cec40630fa2f8d70481b34bb7aae8616f61256fa3363942bc91

    SHA512

    c6b820d5d03c2e27c5a8038a719afb2bab106a64e8454162713ad8565492849e833f96afd1874d3832bd48dff6aa0bd8e59a8942ae1f7353ef81f40b15d6d99c

  • C:\Windows\System\ojPQsed.exe

    Filesize

    5.2MB

    MD5

    94ee4aeff3fe88acd8312b2bc4af99cf

    SHA1

    89e8b3cef367817239c75f9b9b33b2c5eb53d51e

    SHA256

    26fa5200b72b99ffd57716347b4d17b5e099a1c9fc64743366f7632eb513407f

    SHA512

    8024feb8827872e8725639140213052dd62a0ea07644fd76bcae4995be4e7abc6322e0abaf70fd467d3e07c9895e8df325a8ad65973e71d355a0f037028cf859

  • C:\Windows\System\sAvbqqn.exe

    Filesize

    5.2MB

    MD5

    5abea4fa4c2cf5cefe9d7e61453c8e7f

    SHA1

    134e0c55732133ec6e28c50752e7fc0e32b5ba03

    SHA256

    e96cba568eb13ed46045de5ed7856aef977f3b984815ff24ecd8911528b93a97

    SHA512

    a60bdce39543e8ab9cf83e4d1c814d8e0ab45108f3c21d275b013bfb3322894814dd0749e169ccccbdf768113be6cb77216a712d2de4a558a743d25dbe707a19

  • C:\Windows\System\ucepLGH.exe

    Filesize

    5.2MB

    MD5

    a53000776c5f7f84224f16405f6ff133

    SHA1

    1c919ed1db253fa8fa3819b283bdbbc2de066722

    SHA256

    6b400e224d0fba22f661d20311c2c9dcef388f89ee0a4cea02fcb3d23dc548b3

    SHA512

    be9dcca89c836fae8a78676a0ad8a2e3ad315d30b78d9d7eac50bd94f505494ace13ae965e81131cc698c8b27ea3d92fa20fd017b4a15e95b82bc2a1eddc7d3b

  • C:\Windows\System\vBUAOmk.exe

    Filesize

    5.2MB

    MD5

    9910fde93c99ebadc1bf10076aee8c88

    SHA1

    070e544ed8a0e8e88001a4d5c3c9992d1472e6dd

    SHA256

    1b88efceb452417231911e765909a6a595683b09a6bbf0c8febd9d3a05066bc0

    SHA512

    c35c97bb8fcfae00249d7e3e3a2c14dda588c6abd199aef0b834889c6dd12b6c152bc7d6b49891f10dc92bf7286252b26e56933274ab92f6b2f040fbff89234e

  • C:\Windows\System\yxxPYkv.exe

    Filesize

    5.2MB

    MD5

    1d47127291429e52c1a82171f060c18d

    SHA1

    498eefeafb56f840e92b893cd16a4f97f647b9ed

    SHA256

    5d0c3e92e4489f2f2cc6d883c362213ae942923f2fe432b097034f9ee2d072c1

    SHA512

    907e33aa872373cb3c5bf75722722df7dd1764dd61d786b64d40c29bbd396b8c899a39bf70d15659699d025ade521b951d93070751617cad7492c605a42749e5

  • memory/1060-68-0x00007FF603710000-0x00007FF603A61000-memory.dmp

    Filesize

    3.3MB

  • memory/1060-215-0x00007FF603710000-0x00007FF603A61000-memory.dmp

    Filesize

    3.3MB

  • memory/1628-71-0x00007FF639FB0000-0x00007FF63A301000-memory.dmp

    Filesize

    3.3MB

  • memory/1628-207-0x00007FF639FB0000-0x00007FF63A301000-memory.dmp

    Filesize

    3.3MB

  • memory/1744-149-0x00007FF78F140000-0x00007FF78F491000-memory.dmp

    Filesize

    3.3MB

  • memory/1744-108-0x00007FF78F140000-0x00007FF78F491000-memory.dmp

    Filesize

    3.3MB

  • memory/1744-234-0x00007FF78F140000-0x00007FF78F491000-memory.dmp

    Filesize

    3.3MB

  • memory/1820-61-0x00007FF7493B0000-0x00007FF749701000-memory.dmp

    Filesize

    3.3MB

  • memory/1820-213-0x00007FF7493B0000-0x00007FF749701000-memory.dmp

    Filesize

    3.3MB

  • memory/1872-243-0x00007FF60FD80000-0x00007FF6100D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1872-130-0x00007FF60FD80000-0x00007FF6100D1000-memory.dmp

    Filesize

    3.3MB

  • memory/1908-232-0x00007FF62DD30000-0x00007FF62E081000-memory.dmp

    Filesize

    3.3MB

  • memory/1908-106-0x00007FF62DD30000-0x00007FF62E081000-memory.dmp

    Filesize

    3.3MB

  • memory/1916-88-0x00007FF626CA0000-0x00007FF626FF1000-memory.dmp

    Filesize

    3.3MB

  • memory/1916-226-0x00007FF626CA0000-0x00007FF626FF1000-memory.dmp

    Filesize

    3.3MB

  • memory/1992-120-0x00007FF680000000-0x00007FF680351000-memory.dmp

    Filesize

    3.3MB

  • memory/1992-199-0x00007FF680000000-0x00007FF680351000-memory.dmp

    Filesize

    3.3MB

  • memory/1992-10-0x00007FF680000000-0x00007FF680351000-memory.dmp

    Filesize

    3.3MB

  • memory/2384-143-0x00007FF732AA0000-0x00007FF732DF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2384-221-0x00007FF732AA0000-0x00007FF732DF1000-memory.dmp

    Filesize

    3.3MB

  • memory/2384-76-0x00007FF732AA0000-0x00007FF732DF1000-memory.dmp

    Filesize

    3.3MB

  • memory/3392-100-0x00007FF6741F0000-0x00007FF674541000-memory.dmp

    Filesize

    3.3MB

  • memory/3392-230-0x00007FF6741F0000-0x00007FF674541000-memory.dmp

    Filesize

    3.3MB

  • memory/3424-228-0x00007FF7BCAD0000-0x00007FF7BCE21000-memory.dmp

    Filesize

    3.3MB

  • memory/3424-92-0x00007FF7BCAD0000-0x00007FF7BCE21000-memory.dmp

    Filesize

    3.3MB

  • memory/3584-27-0x00007FF737DB0000-0x00007FF738101000-memory.dmp

    Filesize

    3.3MB

  • memory/3584-203-0x00007FF737DB0000-0x00007FF738101000-memory.dmp

    Filesize

    3.3MB

  • memory/3676-72-0x00007FF6E9100000-0x00007FF6E9451000-memory.dmp

    Filesize

    3.3MB

  • memory/3676-211-0x00007FF6E9100000-0x00007FF6E9451000-memory.dmp

    Filesize

    3.3MB

  • memory/3992-55-0x00007FF7E8810000-0x00007FF7E8B61000-memory.dmp

    Filesize

    3.3MB

  • memory/3992-209-0x00007FF7E8810000-0x00007FF7E8B61000-memory.dmp

    Filesize

    3.3MB

  • memory/3996-40-0x00007FF6B8BE0000-0x00007FF6B8F31000-memory.dmp

    Filesize

    3.3MB

  • memory/3996-205-0x00007FF6B8BE0000-0x00007FF6B8F31000-memory.dmp

    Filesize

    3.3MB

  • memory/4028-70-0x00007FF783090000-0x00007FF7833E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4028-144-0x00007FF783090000-0x00007FF7833E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4028-220-0x00007FF783090000-0x00007FF7833E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4088-223-0x00007FF7DCA10000-0x00007FF7DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/4088-142-0x00007FF7DCA10000-0x00007FF7DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/4088-73-0x00007FF7DCA10000-0x00007FF7DCD61000-memory.dmp

    Filesize

    3.3MB

  • memory/4320-14-0x00007FF6A6250000-0x00007FF6A65A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4320-129-0x00007FF6A6250000-0x00007FF6A65A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4320-201-0x00007FF6A6250000-0x00007FF6A65A1000-memory.dmp

    Filesize

    3.3MB

  • memory/4568-114-0x00007FF674800000-0x00007FF674B51000-memory.dmp

    Filesize

    3.3MB

  • memory/4568-131-0x00007FF674800000-0x00007FF674B51000-memory.dmp

    Filesize

    3.3MB

  • memory/4568-1-0x000001C6A25B0000-0x000001C6A25C0000-memory.dmp

    Filesize

    64KB

  • memory/4568-0-0x00007FF674800000-0x00007FF674B51000-memory.dmp

    Filesize

    3.3MB

  • memory/4568-153-0x00007FF674800000-0x00007FF674B51000-memory.dmp

    Filesize

    3.3MB

  • memory/4580-69-0x00007FF753F90000-0x00007FF7542E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4580-217-0x00007FF753F90000-0x00007FF7542E1000-memory.dmp

    Filesize

    3.3MB

  • memory/4732-118-0x00007FF7ECAC0000-0x00007FF7ECE11000-memory.dmp

    Filesize

    3.3MB

  • memory/4732-150-0x00007FF7ECAC0000-0x00007FF7ECE11000-memory.dmp

    Filesize

    3.3MB

  • memory/4732-241-0x00007FF7ECAC0000-0x00007FF7ECE11000-memory.dmp

    Filesize

    3.3MB

  • memory/5060-125-0x00007FF75E890000-0x00007FF75EBE1000-memory.dmp

    Filesize

    3.3MB

  • memory/5060-240-0x00007FF75E890000-0x00007FF75EBE1000-memory.dmp

    Filesize

    3.3MB

  • memory/5060-151-0x00007FF75E890000-0x00007FF75EBE1000-memory.dmp

    Filesize

    3.3MB