Analysis
-
max time kernel
140s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-06-2024 00:08
General
-
Target
2024-06-27_b0887affde9e562dcb9420b870c62b35_cobalt-strike_cobaltstrike_poet-rat.exe
-
Size
5.9MB
-
MD5
b0887affde9e562dcb9420b870c62b35
-
SHA1
b8e66f915a8ca0b9092d28637fdfcfe633306678
-
SHA256
9e06c80d196357b9186ac87ef45340436ce70bed5321980e7432fdc1ee07926c
-
SHA512
e2b5ea11a29f725850851c33712ca3ddc003a7a34527acc8655f35b7ab382f22d9741f665b2863d706ddbd90d33da12722cd22a7689bb4c03a646b2cbe3d3389
-
SSDEEP
98304:BemTLkNdfE0pZrt56utgpPFotBER/mQ32lU3:Q+856utgpPF8u/73
Malware Config
Extracted
cobaltstrike
0
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
access_type
512
-
beacon_type
256
-
create_remote_thread
768
-
crypto_scheme
256
-
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
-
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
-
http_method1
GET
-
http_method2
POST
-
maxdns
255
-
pipe_name
\\%s\pipe\msagent_%x
-
polling_time
5000
-
port_number
443
-
sc_process32
%windir%\syswow64\rundll32.exe
-
sc_process64
%windir%\sysnative\rundll32.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4096
-
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/N4215/adj/amzn.us.sr.aps
-
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
-
watermark
0
Signatures
-
Cobalt Strike reflective loader 21 IoCs
Detects the reflective loader used by Cobalt Strike.
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Detects Reflective DLL injection artifacts 21 IoCs
-
UPX dump on OEP (original entry point) 64 IoCs
-
XMRig Miner payload 64 IoCs
-
Executes dropped EXE 21 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 21 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 42 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-27_b0887affde9e562dcb9420b870c62b35_cobalt-strike_cobaltstrike_poet-rat.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-27_b0887affde9e562dcb9420b870c62b35_cobalt-strike_cobaltstrike_poet-rat.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System\XTqZRbd.exeC:\Windows\System\XTqZRbd.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\kMMUGvG.exeC:\Windows\System\kMMUGvG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ehcKjPL.exeC:\Windows\System\ehcKjPL.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\giUUhtM.exeC:\Windows\System\giUUhtM.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\hkVuNhx.exeC:\Windows\System\hkVuNhx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ehxXtdc.exeC:\Windows\System\ehxXtdc.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\JVizWlp.exeC:\Windows\System\JVizWlp.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\DBAmxXV.exeC:\Windows\System\DBAmxXV.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\SQrgWoE.exeC:\Windows\System\SQrgWoE.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\EvBhLdO.exeC:\Windows\System\EvBhLdO.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\PJWYjcw.exeC:\Windows\System\PJWYjcw.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ehLPuHe.exeC:\Windows\System\ehLPuHe.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\ptfrIlk.exeC:\Windows\System\ptfrIlk.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\WoYzCtR.exeC:\Windows\System\WoYzCtR.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\olbcXUf.exeC:\Windows\System\olbcXUf.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\VScCFwL.exeC:\Windows\System\VScCFwL.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\fdVbIBd.exeC:\Windows\System\fdVbIBd.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\eeXGkHG.exeC:\Windows\System\eeXGkHG.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\mzqXjUx.exeC:\Windows\System\mzqXjUx.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\altAbnZ.exeC:\Windows\System\altAbnZ.exe2⤵
- Executes dropped EXE
-
C:\Windows\System\BHrmBaS.exeC:\Windows\System\BHrmBaS.exe2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\System\BHrmBaS.exeFilesize
5.9MB
MD50ead6f38c827671e7c2e6c32ed7073a3
SHA1077e1854a271bf25d995e016fdb331f6387b409b
SHA25625a9877fc8c318bf4ca2a223dba60c182ca6f764f9f486385cd59996e34beb94
SHA512754fb520fff5dbe757ee0eb3d2b310b5f1e4ab4b3b902a75a33e6a5048fe23057c199e91085917202116d7ecc29e23bccf6ffc881f9873e8678947ac4c960220
-
C:\Windows\System\DBAmxXV.exeFilesize
5.9MB
MD5240c350115d9d25bed9dfa9f13703b88
SHA186bfca4b74dd690628e7217ea07bb8343b212f4e
SHA25670cac281eaad445824d7982e67e421741085bb9ffa363f0048acae506ff0c743
SHA512baa82a3f1a28dfe7bb3ecda877a39de2e13e2c9cf817be0b78c849944c13efa94404878d90a782991bc5f6811290563020a2baf477ac2bcc7be94b85dfa30191
-
C:\Windows\System\EvBhLdO.exeFilesize
5.9MB
MD50af65ee28850fe3164ead1e5577711aa
SHA188e7497c6a2ff321ae95104528365c2dbcde87ec
SHA256f76f8b312471848613e6d7eb5540b3fc8095369e2f91e71cf19381c434d4e3e3
SHA512b6e31b8313b836ed6c9641c2083765e04e2afd78e53eacdfe9d33c2ccb9a6101b86939715066d5ca91b15612742cc42cd0afa77cd40edc96ee09be7e44f79965
-
C:\Windows\System\JVizWlp.exeFilesize
5.9MB
MD5b85f58c89595ad1c05d51210419e1a34
SHA14146ef636167a1c15f932ece44eb4cd9e06aaef8
SHA256b88cb06bf2166868ae01fc735f4061ead11f0ef03730ae998f592f6d43ad18ab
SHA512baad8d4eed398bf6faa93128c10bdf7324bb7f2e80ad8e4e314caf807181ad3c4650ae3679c851f9949ef403b35d7135a000296b2db698a7a7654668b2c4fc7e
-
C:\Windows\System\PJWYjcw.exeFilesize
5.9MB
MD5a96a458492d6d098fec1b6f06f37a12d
SHA12f9ffb2e4d889514b5d8684c8f126f42e6b4324f
SHA256cdad48a2904c84e631bb006d8c503789815e1e0e389d35f2c4a76538278560f3
SHA51267dbad93b89560825ccba59c946d57bb26adacf37c6155db5489960e60be8eca40631b16b923fc8ddb3a092344181da392977b12c0e13e5ea253a8dfe6d7ce25
-
C:\Windows\System\SQrgWoE.exeFilesize
5.9MB
MD5738231c35ceacdeaecb2d5322496ccca
SHA13ec66f945c529533683eccbbda5c385fa5513f9e
SHA256d7aa49c8f95aff7183ce7b6b5c794674eee5d42f99d444b324ba6b98b863bc50
SHA5124b4dab4a5625aed016e5ca0ef6c48e4025b9c9a8a9476ad4991c39cafc582fa677181abcbd13e2951fe1337dc0ce34522871ab89e5a7be4972b697cbc36c1f39
-
C:\Windows\System\VScCFwL.exeFilesize
5.9MB
MD594ab27a3a2fe7b5ff01827c8598efbec
SHA10e2c224dcb8c08bc27180ab2a16004c659a29bf3
SHA256a427cc942f3c232c056bb5b0933d7505564304b467e94deb46bf416a6f2b6e48
SHA512573bd24c24bcbb7ce94bcce52ff65359bbae72de7e7afd1c6f68a2c8976301746cdabaed0f71030384de7fd3b57abd94e2be1e44abdc369468630f4f391ea962
-
C:\Windows\System\WoYzCtR.exeFilesize
5.9MB
MD5a23e111ade178436f1f38ca44e686640
SHA163d1e99991982acd0945d55436584c18d79359f6
SHA2568589a261d3ca34e02c4ccfd58ab2c6acaf38295136cad7e70ca3133b8f05ccb5
SHA5126763add3b7669bde6d0109b94a0a7ef8ff28734895339a6e5c9c8898b2ece8701994e8f06b9135381468077fa20f9d282c94a06ab990144f6a7c74e02c0ffb38
-
C:\Windows\System\XTqZRbd.exeFilesize
5.9MB
MD5c2eb6d2a28d7d2d1f4584f87894c8e06
SHA15c726be9d5103a4af99d4c2180751a495074bd27
SHA256dba7c597557ca3bbe8ed13d478c0598a2d42b52a10b22d3ed24050482f19dcd7
SHA51277eb505ba7202fd697fd461ea2f5fa6a8970dab926c99f830bd98929d59597378211e0dd8b4a7b3739789a5353cb6e8922490dc1f747c56862f83b03f95f90e8
-
C:\Windows\System\altAbnZ.exeFilesize
5.9MB
MD5c72666611562a0ef9feebbd81d6dd6ac
SHA16b9cb741eba718fb8f84c376a91eb2da2eb55209
SHA256d72edaab1e27625a55e09beccb8599959289d806f910d3d0ca8ba6829d6d08a3
SHA5123083d0411c947ee45c646e78f3e6526e2148222371c9917c501c88695b569232fa89d0858c832791b61f8ad6b40847f2fa3e43df3982f4d2de96917b4869e961
-
C:\Windows\System\eeXGkHG.exeFilesize
5.9MB
MD582305a62cacb133c0bcfb974e3984847
SHA1c0a14011723635a7fcf1018eed23ec51f0653cd4
SHA256e855f093af9d366027337ece7b8af2a3c831cb910732bef40564d2290875aad1
SHA512695f302b1b1fa6a2a986beae853f15e37d8ed736f7f7d0eda8abf3717fe68163d04a38cbe0094d6cc16e94254b07739f09bcf4d752ecf9a8083d7be02777a12f
-
C:\Windows\System\ehLPuHe.exeFilesize
5.9MB
MD54f98dbdf5230cdd7fa8d35d2833bf1ed
SHA12e524e7b351a60cba49eb952b7f6da1e460290e3
SHA256b580c120a0d4a1b505fcf2487dcbf273a20988a61ab1930d34a1bfd55e5953b8
SHA51213481fd75170dfb69c4954849cb3f7649fc69e8a110b2b416c958ba1a72036a51413fbbdd82678494cca6f372f9dcf66929b39e8155a6dae10a47dd543bf15af
-
C:\Windows\System\ehcKjPL.exeFilesize
5.9MB
MD5b3724161a9334ed2e2ca650f25418099
SHA1f52b8fb07267950cbc669c4db692e6b59552dd74
SHA2560920aebf58425887abe35de77dfd7691af8962c5ddcde5c9a21b5e39c0e8bd59
SHA51214110fcf2836d9fd1499d45a26b949bb3637a84cc13433c8aa5c42fd6c214c1b3d8015b4bad8bdd8750fadb48a32dd2eed7a49982d4399196e58e00a413b138d
-
C:\Windows\System\ehxXtdc.exeFilesize
5.9MB
MD5169cd7680096cfe7c7da6fb8fb2eb543
SHA1168890a2137dfc2eee6589bef2f1c84a4bb00037
SHA256ef00168b5e0b179ddbc3083e1b39366586657c464048aa55fcf6644cd94a5c3f
SHA51267218a0fdf9c6e806119097d906340fdaaff19b550fd754c3d86c5b2b22314f02b8fcbdf08cbdd0c97511f48ec562ef4e4adbf4e3ea09e1a702c3e1aeb424743
-
C:\Windows\System\fdVbIBd.exeFilesize
5.9MB
MD5c1064cbf8fb9573f2ac89d2b2f472cf6
SHA1817c9ae7c1d42d826efe332071a2e830e60199a7
SHA25635f6f5bdb3a0c3e74322d25df315125d0b0f8e77695150952e1d11435e4262d2
SHA5122d93be12b82006737d4f2caf12811872fdc3a8c20c2ed9a404168b86adda67e4a1bcb0da29c780d9e624d1d2eb7e184cf8c30afa734e64c4259a0be2221f752e
-
C:\Windows\System\giUUhtM.exeFilesize
5.9MB
MD543f5268d03f1336dfa9f550e18170c48
SHA18209399e9e9b8ab73e770554cf03db5e8a5e2cc6
SHA25666fda77672b345d3f683f0b6d4c01c3adaa329686ac4c0156ff02fa61f93869e
SHA5122a76139bbf43e469aa45b43509687e42d8a482cc18cbbee8421fe6348845fa3a8cf81fd87563b743c3726ae65ccdbc67662b6e4a72fb9bf7275688300d671a6b
-
C:\Windows\System\hkVuNhx.exeFilesize
5.9MB
MD5c3bd3aebf4dc56a8a83f73737ccee975
SHA15c57f2297e65f582bfcef948a8c19781c7cd9ee9
SHA256aa251132c2532797c4e40a02426eb7d8d3ad63549ab3b20150d3b71042a86a91
SHA51288c72815041a0311afcd144a65aa059c3855e55265fb0bb95c0d9f0c6b6eb2373c58fa38728abbfc2eea78fc6d17571e59df26fc63ea0de5b7ec7031e9b65d05
-
C:\Windows\System\kMMUGvG.exeFilesize
5.9MB
MD5ae207073ab90cf21cb124b741e0b1827
SHA186c50b8b656b05a0a926493ab2f19d93de77acc1
SHA2562a14796ae6e188d6ae9ed750fe0157e075c57fab6cc518f65cf7a46cba8b4435
SHA512c76178b58b1766522a0b4da0b5a2c11c14513f14ccd615a2f3b548d23385fdaa71e570846b0870d038df50816b50c47e6c35c52530ef6b4d60444d4aa8f20382
-
C:\Windows\System\mzqXjUx.exeFilesize
5.9MB
MD5939d7fe664770819f5fcf1f7947f8314
SHA14823624aa3cef9eb621b2cf2809b7ec53a3da678
SHA2565a48f2766e6d0bba9309e547ff917490339f479c15a2da70ebc23b6c30bec979
SHA5124af031d83a7f2276c917db757eaea67c271a3edf6804c91d0ba8857117983fe0c663e498800f057e9aa246b2b8957db7e5739351dd253e0ac5c0616e14f35c17
-
C:\Windows\System\olbcXUf.exeFilesize
5.9MB
MD5baa7e1df3626790a5fb77a46567e9743
SHA1bc25204d8b925a9ba68f50161a806b9ac20a93cb
SHA2569d7ab9fd2ba7c10e199771c1af84945aea5d167af8ab2fdc61c03f0ebdbb19b1
SHA512206e4abe8e07d2474cc3f4331d9adf5779c1d34c8b8d395a3b845ece4c5bf8079cfc031f85506c3553125d53d4e342c7251ea2b4fc3a01489e630041209362fb
-
C:\Windows\System\ptfrIlk.exeFilesize
5.9MB
MD56772c741e237a37c5aa36306cfd88409
SHA14da409b80e1f9e0dc94c4a03b07807e858239bf9
SHA256611ecc9912140550ed355c6e9131a7c554e2958f48fa975052e2e37af2b07963
SHA51293f82d05716a086cb482b3686d5f87ee8b593102c72224e41437d442d918c9e7f979139e0c077fde3c77ae887a2f1e7e7d5bb01bf9a6271f414d93136a41757c
-
memory/920-146-0x00007FF7792A0000-0x00007FF7795F4000-memory.dmpFilesize
3.3MB
-
memory/920-44-0x00007FF7792A0000-0x00007FF7795F4000-memory.dmpFilesize
3.3MB
-
memory/1308-26-0x00007FF748DE0000-0x00007FF749134000-memory.dmpFilesize
3.3MB
-
memory/1308-143-0x00007FF748DE0000-0x00007FF749134000-memory.dmpFilesize
3.3MB
-
memory/1780-150-0x00007FF77FA30000-0x00007FF77FD84000-memory.dmpFilesize
3.3MB
-
memory/1780-75-0x00007FF77FA30000-0x00007FF77FD84000-memory.dmpFilesize
3.3MB
-
memory/1840-133-0x00007FF6A07A0000-0x00007FF6A0AF4000-memory.dmpFilesize
3.3MB
-
memory/1840-67-0x00007FF6A07A0000-0x00007FF6A0AF4000-memory.dmpFilesize
3.3MB
-
memory/1840-151-0x00007FF6A07A0000-0x00007FF6A0AF4000-memory.dmpFilesize
3.3MB
-
memory/1952-138-0x00007FF649E50000-0x00007FF64A1A4000-memory.dmpFilesize
3.3MB
-
memory/1952-112-0x00007FF649E50000-0x00007FF64A1A4000-memory.dmpFilesize
3.3MB
-
memory/1952-157-0x00007FF649E50000-0x00007FF64A1A4000-memory.dmpFilesize
3.3MB
-
memory/2252-8-0x00007FF72FBE0000-0x00007FF72FF34000-memory.dmpFilesize
3.3MB
-
memory/2252-140-0x00007FF72FBE0000-0x00007FF72FF34000-memory.dmpFilesize
3.3MB
-
memory/2268-98-0x00007FF7867C0000-0x00007FF786B14000-memory.dmpFilesize
3.3MB
-
memory/2268-154-0x00007FF7867C0000-0x00007FF786B14000-memory.dmpFilesize
3.3MB
-
memory/2396-91-0x00007FF7BC920000-0x00007FF7BCC74000-memory.dmpFilesize
3.3MB
-
memory/2396-153-0x00007FF7BC920000-0x00007FF7BCC74000-memory.dmpFilesize
3.3MB
-
memory/2420-127-0x00007FF7DE350000-0x00007FF7DE6A4000-memory.dmpFilesize
3.3MB
-
memory/2420-62-0x00007FF7DE350000-0x00007FF7DE6A4000-memory.dmpFilesize
3.3MB
-
memory/2420-149-0x00007FF7DE350000-0x00007FF7DE6A4000-memory.dmpFilesize
3.3MB
-
memory/2440-118-0x00007FF6AEE70000-0x00007FF6AF1C4000-memory.dmpFilesize
3.3MB
-
memory/2440-148-0x00007FF6AEE70000-0x00007FF6AF1C4000-memory.dmpFilesize
3.3MB
-
memory/2440-56-0x00007FF6AEE70000-0x00007FF6AF1C4000-memory.dmpFilesize
3.3MB
-
memory/2456-106-0x00007FF6C2C30000-0x00007FF6C2F84000-memory.dmpFilesize
3.3MB
-
memory/2456-137-0x00007FF6C2C30000-0x00007FF6C2F84000-memory.dmpFilesize
3.3MB
-
memory/2456-156-0x00007FF6C2C30000-0x00007FF6C2F84000-memory.dmpFilesize
3.3MB
-
memory/2592-160-0x00007FF6EFD70000-0x00007FF6F00C4000-memory.dmpFilesize
3.3MB
-
memory/2592-134-0x00007FF6EFD70000-0x00007FF6F00C4000-memory.dmpFilesize
3.3MB
-
memory/2684-1-0x0000015C0F8A0000-0x0000015C0F8B0000-memory.dmpFilesize
64KB
-
memory/2684-60-0x00007FF72C4B0000-0x00007FF72C804000-memory.dmpFilesize
3.3MB
-
memory/2684-0-0x00007FF72C4B0000-0x00007FF72C804000-memory.dmpFilesize
3.3MB
-
memory/2724-18-0x00007FF60DDE0000-0x00007FF60E134000-memory.dmpFilesize
3.3MB
-
memory/2724-80-0x00007FF60DDE0000-0x00007FF60E134000-memory.dmpFilesize
3.3MB
-
memory/2724-142-0x00007FF60DDE0000-0x00007FF60E134000-memory.dmpFilesize
3.3MB
-
memory/3460-136-0x00007FF704BE0000-0x00007FF704F34000-memory.dmpFilesize
3.3MB
-
memory/3460-155-0x00007FF704BE0000-0x00007FF704F34000-memory.dmpFilesize
3.3MB
-
memory/3460-103-0x00007FF704BE0000-0x00007FF704F34000-memory.dmpFilesize
3.3MB
-
memory/3488-104-0x00007FF6F19E0000-0x00007FF6F1D34000-memory.dmpFilesize
3.3MB
-
memory/3488-145-0x00007FF6F19E0000-0x00007FF6F1D34000-memory.dmpFilesize
3.3MB
-
memory/3488-38-0x00007FF6F19E0000-0x00007FF6F1D34000-memory.dmpFilesize
3.3MB
-
memory/3928-129-0x00007FF6E1380000-0x00007FF6E16D4000-memory.dmpFilesize
3.3MB
-
memory/3928-159-0x00007FF6E1380000-0x00007FF6E16D4000-memory.dmpFilesize
3.3MB
-
memory/4348-139-0x00007FF6CE070000-0x00007FF6CE3C4000-memory.dmpFilesize
3.3MB
-
memory/4348-119-0x00007FF6CE070000-0x00007FF6CE3C4000-memory.dmpFilesize
3.3MB
-
memory/4348-158-0x00007FF6CE070000-0x00007FF6CE3C4000-memory.dmpFilesize
3.3MB
-
memory/4392-15-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmpFilesize
3.3MB
-
memory/4392-141-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmpFilesize
3.3MB
-
memory/4392-73-0x00007FF66F480000-0x00007FF66F7D4000-memory.dmpFilesize
3.3MB
-
memory/4784-50-0x00007FF6A8350000-0x00007FF6A86A4000-memory.dmpFilesize
3.3MB
-
memory/4784-147-0x00007FF6A8350000-0x00007FF6A86A4000-memory.dmpFilesize
3.3MB
-
memory/4816-135-0x00007FF7D4170000-0x00007FF7D44C4000-memory.dmpFilesize
3.3MB
-
memory/4816-152-0x00007FF7D4170000-0x00007FF7D44C4000-memory.dmpFilesize
3.3MB
-
memory/4816-81-0x00007FF7D4170000-0x00007FF7D44C4000-memory.dmpFilesize
3.3MB
-
memory/4820-144-0x00007FF656B80000-0x00007FF656ED4000-memory.dmpFilesize
3.3MB
-
memory/4820-32-0x00007FF656B80000-0x00007FF656ED4000-memory.dmpFilesize
3.3MB