Resubmissions

08-09-2023 19:19

230908-x1zdesfa2w 10

08-09-2023 19:08

230908-xtd4xaeh7t 6

08-09-2023 19:07

230908-xs5kgaeg85 3

08-09-2023 18:58

230908-xmy6haeg56 7

08-09-2023 17:30

230908-v3hscaea96 8

Analysis

  • max time kernel
    368s
  • max time network
    368s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-09-2023 18:58

General

  • Target

    Captura de pantalla 2023-03-05 184332.png

  • Size

    47KB

  • MD5

    c662c6bef8d03268babc40558500c421

  • SHA1

    33881cac944362c415ce1c000d0e6c43e7b8fd57

  • SHA256

    1be92987b9ab334d25c940577da37ccbbd417b2e4e52b97b668347d90e1eeabb

  • SHA512

    4f7f75247e717337309d73004a79a0986911fa0525f36f41dc5be3ca3a0ed2033575737ceded69895a77626cb6e90152bdb0ea16655e6a8048731301e11802be

  • SSDEEP

    768:UZ+vjsWKoGWORUYGnBAPmxVU68vKbLxY0OKZY+S7SaLeP2MeqrsP4/jx4Lbf2:UnRofGoLJ8ib75a+kSaLK2Z+sA/eO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 45 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Captura de pantalla 2023-03-05 184332.png"
    1⤵
      PID:4504
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.0.124885495\1410374192" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd9bb91-f6d7-46eb-8a50-e179c20966b9} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 1920 224bbddf858 gpu
      1⤵
        PID:1684
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.1.942831960\596213116" -parentBuildID 20221007134813 -prefsHandle 2284 -prefMapHandle 2196 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0e1f81c-15e5-4636-b9de-f2843116040a} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 2320 224bbd03858 socket
        1⤵
          PID:988
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.2.268674254\560260207" -childID 1 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d932697-8510-4efd-bbd6-c8d3935c76b3} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 3532 224bf80b558 tab
          1⤵
            PID:1864
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.3.1779302404\201969702" -childID 2 -isForBrowser -prefsHandle 2996 -prefMapHandle 3292 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03ee9cd1-75c6-41b2-bbed-fcc55fc4cd3f} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 3412 224af362b58 tab
            1⤵
              PID:3300
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.4.770212386\31487187" -childID 3 -isForBrowser -prefsHandle 2696 -prefMapHandle 2808 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecf3ce81-8c46-4ea0-acbf-d8da1ac236aa} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 2692 224c078e058 tab
              1⤵
                PID:4260
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.7.1106882379\1366741003" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68981f25-4f49-45f0-b920-c7aa4dc58763} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5216 224c1dee558 tab
                1⤵
                  PID:2932
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.6.1434437423\1523413726" -childID 5 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2db7532-6a6f-47d5-9bed-ec5d2c6f5188} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5020 224c1df1258 tab
                  1⤵
                    PID:2692
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.5.607924088\1238268273" -childID 4 -isForBrowser -prefsHandle 4924 -prefMapHandle 4888 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dc6968a-5e3b-4935-8875-946bf4da7262} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 4908 224c078f858 tab
                    1⤵
                      PID:2172
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.8.195535328\955542575" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5716 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e2ae136-8d26-45a9-8685-924fc8348a4c} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5748 224c397fb58 tab
                      1⤵
                        PID:5236
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.9.128505770\856099543" -childID 8 -isForBrowser -prefsHandle 4216 -prefMapHandle 5744 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85c8ff0-0537-40b6-b58a-abec9ac766d0} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 3884 224c1a51558 tab
                        1⤵
                          PID:5428
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.10.758945952\1655479474" -parentBuildID 20221007134813 -prefsHandle 3920 -prefMapHandle 5716 -prefsLen 26752 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18ba07a7-a253-452f-97db-018597dd5e72} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 3828 224c1a54e58 rdd
                          1⤵
                            PID:5472
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.11.1881627105\370288970" -childID 9 -isForBrowser -prefsHandle 5108 -prefMapHandle 5428 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92a0711c-eaeb-49f5-85c2-789f702e5342} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5188 224c1df1b58 tab
                            1⤵
                              PID:5676
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.12.1654118739\1277086762" -childID 10 -isForBrowser -prefsHandle 6296 -prefMapHandle 8616 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {676a1c98-d071-4fe7-b8f2-d2c54abc2f64} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 8608 224c3f32858 tab
                              1⤵
                                PID:5280
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.13.1962885070\905080752" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8360 -prefMapHandle 8364 -prefsLen 27153 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e8e46ac-25f9-4a8f-8160-d7fe11c2edde} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 8348 224c4b06758 utility
                                1⤵
                                  PID:912
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.14.1224285305\348855115" -childID 11 -isForBrowser -prefsHandle 3864 -prefMapHandle 4712 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38fd676e-0255-4afa-a05a-4720cf4edb90} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5776 224c1a52158 tab
                                  1⤵
                                    PID:3224
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.15.1662776810\182458477" -childID 12 -isForBrowser -prefsHandle 8420 -prefMapHandle 6104 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {294f85ef-8f5d-4e5d-ab16-376feefd568f} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 6096 224c1defd58 tab
                                    1⤵
                                      PID:3320
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.16.1814885900\1099882102" -childID 13 -isForBrowser -prefsHandle 5812 -prefMapHandle 5232 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cf53989-fdb2-4207-af75-d5ddfa2fc6d5} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 5816 224c3ae1558 tab
                                      1⤵
                                        PID:5388
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                        1⤵
                                          PID:5328
                                        • C:\Program Files\7-Zip\7zG.exe
                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22205:190:7zEvent26391
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          PID:812
                                        • C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe
                                          "C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of WriteProcessMemory
                                          PID:4852
                                          • C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe
                                            "C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe"
                                            2⤵
                                            • Executes dropped EXE
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:5376
                                        • C:\Windows\system32\taskmgr.exe
                                          "C:\Windows\system32\taskmgr.exe" /4
                                          1⤵
                                          • Checks SCSI registry key(s)
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          PID:4224
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.18.825411977\1610165825" -childID 15 -isForBrowser -prefsHandle 9572 -prefMapHandle 9568 -prefsLen 27211 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7df58d1-f558-4cbb-80de-83ccc9048679} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 9580 224c1def458 tab
                                          1⤵
                                            PID:4860
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.19.409873234\1261648034" -childID 16 -isForBrowser -prefsHandle 9464 -prefMapHandle 9460 -prefsLen 27211 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3a6536-a830-457f-9392-138d06af2a9c} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 9476 224c22fc058 tab
                                            1⤵
                                              PID:3856
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.17.2015453214\298592376" -childID 14 -isForBrowser -prefsHandle 5392 -prefMapHandle 2692 -prefsLen 27211 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33704a61-7d2f-4d4f-b7dd-2c6144c99f66} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 3924 224c0b41258 tab
                                              1⤵
                                                PID:5380
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.20.402428770\2116524929" -childID 17 -isForBrowser -prefsHandle 9408 -prefMapHandle 4692 -prefsLen 27290 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffea52b5-0826-4541-828b-495576ab540f} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 9396 224c34ce258 tab
                                                1⤵
                                                  PID:4324
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4444.21.1655858538\532229364" -childID 18 -isForBrowser -prefsHandle 8236 -prefMapHandle 8244 -prefsLen 27290 -prefMapSize 232675 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30124444-bb9c-4834-a56c-b586315b1f0b} 4444 "\\.\pipe\gecko-crash-server-pipe.4444" 8228 224c3b9b458 tab
                                                  1⤵
                                                    PID:1856
                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                    powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc UwBlAHQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAA==
                                                    1⤵
                                                      PID:6024

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe.log

                                                      Filesize

                                                      1KB

                                                      MD5

                                                      8ec831f3e3a3f77e4a7b9cd32b48384c

                                                      SHA1

                                                      d83f09fd87c5bd86e045873c231c14836e76a05c

                                                      SHA256

                                                      7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982

                                                      SHA512

                                                      26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q3nuwlcw.0ub.ps1

                                                      Filesize

                                                      60B

                                                      MD5

                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                      SHA1

                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                      SHA256

                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                      SHA512

                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                    • C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe

                                                      Filesize

                                                      1.1MB

                                                      MD5

                                                      f5f13d296ccbe05f3b4236e58e130ac3

                                                      SHA1

                                                      82df76a9a4602932b58862e22ce3bdd51f9871ad

                                                      SHA256

                                                      f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422

                                                      SHA512

                                                      4f42cc3e9d7de0a2d3d7b135403af42d3e015df125dbbdcea13afb319e0c9a7333195ba9ba4e8c64eddb30da37f2a9a5234311493634f0bc6852fe21469b8d06

                                                    • C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe

                                                      Filesize

                                                      1.1MB

                                                      MD5

                                                      f5f13d296ccbe05f3b4236e58e130ac3

                                                      SHA1

                                                      82df76a9a4602932b58862e22ce3bdd51f9871ad

                                                      SHA256

                                                      f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422

                                                      SHA512

                                                      4f42cc3e9d7de0a2d3d7b135403af42d3e015df125dbbdcea13afb319e0c9a7333195ba9ba4e8c64eddb30da37f2a9a5234311493634f0bc6852fe21469b8d06

                                                    • C:\Users\Admin\Downloads\f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422.exe

                                                      Filesize

                                                      1.1MB

                                                      MD5

                                                      f5f13d296ccbe05f3b4236e58e130ac3

                                                      SHA1

                                                      82df76a9a4602932b58862e22ce3bdd51f9871ad

                                                      SHA256

                                                      f7891fb963a90cb5f84fdd754b0c7d1e54c3945c1d84bf52ff989712e5139422

                                                      SHA512

                                                      4f42cc3e9d7de0a2d3d7b135403af42d3e015df125dbbdcea13afb319e0c9a7333195ba9ba4e8c64eddb30da37f2a9a5234311493634f0bc6852fe21469b8d06

                                                    • memory/4224-18-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-23-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-22-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-17-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-26-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-24-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-25-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-16-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-28-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4224-27-0x0000028606820000-0x0000028606821000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/4852-10-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

                                                      Filesize

                                                      40KB

                                                    • memory/4852-9-0x0000000005130000-0x0000000005140000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/4852-8-0x0000000004EE0000-0x0000000004F72000-memory.dmp

                                                      Filesize

                                                      584KB

                                                    • memory/4852-11-0x0000000006650000-0x00000000066EC000-memory.dmp

                                                      Filesize

                                                      624KB

                                                    • memory/4852-12-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/4852-13-0x0000000005130000-0x0000000005140000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/4852-14-0x0000000005130000-0x0000000005140000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/4852-15-0x0000000005130000-0x0000000005140000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/4852-7-0x0000000005490000-0x0000000005A34000-memory.dmp

                                                      Filesize

                                                      5.6MB

                                                    • memory/4852-6-0x0000000001000000-0x000000000111E000-memory.dmp

                                                      Filesize

                                                      1.1MB

                                                    • memory/4852-5-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/4852-33-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/5376-47-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-83-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-39-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-41-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-35-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-36-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-51-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-53-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-57-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-55-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-59-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-61-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-65-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-67-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-63-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-71-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-69-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-73-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-81-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-37-0x00000000052A0000-0x00000000052B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/5376-85-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-87-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-79-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-77-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-75-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-49-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-45-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-43-0x00000000051B0000-0x0000000005290000-memory.dmp

                                                      Filesize

                                                      896KB

                                                    • memory/5376-34-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/5376-1121-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/5376-1309-0x00000000052A0000-0x00000000052B0000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/5376-2216-0x0000000005600000-0x0000000005666000-memory.dmp

                                                      Filesize

                                                      408KB

                                                    • memory/5376-2218-0x0000000075000000-0x00000000757B0000-memory.dmp

                                                      Filesize

                                                      7.7MB

                                                    • memory/5376-29-0x0000000000400000-0x000000000049A000-memory.dmp

                                                      Filesize

                                                      616KB

                                                    • memory/6024-2221-0x000002082A160000-0x000002082A170000-memory.dmp

                                                      Filesize

                                                      64KB

                                                    • memory/6024-2219-0x00007FFE8A3C0000-0x00007FFE8AE81000-memory.dmp

                                                      Filesize

                                                      10.8MB

                                                    • memory/6024-2227-0x000002082A1A0000-0x000002082A1C2000-memory.dmp

                                                      Filesize

                                                      136KB

                                                    • memory/6024-2220-0x000002082A160000-0x000002082A170000-memory.dmp

                                                      Filesize

                                                      64KB