purelogstealer | hxxps://drive[.]google[.]com/uc?id=1DMMujrAVJiEDlzeZDtnSs3SX8mp_3JBh&export=download&authuser=0

Analysis

max time kernel
249s
max time network
246s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1DMMujrAVJiEDlzeZDtnSs3SX8mp_3JBh&export=download&authuser=0

Score

10^/10

purelogstealer discovery stealer

Malware Config

Signatures

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023488-151.dat	family_purelog_stealer
behavioral1/memory/1308-234-0x0000000000FF0000-0x0000000001146000-memory.dmp	family_purelog_stealer

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe

Executes dropped EXE 1 IoCs

pid	Process
1308	URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
3	drive.google.com
6	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681229130933771"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
4916	powershell.exe
4916	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4308	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
1708	7zG.exe
3104	7zG.exe
1180	7zG.exe
4372	7zG.exe
4308	7zFM.exe
4308	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4920	OpenWith.exe
5008	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 3580	2800	chrome.exe	84
PID 2800 wrote to memory of 3580	2800	chrome.exe	84
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 2932	2800	chrome.exe	85
PID 2800 wrote to memory of 3172	2800	chrome.exe	86
PID 2800 wrote to memory of 3172	2800	chrome.exe	86
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87
PID 2800 wrote to memory of 4844	2800	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1DMMujrAVJiEDlzeZDtnSs3SX8mp_3JBh&export=download&authuser=0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe318ecc40,0x7ffe318ecc4c,0x7ffe318ecc58
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4624 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4972,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,17987134328362426684,6871571399234949448,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:872

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17747:222:7zEvent14696
1⤵
- Suspicious use of FindShellTrayWindow
PID:1708

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7805:222:7zEvent17078
1⤵
- Suspicious use of FindShellTrayWindow
PID:3104

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap8847:210:7zEvent13225
1⤵
- Suspicious use of FindShellTrayWindow
PID:1180

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656\" -spe -an -ai#7zMap8420:210:7zEvent12232
1⤵
- Suspicious use of FindShellTrayWindow
PID:4372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.REV"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4308

C:\Users\Admin\Desktop\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe
"C:\Users\Admin\Desktop\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1308
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEQAZQBzAGsAdABvAHAAXABVAFIARwBFAE4AVABFACAAcgBlAHEAdQBpAGUAcgBlACAAUABPAFIAIABTAEUARwBVAE4ARABBACAAVgBFAFoAIABSAGUAcwBwAHUAZQBzAHQAYQAgAGEAbAAgAG8AZgBpAGMAaQBvACAATgBvAC4AMQAxADEAIABSAEQAIABSAGEAZAAuACAAMgAwADEAMwAtADYANQA2AC4AZQB4AGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABEAGUAcwBrAHQAbwBwAFwAVQBSAEcARQBOAFQARQAgAHIAZQBxAHUAaQBlAHIAZQAgAFAATwBSACAAUwBFAEcAVQBOAEQAQQAgAFYARQBaACAAUgBlAHMAcAB1AGUAcwB0AGEAIABhAGwAIABvAGYAaQBjAGkAbwAgAE4AbwAuADEAMQAxACAAUgBEACAAUgBhAGQALgAgADIAMAAxADMALQA2ADUANgAuAGUAeABlADsAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAWgBiAGwAYQB1AC4AZQB4AGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAFoAYgBsAGEAdQAuAGUAeABlAA==
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\573dc0ea-a669-4e56-a53d-1f3c793d9520.tmp

Filesize
9KB

MD5
2c208a57d81632f7d7afed96714e3837

SHA1
be98b57e2327ced64fb6d181501ce91e50218c02

SHA256
a9c751f6f561ca52c1354443cc25f22eafcb7fcc0c7cf459722eba32f56d9e1b

SHA512
87d25ad9df7e71e98b84918da002c514a20914662b850b797a2507aa73df077dbdc2c8303e5fba17550fe94e809f9425fc829f2e4c8b2632ecc00356304e67a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\874230a9-9df9-4d6a-aff4-3bf4cdfd98a1.tmp

Filesize
9KB

MD5
76a7ac3f04a1b6606899047da588b2f1

SHA1
7d95b189652b3e93ca46f9fa32d2dfe0f3474831

SHA256
d204747f9d1930d60971e03910f38613c324ae6b11b045267e6c0b090586fe1e

SHA512
784df79ca785aba31e9751109515c080567746b1a1811e48fee90b1089aeb11cab85740e5cd154160890509d4887837ff49f680d451e358e0920a3a2e619c0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0b954c4f1068a3242cf997c65cb91bc0

SHA1
b13f5c0688671a05305e8120bddaf1350e3e0722

SHA256
648e829b98836f36c62b4e9cd53a1ed546a7a85a76eb62e71d64f3f13ecab4fa

SHA512
04e8569853a8ef4769617cdf25c760de2a649a40ca251f998d9fab8f4fa24ad36bcd078a931915f0e172f9a3ce51e1e9c0cc2b90a2664ca93c33d50d645ab4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
56b4c301b67160a2f97d34b21f1a2872

SHA1
721ae8c8a8fa764637d6a1e0cc03d7f5ee10c37e

SHA256
94ee80b0ad36b2f4f4291f36271d147f26bf4c66b764aef4ed15aaa546aea769

SHA512
aff59bf6c300ecbb147174fee9a319a7e8bcf57a4442b4dc60f1f8cfa8bb68ef1f71d32e69901f1caeb78977c88d8328b33a869f2a53e40e3d2f80633360d1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b8327b8ba558fb4472e732e34801a36a

SHA1
03275c761f7ae8313c81aa09379d08e16ba2fcfc

SHA256
01a4378a8ca696beab60301981c468e3b091fcb0b21ab1cc800af9541750801e

SHA512
80e0e8c08e79de84b8844d4b9e183d3d72babe4078cc539b997d6672022ae094814157736f44cd559e31ab3df7ced60066de130d3a8773f9c312f7331ab59528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
dd3d89412eaf2a602a43e22723c063e5

SHA1
f7f04d5f94f33b6180f97d62ab66007e1ea1bb37

SHA256
7ed848a391d442a04cdf33f4b897a7a2ad65fa1670948624a23cc7edf28267fa

SHA512
03cf3d7e57d0bf6ca1ea10980c5b4ecb67384ae35ee524ad218bcfb42c4691f0e5e3b63c97f6499652bfe264938ccd1554193f1b76ca672905006af59fb094cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba65ac1c0fa810669a975caeccbd0060

SHA1
6d21fd56577d7a07ab64f5533b6af755b7725cc2

SHA256
1b9b1e5ea1978f8f4db318e17bcf019b060e13729c5c685b536a108d2d722367

SHA512
392111fade83e949f0d0ee10333ae50780fb431f5390f77677f7e45669794a80713855de9906267794d4ad0b1f55466c009576de3c5ae14c510bab867acf2f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4d1d215b47e9ed021a4be834ae4c57a

SHA1
a10c31a63af1717d36baa0eb8cee9f1820ff4002

SHA256
38997e0ea1608bc7e01f7b23cf8ff8a830174b6d63ed0fd9217dc82fa29d357e

SHA512
b171b5e17f69811302fc909bb8a98495163c8e9b2e504a59930b2a3c33c3c7ed9e0495ea0188cc152813ee17af10dfe6e4f7abcc03176ae96465192ca71c5024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34771de6dae4ed43fe56ed84c440e869

SHA1
f232eda0417fd021717a197da0a21083278af5d5

SHA256
ee40509c9e1ed360a335b0c9256297c437567736790499028a36ce889d1a759b

SHA512
d560f5947b46ac580b365a5571f7cc01dcd9ebd27fc0eb16e5f01c442d860d03018eedbebed8a6722040eb3798be93ba09cad3ee6e3ded89d36f54fe6ebc6578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6961eb8be0df206ba527b260c46a2d34

SHA1
4bbf393100dee6842fd961016e2351a621f29984

SHA256
cf34cd0e612ed37b042fbd9781992baa0998cd79bb54357ef36dc97e9f191ac6

SHA512
238274fe2b31e4113a4553112012cb32b036c87acb353d0da20a8e0aab9f20a9b6003c95e37e51cc87e2cbbe8731ac198ae9f00268a52655c762f843c806758a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ebd88ced83a444b165b51c8cb1f1c29

SHA1
fb98d3a5c96ffecd941a1eb2987bed985c567e9c

SHA256
095b0cc0602039acbe11cf3d81e74d608aed738d27d5d22ec4d2f55ef923a489

SHA512
3f8e19f6390b8be47b860dd244ad1f0424c6fb048b48163810283fa5b1f5c2594457ec8e73ddad394de331fadbd969b30fc44dcf72f1bca837960fd2c8c86206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8c57876b8eeafc63389dc549285250f

SHA1
06caca17b7ad855061fdee67c1f1acb17a0f2821

SHA256
d58bd7a1a4c7d75d8a6ffa6c0f9dcfe9925cbda1604b8e8cb25443496c90d36a

SHA512
494cad31872b9cf9ab7cc3545176f16213e1945e7f6129be3eb2fa9e9bb9117c71a79d25c6a2440cef68729d764154906f14a44186ee3dc95ffdefc124490243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c486d1ba9bc1178e2f63475f4a8c1742

SHA1
ecf43fe88707beb675d9d8187a03e1df9b58d49b

SHA256
113764464385f9168e0b15d491ff2dfb66b68f0dd486b4534974378ee6f74d32

SHA512
bdaaba0375874c8d62ce35dd307ffa7f5bde2d505887a6bc3aa14877df7a248ab6ff408fb0efaa77c0f05cae190cfbfb27c70de3796db7df9dfdfc4642f32ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c0f835f6166df291b0de3e22daf7705

SHA1
5ad7a208bfa9a121448f7eac39f03beb135b68ed

SHA256
06e6762de023485abb685a7860530c3c0ad78c49901f4ddb54c98d32f8508fcb

SHA512
cfe1b96d479fb076e327617c027622f832b3778165e04e206c2c7aa7e44eb30ffab12a016b4870bdae9ba0bc6f20bed5aa7d2441f8bb82b61b567af695593239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
047c04b89687977b86e1926c9e2dd220

SHA1
b74223d10029d4cc2fc781b78a4bb34755c746f7

SHA256
7620d4e549a4d0a562588a76b46f159598d5d74d5231eddf0fb9947fe75eacca

SHA512
f9669eccf9f6a0bc644ff9c960d45205d9b6b6377a13dd8b354f5cb5de3052c09beb12efa9007763e3f01a790aacf5b4db3fe818d332de720d180b50828dab74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb74e57680bd69f42fc5af049eadfa3a

SHA1
b8eec04b4395820a32b6b51e470ad8195ea45af9

SHA256
f038716032674dd2d5b3db308ee449879da7d5ea703c10d795671f7a530cd415

SHA512
17bb6c8d38db062f6e4ff0ed7b5c7e6a33fe66d3e0e9e5e576c8f8df5a736f75ae12583c23d014d039efd625775a0a81a3521258016fe229caed38e3c2745332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6cf9ceae13988333f9f4b7ad28eb801

SHA1
8b3cd96cd43f03a2de0aad7af28504a18e3e0fec

SHA256
956a0052b6a022a650879df40d07f0a9351fd9aa61cc670fb77b67bc30639ebe

SHA512
9eecd1a615dc8e2d7442bee9c8e00949b450a833e2d884df52faa5163ade3aee53537cbebdeeed241e7953b880a3713ceaaddc77dc6a619919a906d1f9f3fe30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
33d8f2b45c59ba0416d4d2debb6af5fb

SHA1
5f6abaa8fec1280ef91f93c3e0e95a46463bea94

SHA256
500c110879cae7a3f5e27caec2e21be7dba4701829bffcda0882ddd8458a2dac

SHA512
fa819a62f7de60ffe8f882eeeeb8cfa42be4dc521de850cd26cce8b937ac527197e7e23288f610b1151720a011916b2487d27991fa722c8057ef09fe4c87c554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0b111693a0a5ce41002b8434877d9281

SHA1
199d0a0b5b2d1e3d155e6dbcbcb818fa51d45198

SHA256
124b063843a53f3fa8be09cbf4ad9debe32138c4815d38a437aab02d5e40ca43

SHA512
dad01ab121b859bef1886f7bc68b42f3b9038f5dbb84574f0471537140d0b6be748d071aebaef91b4acc392a2538a782b54367b0c10fb78d1bf6e7e0cc856561

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ga2i3gq1.yg1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\31dc6514-6a50-44e2-8a18-3b4e621cd75f.tmp

Filesize
10KB

MD5
fb593ef1b1e91ec01e6f4e55bc54320b

SHA1
c84da6705f19fd30a634c1072a928d186165f463

SHA256
b03c32d6684c65f28e0f7946b54531ce811d36354d7c7809aeb0870b60522877

SHA512
40e57553e46a4bfc6205032e99c95118c2760f5d2a599a552673795435e5ad6b5b5d66ab5f10f8e90a29969c47091af866bbb98537a464352eedc600c08bebf5

Download Submit
C:\Users\Admin\Downloads\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656 (1).REV

Filesize
1.2MB

MD5
e8a7e910aec12a584bcfe6925be20efe

SHA1
59f5c8dace1da214bc8e6086b21a6bbfeb114449

SHA256
0e559172d232f5fd5fe97331941cc210ed8de9d7ca09636514f536fd1797c69d

SHA512
1a4d7802ca16b191fc1571fafd79f2f96a5dc7e8987c554046a544c99c45f4703dabf78efbad3257ae5be0d07ff538fceb3251c0b0306f5631534dfe3d4d5e40

Download Submit
C:\Users\Admin\Downloads\URGENTE requiere POR SEGUNDA VEZ Respuesta al oficio No.111 RD Rad. 2013-656.exe

Filesize
1.3MB

MD5
634d083e156932ad463d0b6d565b1864

SHA1
08efee0f93d8437fc78c1b072bab1bf656ba0446

SHA256
961e1a9e87354282994687dd1fcedab938d86b3444c60fb800693c12eba7992b

SHA512
544f2a497ee106fbca9d57322a13b03a7267d07829e6c170b1f8207b0a418c3ea4d2a043063aa99451f7c322d29159f398affe21e5ba72acd6ad123b099440a4

Download Submit
memory/1308-284-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-254-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-244-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-260-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-252-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-290-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-288-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-300-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-298-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-296-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-294-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-292-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-286-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-235-0x0000000005A40000-0x0000000005B5E000-memory.dmp

Filesize
1.1MB

Download
memory/1308-282-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-280-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-278-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-276-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-274-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-272-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-270-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-268-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-266-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-264-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-262-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-258-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-256-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-236-0x0000000005D40000-0x0000000005E5C000-memory.dmp

Filesize
1.1MB

Download
memory/1308-248-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-246-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-250-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-242-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-240-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-238-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-237-0x0000000005D40000-0x0000000005E57000-memory.dmp

Filesize
1.1MB

Download
memory/1308-1309-0x0000000005F30000-0x0000000005FC8000-memory.dmp

Filesize
608KB

Download
memory/1308-1310-0x0000000005FD0000-0x000000000601C000-memory.dmp

Filesize
304KB

Download
memory/1308-234-0x0000000000FF0000-0x0000000001146000-memory.dmp

Filesize
1.3MB

Download
memory/4916-1331-0x00000000066B0000-0x00000000066E2000-memory.dmp

Filesize
200KB

Download
memory/4916-1329-0x00000000060E0000-0x00000000060FE000-memory.dmp

Filesize
120KB

Download
memory/4916-1314-0x0000000004B40000-0x0000000004B76000-memory.dmp

Filesize
216KB

Download
memory/4916-1319-0x0000000005A10000-0x0000000005A76000-memory.dmp

Filesize
408KB

Download
memory/4916-1315-0x0000000005230000-0x0000000005858000-memory.dmp

Filesize
6.2MB

Download
memory/4916-1328-0x0000000005BF0000-0x0000000005F44000-memory.dmp

Filesize
3.3MB

Download
memory/4916-1316-0x0000000005140000-0x0000000005162000-memory.dmp

Filesize
136KB

Download
memory/4916-1330-0x0000000006120000-0x000000000616C000-memory.dmp

Filesize
304KB

Download
memory/4916-1323-0x0000000005A80000-0x0000000005AE6000-memory.dmp

Filesize
408KB

Download
memory/4916-1332-0x000000006FE50000-0x000000006FE9C000-memory.dmp

Filesize
304KB

Download
memory/4916-1342-0x00000000072A0000-0x00000000072BE000-memory.dmp

Filesize
120KB

Download
memory/4916-1343-0x0000000007300000-0x00000000073A3000-memory.dmp

Filesize
652KB

Download
memory/4916-1344-0x0000000007A50000-0x00000000080CA000-memory.dmp

Filesize
6.5MB

Download
memory/4916-1345-0x0000000007410000-0x000000000742A000-memory.dmp

Filesize
104KB

Download
memory/4916-1346-0x0000000007480000-0x000000000748A000-memory.dmp

Filesize
40KB

Download
memory/4916-1347-0x0000000007690000-0x0000000007726000-memory.dmp

Filesize
600KB

Download