Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    04-12-2024 21:36

General

  • Target

    https://drive.google.com/uc?id=1Qox4cFZqAPiCfql6SBNNgOKzBTlbxAn7&export=download&authuser=0

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1Qox4cFZqAPiCfql6SBNNgOKzBTlbxAn7&export=download&authuser=0
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe22adcc40,0x7ffe22adcc4c,0x7ffe22adcc58
      2⤵
        PID:1224
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1672,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1668 /prefetch:2
        2⤵
          PID:5116
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
          2⤵
            PID:2668
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
            2⤵
              PID:4160
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
              2⤵
                PID:5048
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
                2⤵
                  PID:1376
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3684 /prefetch:8
                  2⤵
                    PID:2972
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
                    2⤵
                      PID:3084
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4828,i,13892354248935985996,6995188326194927151,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
                      2⤵
                      • Drops file in Windows directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:6040
                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                    1⤵
                      PID:1760
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      1⤵
                        PID:3452
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:2392
                        • C:\Program Files\7-Zip\7zFM.exe
                          "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf.rar"
                          1⤵
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of FindShellTrayWindow
                          PID:1672
                          • C:\Users\Admin\AppData\Local\Temp\7zO886A8998\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe
                            "C:\Users\Admin\AppData\Local\Temp\7zO886A8998\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe"
                            2⤵
                            • Drops startup file
                            • Executes dropped EXE
                            • Suspicious use of SetThreadContext
                            • System Location Discovery: System Language Discovery
                            PID:2472
                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
                              3⤵
                              • System Location Discovery: System Language Discovery
                              PID:5748

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\71027b6b-69a6-4fc8-845b-eecabfc039fe.tmp

                          Filesize

                          9KB

                          MD5

                          7972f081944cdeec49c668c8a86f20d0

                          SHA1

                          0cdc46d60521e39cc334b8e1bb76eac1754ed8c7

                          SHA256

                          67054c32cfdf615eefdf5d690af48de69c67ab308b9ca998fcc40e93d5797de2

                          SHA512

                          d52a801dac472955ec8decbcd180b0a6e04d52c12d191600d8c7d0cf56e89475b937400944ddfa62763442f0c5438af21802c1ce307a5f60e98dd87981d41412

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                          Filesize

                          649B

                          MD5

                          29a999f8258c067a570add8bf86637fc

                          SHA1

                          140e27f906ea8f8819214c312a3abb840f1ccb6d

                          SHA256

                          807516341715e7adeb970e585285564a5381c6f4ce1c3ff6ed4ac21d82dd557e

                          SHA512

                          245afd18e7c309693b7fec982fd9f3f45785ce805fe23c398c4bab7fd90cdc3d90b3ba7333a8d1a48d53db6f6ddfaca3a7246d9381c84536f9cd580ceeac038b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                          Filesize

                          1KB

                          MD5

                          aadbe6875903545f603985fea1cef652

                          SHA1

                          03fff372875ad6aa5cfe11f37127a284c2743e85

                          SHA256

                          3330fa8b1320d6855d6cc1001d1e79cbf02b29eb7112ce67ad75948ad7bcbb8e

                          SHA512

                          5e93d9679cd1cacb8f1c5d1d93662b630b71058c6446f54daff4f245c603450dd36ca073122a4754ed7409b6d91f7fb1a08ed3859a6d4e4277ee565472c6159b

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                          Filesize

                          2B

                          MD5

                          d751713988987e9331980363e24189ce

                          SHA1

                          97d170e1550eee4afc0af065b78cda302a97674c

                          SHA256

                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                          SHA512

                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                          Filesize

                          524B

                          MD5

                          2df2b2e70a5810486b79bbf12e7893d4

                          SHA1

                          1889521e8c8fdf555448d4f7114cc6074794a282

                          SHA256

                          2b86784f269ed8eee39c6ea26617d0814443804479690b15a49d8efab150aa95

                          SHA512

                          2167a82069fe5c959a8831d3e16b6b7eae5667708f13eed080b5cbb7b41173a110b09f5f61c168f8dbde0c85ec555564ba3d18573abac9797710fc5568b63270

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          9aac1d3ceb830164d5dfc50a3f0e345b

                          SHA1

                          e685f383bf5929af6a50de275e04a4603a4dc135

                          SHA256

                          19ed6a59457cf138b3127f12095fb6bccf6a86ec5cba0f627c416f1ac38e579b

                          SHA512

                          e4b33e20e6597dfe1f2df0b5b0f7b0214bd6cc8bcfa08e6a7712abdb4658020943a00c882f8c48ae9da0a475c69e318fd35ec6c2328ac03e19c70d88606ab519

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          474a2d5fcaf815c108096122a9f2e58b

                          SHA1

                          d5f00ac9dc362ee80d852f4973073103abe2cd37

                          SHA256

                          6a3635738de52667be8cfcc27336e8956bba3d298ed1bec2b3ea7499693b1a7c

                          SHA512

                          42eff132eacdb6ca37abb75b6eebe30527b9f3c44bee9f9349b2c24eafd28716c96e0388f08549ff46136bfe4735e55eebd21a553cdb2b4d63137ba40a077003

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          f7ca4a95ec25e47f64be2d2eef22e5cf

                          SHA1

                          3d8f75d49629b77bfbfc604f86ee3a865612d862

                          SHA256

                          7e935ddeafc3161c622464c2b4ecd8022a92ea4797c677a2e2f6196ac82f6e3c

                          SHA512

                          7ac11d2e30f82b7497527dfba804b903778768db3ccfa3c53b60c214fe5696cafb53365b204fe20988fbe6ed84feeeff9a953414c8f2af213a6a1768b9c86637

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          a07aeb8005f8e617e50b02764bf728fb

                          SHA1

                          2427534cb88c06457d5232511ef1c13daf1fb6e5

                          SHA256

                          7ab4798e704945a801a560030e487a15109ad5e8089c49119b5134585813f20e

                          SHA512

                          76a69efcfe76694e6ca2a06c20f540610dd2bba2c9f6586af1d3ba2ba134bdf008494aae625ceb0bf131787d84872d2e2fd31158cb9ed4f209196ecb44cf3211

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          255bc0fbbb6af710e031de20a329d4d1

                          SHA1

                          6f24353783bf4b07190719625fde7e6015c97ae7

                          SHA256

                          011f8b9273784e533e99d483589ea7e937df060327e7cc9dcb47fd68862fed08

                          SHA512

                          bc1b04f977bcfaecbaf70610057d4e224ea66cf6a60e4b5ee04b80e7fbc7d59289866ecb4202e64908e8444f9a8d496244ba516ecf6f21740ffd52976ab176bd

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          4e4f68a1aa665515a15ce13a0b7fbac5

                          SHA1

                          2f9b21ceab7d1b589e67816e4c8c656a9ca83b03

                          SHA256

                          24f60b9dc9856ecac68402c92f19bf6328e1514bbad951df710723cc22fb36d6

                          SHA512

                          4b5c085f28bd70c521e49ca4afb9cb29c1eaa71e5ed508fdb76eed5fa7a527ae24a7d3478e49650e8200bea2dc979019e1b17d6e844ae46f6c5cf926703dbb40

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          c5ae6394243c3b34b0dc6ac2931dbb6d

                          SHA1

                          2ad3ef9e7ef3ed8c74b36ae4dd7469b35eea7fb3

                          SHA256

                          b422cfc081ab4b64463fa8b1a33b71c33abb9c39d60400ae5db8d930fdbecf26

                          SHA512

                          565807c933d7e226385f03db4b749777ed59ae4be309b6dd40f9d358070ce248c3a94e43bb1d38cb0c774644f095304cb8331de3582d4da2163784d4a57f54a2

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          7b4fb0f5ad79c95deb3ea15524b396d9

                          SHA1

                          d3dde8b561f628484817c99d7a653e4265f73423

                          SHA256

                          2b57cee61713e026291036fa4d19fc7b9cf2c6c490235c0381638fde4422b5d8

                          SHA512

                          783cec760e81aa155541df4edc2e6c153e2ff22ccf574ce02e7e439b44b7a5e9a64d1174078a7a9fb919f91f441f0e511d9c8a0b8ae191f1b5bb42aa3c9dd3ed

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                          Filesize

                          9KB

                          MD5

                          202461e107bce2d775a10af7c7c49268

                          SHA1

                          645e62d0ac7ad3603e0b97926894c1de44765814

                          SHA256

                          a5481bc1955350df289bb28face1c030232451286e45378f6cf8d071fdd8dcd5

                          SHA512

                          6de2f28da2634594238d50f30e8d99cb4f4cbff60467a087a368ae76184d531640965d884b104535a4de84145640ccb11c77352213bcaf002cfdeda6fceedfe5

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          b9a05248b6784800195d5dd4058e2e42

                          SHA1

                          73bbd416e165ec1a2778269b82f4891e4230d392

                          SHA256

                          538843ecbce1139fc4691021adced957f143d7001a573df0c7fdc905b45834e1

                          SHA512

                          18a289fdcb19bb5d9f9a51417aff9ccde09f644f25cb7a073143449eecbb54b1a676d78c8858a240a222b4e80903c159e0ab3ed735c866b9dc818e94adeb060f

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                          Filesize

                          116KB

                          MD5

                          395a478923b36a0e765ad0acd2bee538

                          SHA1

                          2626cbdd8e21cc4b7743d1559e87ea8e92ac9c71

                          SHA256

                          b3e02b8ff39646044f82204b87de21b1abd3d0e5cd2be551638251f9fcc0ad65

                          SHA512

                          51fde6313643c1a90cb9a893610edf3cb2317a1b6787ec0d2fcd23930c7fdc29c8efaca96e226aa4478b18484810384e237e16518f4835873443dab552438ff3

                        • C:\Users\Admin\AppData\Local\Temp\7zO886A8998\CUENTA DE COBRO_CARTERA AVANZADA.pdf.exe

                          Filesize

                          1.8MB

                          MD5

                          dc047d9bfe167d07e21ba32993b5f049

                          SHA1

                          3203edbfb3657218e8bfb0c6c71bcd1fa632f8ac

                          SHA256

                          acde3277bf25ca5e61fb533711fa38be45dc77bd3e67a9e65c593bc1eeb3a8a0

                          SHA512

                          6e0dfd044a788f98896390a160dfde682afd627326f1b533039e56671f08c5c33e6ad271431b839dea48a5296de977d9a54e2e989a70f0e12b1a8a4f5d07a05a

                        • C:\Users\Admin\Downloads\CUENTA DE COBRO_CARTERA AVANZADA.pdf.rar.crdownload

                          Filesize

                          1.2MB

                          MD5

                          69766774bde3e67f034122f2ca86844f

                          SHA1

                          e3574ed9d21f05a915ea00a6225b0a114131feea

                          SHA256

                          73638f46543d91af0f44334f4051c0010c1f3b1fe17ea4346857ae048213551f

                          SHA512

                          5e80516d3d2f0b0599cb645e6ccd130ba937e01c10655c19e900ae8eda035b111d61975f4b928956befeb1844a7e0ae3fde99896c18076e6a4b7a94c708a6c07

                        • memory/2472-137-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-147-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-163-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-161-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-159-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-157-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-155-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-153-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-151-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-149-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-145-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-144-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-139-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-167-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-135-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-133-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-131-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-129-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-127-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-125-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-121-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-119-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-117-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-165-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-115-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-111-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-109-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-123-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-107-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-106-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-1282-0x0000000004E60000-0x0000000004EBE000-memory.dmp

                          Filesize

                          376KB

                        • memory/2472-1283-0x0000000004EC0000-0x0000000004F0C000-memory.dmp

                          Filesize

                          304KB

                        • memory/2472-1285-0x0000000004F90000-0x0000000004FE4000-memory.dmp

                          Filesize

                          336KB

                        • memory/2472-1286-0x0000000005B00000-0x0000000005C02000-memory.dmp

                          Filesize

                          1.0MB

                        • memory/2472-93-0x0000000000180000-0x0000000000348000-memory.dmp

                          Filesize

                          1.8MB

                        • memory/2472-169-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-141-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/2472-103-0x0000000004BE0000-0x0000000004CCE000-memory.dmp

                          Filesize

                          952KB

                        • memory/2472-104-0x00000000052D0000-0x0000000005874000-memory.dmp

                          Filesize

                          5.6MB

                        • memory/2472-105-0x0000000004DC0000-0x0000000004E52000-memory.dmp

                          Filesize

                          584KB

                        • memory/2472-113-0x0000000004BE0000-0x0000000004CC8000-memory.dmp

                          Filesize

                          928KB

                        • memory/5748-1307-0x0000000004F50000-0x0000000004FB6000-memory.dmp

                          Filesize

                          408KB

                        • memory/5748-1306-0x0000000004EB0000-0x0000000004F4C000-memory.dmp

                          Filesize

                          624KB

                        • memory/5748-1346-0x0000000006030000-0x0000000006070000-memory.dmp

                          Filesize

                          256KB

                        • memory/5748-1305-0x00000000024E0000-0x00000000024EA000-memory.dmp

                          Filesize

                          40KB

                        • memory/5748-1290-0x00000000001E0000-0x00000000001FA000-memory.dmp

                          Filesize

                          104KB