Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2025 23:01

General

  • Target

    2025-01-21_c2a514837d984e0c0dd41db126bca062_cobalt-strike_cobaltstrike_poet-rat.exe

  • Size

    5.7MB

  • MD5

    c2a514837d984e0c0dd41db126bca062

  • SHA1

    ff02f2d7edf928c378cc1a0fb61ac9e8af522643

  • SHA256

    f83a6fbc9ab4729d3546c3ff3724312a695bd0e985de4b405384469dd3d427a8

  • SHA512

    b604498842019db299288b613ffb7eff12fbb7edf71e72a9f30435f83116a39b6918e8795045324cf6436a6d56a5129283b18e8633d5c162c30320f4522fc457

  • SSDEEP

    98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lUr:j+R56utgpPF8u/7r

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Signatures

  • Cobalt Strike reflective loader 21 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

  • Cobaltstrike family
  • Xmrig family
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

  • XMRig Miner payload 42 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 21 IoCs
  • Drops file in Windows directory 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-21_c2a514837d984e0c0dd41db126bca062_cobalt-strike_cobaltstrike_poet-rat.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-21_c2a514837d984e0c0dd41db126bca062_cobalt-strike_cobaltstrike_poet-rat.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\System\NWgYdql.exe
      C:\Windows\System\NWgYdql.exe
      2⤵
      • Executes dropped EXE
      PID:1692
    • C:\Windows\System\TTpKxsN.exe
      C:\Windows\System\TTpKxsN.exe
      2⤵
      • Executes dropped EXE
      PID:2108
    • C:\Windows\System\STdlKJd.exe
      C:\Windows\System\STdlKJd.exe
      2⤵
      • Executes dropped EXE
      PID:2156
    • C:\Windows\System\KdhYNEA.exe
      C:\Windows\System\KdhYNEA.exe
      2⤵
      • Executes dropped EXE
      PID:2420
    • C:\Windows\System\lTDaqfG.exe
      C:\Windows\System\lTDaqfG.exe
      2⤵
      • Executes dropped EXE
      PID:2452
    • C:\Windows\System\mIuwHRA.exe
      C:\Windows\System\mIuwHRA.exe
      2⤵
      • Executes dropped EXE
      PID:2748
    • C:\Windows\System\phAwfHG.exe
      C:\Windows\System\phAwfHG.exe
      2⤵
      • Executes dropped EXE
      PID:2840
    • C:\Windows\System\SlgVjyA.exe
      C:\Windows\System\SlgVjyA.exe
      2⤵
      • Executes dropped EXE
      PID:2760
    • C:\Windows\System\NPWOCrw.exe
      C:\Windows\System\NPWOCrw.exe
      2⤵
      • Executes dropped EXE
      PID:2732
    • C:\Windows\System\zncBJEz.exe
      C:\Windows\System\zncBJEz.exe
      2⤵
      • Executes dropped EXE
      PID:1924
    • C:\Windows\System\NKXfXFd.exe
      C:\Windows\System\NKXfXFd.exe
      2⤵
      • Executes dropped EXE
      PID:2968
    • C:\Windows\System\IajvOqs.exe
      C:\Windows\System\IajvOqs.exe
      2⤵
      • Executes dropped EXE
      PID:2776
    • C:\Windows\System\ppHaMHK.exe
      C:\Windows\System\ppHaMHK.exe
      2⤵
      • Executes dropped EXE
      PID:2612
    • C:\Windows\System\HKYmHjE.exe
      C:\Windows\System\HKYmHjE.exe
      2⤵
      • Executes dropped EXE
      PID:2684
    • C:\Windows\System\aiaCNzA.exe
      C:\Windows\System\aiaCNzA.exe
      2⤵
      • Executes dropped EXE
      PID:2436
    • C:\Windows\System\CxRpTDQ.exe
      C:\Windows\System\CxRpTDQ.exe
      2⤵
      • Executes dropped EXE
      PID:2004
    • C:\Windows\System\MjzHpgL.exe
      C:\Windows\System\MjzHpgL.exe
      2⤵
      • Executes dropped EXE
      PID:1504
    • C:\Windows\System\AMQosLU.exe
      C:\Windows\System\AMQosLU.exe
      2⤵
      • Executes dropped EXE
      PID:2816
    • C:\Windows\System\ZwlIYYK.exe
      C:\Windows\System\ZwlIYYK.exe
      2⤵
      • Executes dropped EXE
      PID:2792
    • C:\Windows\System\NwmWyri.exe
      C:\Windows\System\NwmWyri.exe
      2⤵
      • Executes dropped EXE
      PID:2032
    • C:\Windows\System\WHnuJJn.exe
      C:\Windows\System\WHnuJJn.exe
      2⤵
      • Executes dropped EXE
      PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\CxRpTDQ.exe

    Filesize

    5.7MB

    MD5

    8d7270c78e820fcf754931b6553adf0a

    SHA1

    e6f2b0f799150ca64e18b7740e9cf198fd146d7f

    SHA256

    7159bb3536c30bbaccb8e61d23978b33d524d9c937e7a9e5c1169ec8a2f6657d

    SHA512

    f8e18b4f67cdd846938cd62e4e1d5eb556d74fc11178b18277140a88d40d94c047b80b6c0ff97dd98776c02eee3ca98b31d60cd5d9a9f1618c5b38b9f7dc8b3c

  • C:\Windows\system\HKYmHjE.exe

    Filesize

    5.7MB

    MD5

    4f2a80ab9bc61771935146d20b727109

    SHA1

    883548f847ed31e9b05acdfbfebe5d2aafb14168

    SHA256

    298b47cb1cbb4568f83f89f467ee7c8e73a10dc0446570c53f31b6d85e9ee62a

    SHA512

    623f36f8ba1538f83ae2e94f094337f004e3e693b0572f39f629e56e8cd2e863536378a633ea148cb6228e2e933d535d0ee062f63907222ed822bbabf65bd221

  • C:\Windows\system\KdhYNEA.exe

    Filesize

    5.7MB

    MD5

    6bb92c0ee1583ea60975be8e9e1779e5

    SHA1

    b99e52b2cf4b75b374b587d38084bd462ab41a57

    SHA256

    5127531243fcb361294810ea8f304239bd95222c9621025e4d6ea1bdb95cbe38

    SHA512

    0f60a46490fe55e1eabaa14c26b1c2dd29d4c180598e0f9ed4943be831033fa9a94c097725f1798b1f2fa6d00ee6ce2f6b122024af09c05d107b156f0430489a

  • C:\Windows\system\MjzHpgL.exe

    Filesize

    5.7MB

    MD5

    bf20c49d3a65963f3bc9e31d0c031579

    SHA1

    d12221f31841d85d70bcc443bd95237f8734e195

    SHA256

    4a312a2713d2ae9f774de6efc4cc09b5e9f7ec9f7c9ce96b016a467ee220c25d

    SHA512

    536e03c764cd6ae3fe5fc180b54f0ba2c41e5678ce3a55b393d970c232f69eb90d38bb2c26dc148042e417aa36afe3e0d946d2acc2e0eabed45ba9d17b47c9e3

  • C:\Windows\system\NKXfXFd.exe

    Filesize

    5.7MB

    MD5

    c7432f60d36db060a1a00fe94c88db9c

    SHA1

    94879685d34146415984356bf1b063e08a8e0bd6

    SHA256

    ca08270982e27eed6201b73390db94550e9ab9061c0764364f779bd0b80b363e

    SHA512

    94a62f74166c3d3fc882027b50f44fb781053352d86b83d75118b2c14c46bb1b9e52959cea1b0b1f4ce8766a5748b77c5035e690ff59d006b2bdf22af926878e

  • C:\Windows\system\NPWOCrw.exe

    Filesize

    5.7MB

    MD5

    9ecbb5298c4eab3cceea3bd1aefaa5b0

    SHA1

    dd4850def8b3e0e8c24d00865a0d0f2a31017160

    SHA256

    6e2211f92dce3516ca5fe09874ab0986503a3849fb7192c2a31d09565a7b5880

    SHA512

    84f437971c2adcea36c11c0a992b673a849336d1957cac81cb384f3fcdbce70eb6c58c6d3e8dad1bb21f549614f9f03f98f3f4ec78ae655b219a0a136af6cc29

  • C:\Windows\system\STdlKJd.exe

    Filesize

    5.7MB

    MD5

    750cb217992328ca72da559a9f9ee342

    SHA1

    e3b6707983952027046e31d65cc001bc50f6348f

    SHA256

    0a65b3aa53521e7007579ccfeb85f56ff7548a8708e8a0f9a8c4b38c1c848903

    SHA512

    b230e6147b5679e9d55d67f9b060940153f7a1e2a1ca9719c55b7df4bf1a59fc9d228994e33ed41d5c718d8931c9e1fb09da6d6c455fe2fe55d963dd9e885b44

  • C:\Windows\system\SlgVjyA.exe

    Filesize

    5.7MB

    MD5

    7830da7fc51c222cc5294849c7fd69e3

    SHA1

    b2935974db8cc62856f5185a795a9a9f603bf7b9

    SHA256

    3ccb6da8095c50a029dfcf0dce0b81eb00516757b8f27237759101d680207e0b

    SHA512

    c39bfa3651b7682a5c89ef567c0d284b2ef2a0e523f7b26faa25d0be6bfd0d14d7b82c989db04a5ce450b72dac4d5216794758ddcc0559cb2a2af737b2ae71e8

  • C:\Windows\system\WHnuJJn.exe

    Filesize

    5.7MB

    MD5

    4c73fe4295fbecc96a301ba7d32b844d

    SHA1

    d5d2f699fad10a87f2b39bd4c04b11265ef6296c

    SHA256

    239dffafd93887048c79a3cd03c898e621fe4ee0df13dbbd60c34b72b0ea9b2d

    SHA512

    a84547b53de712c17c53fbe687d6f0bc02c7b39515cf3a2cf8597bf724a402654cc0d6d74879d8ec8bbb99d956a31d81532803bf4a5a3662b1510bd8b184a724

  • C:\Windows\system\ZwlIYYK.exe

    Filesize

    5.7MB

    MD5

    4486cc8ae45d4a6b78dbb378f010add1

    SHA1

    0622793e8e896e7a203165170ba84ec90f38fc08

    SHA256

    b61e23665f3367409bfe0242dbb978d16aad3ddf2ced6c90d7b7fab03fe23cf7

    SHA512

    edaf2e9e84eb4d46a5e34415b82d4c30ec7c2d97ede5f524c13c4ccc0b2117db25adadea0499342d8dcd25ad7ca58d448d7a77d2e775dc44e1fb7904d2c55545

  • C:\Windows\system\aiaCNzA.exe

    Filesize

    5.7MB

    MD5

    9947f8ddd8e979d4bd99a16aa050233e

    SHA1

    66940e4377356e9bacee31a5093b2d9c0603e83e

    SHA256

    ebda380e5e5669618f128797d99c77db823c42542548b946b1a719c3c090fb7b

    SHA512

    e69fa76a9a980b103807ce8d100435a08f8e98754bdf8c833b639c8257bca3c04f32a6458353f5aab62a1f87359173a60f7eff611d2d06ad2c7d2e09dd45751b

  • C:\Windows\system\lTDaqfG.exe

    Filesize

    5.7MB

    MD5

    a10b71594e27c9a3f286e00240d13d38

    SHA1

    e1da169bbacbd4a98113d92d7f2a95cd57f0a4a3

    SHA256

    45b64b0e92dbb6190f9f79ce7a6e32ea947db100fd4cbd2bebf67f63cd0a4905

    SHA512

    c61a212597fd61021555f937952e64727b3840913f16edae577fc45ed993003c07d5f647f65d6d7c2d703daaaa765e7e09e435af5996d35d299f24a8162a2ee5

  • C:\Windows\system\mIuwHRA.exe

    Filesize

    5.7MB

    MD5

    00f0175a668e1de5ce697aab663f5c19

    SHA1

    315d5181db7eb8ae46b127deb3854662ca429ace

    SHA256

    3e4941f017a1c6a55f13126a9811063676926d5b19de20ea3cd007aa8ff92c8b

    SHA512

    fc99588ffc269ab836551730f527cc406ef8ea9b32cf7db460c714de35996cd573e83c17c6a8d9004cc788efe135206f7fddc781859b60adde19f1cfa040fdb3

  • C:\Windows\system\phAwfHG.exe

    Filesize

    5.7MB

    MD5

    7e9bca19ab4b1ef103c7441fe168955d

    SHA1

    52a212eb3c0759afb379931f73c86915ca09dd20

    SHA256

    ec7f4346995c1d84e7ef6942e50231822b0eb58a2bc27b1145b4c06190fc992c

    SHA512

    56af23e7555e9bcb4eaac614719bfed9581fa2be5157602204bcb8b77a66f2bbb8accdbeb3828284c7e8e916d7cd813d13f5cfa13ce64045e68dba43e582d239

  • C:\Windows\system\ppHaMHK.exe

    Filesize

    5.7MB

    MD5

    7a535c2a3e22c911bb4da094067ab1b0

    SHA1

    738b7357bc9e862031a85c14740ce089d1239330

    SHA256

    49c08326c3d8c3909e5b4806917dbea19fd7ed2dee442f24c456604536338de6

    SHA512

    8151884dbc00c4149ae147ac5210dc01397b1733fd75a30e96aaece23c7ab9381648feaad2c225e4355789f195826c8121c26a956ead3ed92cb192112b77e9c6

  • C:\Windows\system\zncBJEz.exe

    Filesize

    5.7MB

    MD5

    bdd21f216660e002198fddd73bf1448c

    SHA1

    d1ebadda246758df436022625ea89dee25761e24

    SHA256

    9af005186513fa2c776b7e6102ba795ab93c541cb092c5da4f83ac624522cf4e

    SHA512

    c93703d83a672e6c3d25de5174c8197438523d1a835babf53e7ad14e20bc9b689d37bb6505a479f6a1f075603deb2af7d8c2f0ed3c1b0e20d2f737dd70a789ee

  • \Windows\system\AMQosLU.exe

    Filesize

    5.7MB

    MD5

    4c888086a1daf984b54c2d0f7b07bf67

    SHA1

    d6a32767763f0daec4744e1ee6024af92aa004f1

    SHA256

    07f8d96409e0d314ac51748f816e1afd0e5b7f758c748fb80a8cac8607d6f85b

    SHA512

    32f135bf537bebd6f48b96016548ba1365b258e498e61eca2fb004e02e5b600a0f394e2768625ab0e2241b6281bbbc30b5b50f5fc64a7425b8b1f7b04dd02090

  • \Windows\system\IajvOqs.exe

    Filesize

    5.7MB

    MD5

    765d89a4b39e8073697fdc4e6cd41e61

    SHA1

    626bfd3cf5fb3c14b1fe15db938ddc3fa2a174df

    SHA256

    318abf6256d18f520b6c4d768cdf730a3175c3d0dc080dc2998d312add3f98c6

    SHA512

    4cc024e2a29d039ba5daf33cab31f6163b7cdd34f1d5c558b69a1f62744684dbe5017f3d0ff04f7736dadd3fbebd81141bc80b1e1e89018bbcfcf888a39aee27

  • \Windows\system\NWgYdql.exe

    Filesize

    5.7MB

    MD5

    9c8cebde46761e09925c37520975e2a6

    SHA1

    51131bd92af2d9185bcfd231b618f24a2a2b6310

    SHA256

    acd1b5784fe4c1be469e3aa23af1de7129f6c5f7894350e8c42128ebad4d097b

    SHA512

    cc8dc8417d9b80df63431509f4c1bea8d35f718c560cb69372b00e5d5c5c615c137f527bc1968e5c592be9751858e2e389f5f7a29b31e68727737e4014a7296c

  • \Windows\system\NwmWyri.exe

    Filesize

    5.7MB

    MD5

    c257beaf43a18bf4aa06d62d29d6940d

    SHA1

    2eb3aa9f6ba87291c289dde705e54558224ea68c

    SHA256

    2a57dbe4121d98b494311100b358e8026394c7ad921bd9006444b14a683393bb

    SHA512

    5d0a1eeab5e94f76e48e2269090f5205a3ffecd5a70ac26bff3c6fb12eee3e56f02272db416e34f880054b4ee4739311815a3fd2aeadd134d37b8c3eaf88de7a

  • \Windows\system\TTpKxsN.exe

    Filesize

    5.7MB

    MD5

    4ba6947b63f3d4fd1519921d90e38fa1

    SHA1

    c8805a2e02df39b603ddc94f462539ea6facaead

    SHA256

    5764fd3e6c2337cd22eb844c6e889a3c2bee0722b51f9365943c5628e3edbc57

    SHA512

    ab15ab6a1a18bdcdf90835de80e76fb8b6246226944cd2da625592a2067e7f3437a5b69db793c84e62a9d3eaace704622638046859f30971a607d7feaa3f2a35

  • memory/1504-102-0x000000013F950000-0x000000013FC9D000-memory.dmp

    Filesize

    3.3MB

  • memory/1692-11-0x000000013F780000-0x000000013FACD000-memory.dmp

    Filesize

    3.3MB

  • memory/1924-60-0x000000013F8B0000-0x000000013FBFD000-memory.dmp

    Filesize

    3.3MB

  • memory/2004-96-0x000000013F250000-0x000000013F59D000-memory.dmp

    Filesize

    3.3MB

  • memory/2032-125-0x000000013F1B0000-0x000000013F4FD000-memory.dmp

    Filesize

    3.3MB

  • memory/2108-12-0x000000013F700000-0x000000013FA4D000-memory.dmp

    Filesize

    3.3MB

  • memory/2156-24-0x000000013FBB0000-0x000000013FEFD000-memory.dmp

    Filesize

    3.3MB

  • memory/2420-22-0x000000013F350000-0x000000013F69D000-memory.dmp

    Filesize

    3.3MB

  • memory/2436-90-0x000000013FEE0000-0x000000014022D000-memory.dmp

    Filesize

    3.3MB

  • memory/2452-30-0x000000013F9B0000-0x000000013FCFD000-memory.dmp

    Filesize

    3.3MB

  • memory/2532-1-0x00000000001F0000-0x0000000000200000-memory.dmp

    Filesize

    64KB

  • memory/2532-0-0x000000013F3E0000-0x000000013F72D000-memory.dmp

    Filesize

    3.3MB

  • memory/2612-81-0x000000013F770000-0x000000013FABD000-memory.dmp

    Filesize

    3.3MB

  • memory/2684-84-0x000000013F310000-0x000000013F65D000-memory.dmp

    Filesize

    3.3MB

  • memory/2748-36-0x000000013F4C0000-0x000000013F80D000-memory.dmp

    Filesize

    3.3MB

  • memory/2760-48-0x000000013F030000-0x000000013F37D000-memory.dmp

    Filesize

    3.3MB

  • memory/2776-75-0x000000013FEA0000-0x00000001401ED000-memory.dmp

    Filesize

    3.3MB

  • memory/2792-110-0x000000013FD00000-0x000000014004D000-memory.dmp

    Filesize

    3.3MB

  • memory/2816-122-0x000000013FC10000-0x000000013FF5D000-memory.dmp

    Filesize

    3.3MB

  • memory/2840-42-0x000000013F470000-0x000000013F7BD000-memory.dmp

    Filesize

    3.3MB

  • memory/2848-118-0x000000013F040000-0x000000013F38D000-memory.dmp

    Filesize

    3.3MB

  • memory/2968-65-0x000000013F680000-0x000000013F9CD000-memory.dmp

    Filesize

    3.3MB