Resubmissions

22-02-2024 12:58

240222-p7qe4ahh87 10

22-02-2024 12:58

240222-p7hegshf4t 10

21-02-2024 14:52

240221-r83g6ahd51 10

21-02-2024 13:15

240221-qhgbkafg2t 10

19-02-2024 11:43

240219-nv2rxsdc55 10

18-02-2024 23:40

240218-3n9lhsff8w 10

Analysis

  • max time kernel
    56s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2024 11:43

General

  • Target

    253012a62bc1d805c8c0b1bbf936c6f0.exe

  • Size

    2.4MB

  • MD5

    253012a62bc1d805c8c0b1bbf936c6f0

  • SHA1

    33728ba8f5ad3a4f0e1a5d6890022c377c0c00f8

  • SHA256

    a25e2487bb4b638d6333d652db58532f3f29dd5ddb7711f70f52e0e61e8d3f51

  • SHA512

    06842aab184f35c855dbf450534f9de7d66bb5923d0119c3ada19a08dc9f5c2b287321c571cf8b4727927517c6dabe37130e7b9a6eed4892159112ab6e45f57f

  • SSDEEP

    24576:j+G047epooYKZYzX1HWvWKz4E+hhf4udB2mMmsZJlrA9yoiO2V0KcJx3UnpLco7r:B047epoC8cWKssZfM9m1AJxUFr

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
  • Stops running service(s) 3 TTPs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 9 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\253012a62bc1d805c8c0b1bbf936c6f0.exe
    "C:\Users\Admin\AppData\Local\Temp\253012a62bc1d805c8c0b1bbf936c6f0.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:624
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:436
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:448
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:1592
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4988
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3248
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3808
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4012
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1340
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4276
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1552
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2192
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:920
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4000
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\ExplorerPatcher\WebView2Loader.dll

    Filesize

    136KB

    MD5

    c44baed957b05b9327bd371dbf0dbe99

    SHA1

    80b48c656b8555ebc588de3de0ec6c7e75ae4bf1

    SHA256

    ad8bb426a8e438493db4d703242f373d9cb36d8c13e88b6647cd083716e09bef

    SHA512

    ad1b76594dca7cde6bbcde55bc3abe811f9e903e2cf6613d49201e14e789cfc763cb528d499dd2db84db097a210d63c7d88cc909ca1c836d831e3519c2ce7b35

  • C:\Program Files\ExplorerPatcher\ep_gui.dll

    Filesize

    702KB

    MD5

    50fac6e71b1693c8601e5edfe2314c0c

    SHA1

    ffc45bf1c9a5b0f2ca59d5057335ae79c84306d4

    SHA256

    3c362868f6740606f86b38c5d492f714265ef67bb9b29f64882bdc4a5519621e

    SHA512

    800700b79f227131a76d32e4e8c4073e0906ffe28f1e4d67e7f964747280faf56eabb72bf1520f42abc1a28869d35c956eb094eaf4ce6ed96ab4d4d314ccf391

  • C:\Program Files\ExplorerPatcher\ep_weather_host.dll

    Filesize

    238KB

    MD5

    74d2a253680034bfc1c8b24f3bd777ac

    SHA1

    1a00fb3b4628002149fe560a7e231f0bc4a6e97b

    SHA256

    52a99a4d45e8847decea13d49ef9aea5ebb629d6f810b6d529df344b9f632299

    SHA512

    f3351fb54790e01cf69b66c824a934d9beb8866140a97823d79c18400b8ece845ed71070c5ec2cb21c6f17560fb462794e66b4bc3354e79ef552094c22944063

  • C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll

    Filesize

    109KB

    MD5

    578479c0c09270e357ca9a9320a2540a

    SHA1

    4e0fe7abb9b760004995e95103e28796e986cceb

    SHA256

    f5a33582ac070a90d214d26e70d05f72df1885a8626a837bbe6ff731cd22ed82

    SHA512

    d0ce12ea49e268bfd55c9d72a380ad7c5c23d406124cc917c0d745979f19ff7688fad7c094d118c1d9efdaf66cd66f17daea03e7eb122d24d8571a79620e9954

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExplorerPatcher\Properties (ExplorerPatcher).lnk

    Filesize

    1KB

    MD5

    0e71d0d9ad6a9398389f5bc3b4cf0581

    SHA1

    eb8553ea332d4ca4ddafb3b92f0e1401219aa54d

    SHA256

    6719f4f5095ed6a0d6433cf971da05f4035a0bb695eece4e7ebd31610be83596

    SHA512

    ad69fd28cf394428c4769f67ff25a7216fee53f7e41ea97011a176ac3127c805ec926bc0fdb2b28a5a2428122119e0cf5d8b5472a6794cc9ebd80ab598cb9c06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

    Filesize

    471B

    MD5

    5fc703209706d5e670f0c24e98b38b55

    SHA1

    1131f9996f4d65e64456126e4cd382bb4d1d69a8

    SHA256

    ebef4d16d553f463bfb82cd616f7e47eb165bf04c8113d14d9efdde9942820f8

    SHA512

    bea9a5ec55115379bff7953d9d5c70da5ca583d06929b3e6d413db3bb227eb75a7f3b288be4cbe49e233b70b063b80310a7c64a9cb0124f8ab61ad67de66a138

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

    Filesize

    412B

    MD5

    60a97c31d848d755cde9b74da91f9506

    SHA1

    70edf52d684cffcfbaad13e915702b75c8454d9c

    SHA256

    7ef7137577d3e5be3e33ce2fd90913c5321656b3e21d2c6796afb57cc7bb5bcb

    SHA512

    88786651cd08d6df2634e883362bb110b9a6b1745ee7772292c490711ecc4bc91ab099c955b0f334d42b4a99ce670ce03d66efef2fbb7c831007ae6b5d57a2df

  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133528166756558360.txt

    Filesize

    75KB

    MD5

    12242265c6726697dbc6550781d6dc97

    SHA1

    3f7397a6115655bb9ff5213da5b561671a5ea544

    SHA256

    663c8e619888f112108ed759db90d3079793b2c74fc8a2c052c547be3d33006d

    SHA512

    b153cb61b09b40b7a13e112f6a655eff36306ccd4f11b05c883005340d07dd09d2771690852a715765972cd811f7e75f0bdfc4187a3d7be474762f2e8ced72a4

  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BHN90SAO\microsoft.windows[1].xml

    Filesize

    97B

    MD5

    a49784c6007e88174d13fd2a1d1603c8

    SHA1

    96351722a846ad8a396b7cd3285ac30a8edf3768

    SHA256

    bf97a280596c60fa7130725b7426e7cd5ccfb759c909b5ef0b1575df2654ca91

    SHA512

    b0c5f6550c560e3bee33be9261bee95a006cd63a57d56b3a4b6c3c8f9ca2c6f222bfd2e8933e663f4b644457b48eb638160c8b9a6814b47a3fd4760f74f825ec

  • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

    Filesize

    17.9MB

    MD5

    bc8958ca4f0f0760befa3523238c7d67

    SHA1

    5f75add01201e78860be47a0eb65582733e823c3

    SHA256

    589c2ff9e4ac0465a8b682d6fb988c81b4e91af9f760d174811315681d94b954

    SHA512

    3da6524215e011655c441bd6c085531ce54b81162a6bcb7412977b1f9e488ff600d1a0c6f54252c6c21b76bc8af3b6261632df8f1eccd96e385a0d552a615699

  • C:\Windows\dxgi.dll

    Filesize

    627KB

    MD5

    38fa7926c879b55635a697a6f49cb034

    SHA1

    539cfcee9654ed2a7b04236d3cd907224e1f6d87

    SHA256

    8c1c2a374dc65a688837c3fc1c689b66bc9c2cd57209e576084710aa00c44ea3

    SHA512

    5b8d9cc0e8ef425263aba02b1c539517c16d596ecd31f4c647bc4d6eea86211312527c92be486bb8f739ae114704467467e71dcf68ef2f10ae1909e185a494d4

  • memory/3808-90-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-85-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-92-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-93-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-89-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-88-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-87-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-94-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-86-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-91-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/3808-84-0x00007FFC583B0000-0x00007FFC58551000-memory.dmp

    Filesize

    1.6MB

  • memory/3808-83-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-82-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-81-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-80-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-79-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-78-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/3808-77-0x00007FFC57350000-0x00007FFC57A8F000-memory.dmp

    Filesize

    7.2MB

  • memory/3808-76-0x00007FFC57350000-0x00007FFC57A8F000-memory.dmp

    Filesize

    7.2MB

  • memory/4988-34-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-42-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-48-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-49-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-50-0x00007FFC41FD0000-0x00007FFC425F6000-memory.dmp

    Filesize

    6.1MB

  • memory/4988-51-0x00007FFC41740000-0x00007FFC41D33000-memory.dmp

    Filesize

    5.9MB

  • memory/4988-53-0x00007FFC4AF80000-0x00007FFC4AFD2000-memory.dmp

    Filesize

    328KB

  • memory/4988-52-0x00007FFC4AF80000-0x00007FFC4AFD2000-memory.dmp

    Filesize

    328KB

  • memory/4988-54-0x00007FFC4AF80000-0x00007FFC4AFD2000-memory.dmp

    Filesize

    328KB

  • memory/4988-55-0x00007FFC4AF80000-0x00007FFC4AFD2000-memory.dmp

    Filesize

    328KB

  • memory/4988-56-0x00007FFC4AA30000-0x00007FFC4AA76000-memory.dmp

    Filesize

    280KB

  • memory/4988-57-0x00007FFC42640000-0x00007FFC42859000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-58-0x00007FFC42640000-0x00007FFC42859000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-59-0x00007FFC4A9E0000-0x00007FFC4AA30000-memory.dmp

    Filesize

    320KB

  • memory/4988-61-0x00007FFC4A9E0000-0x00007FFC4AA30000-memory.dmp

    Filesize

    320KB

  • memory/4988-62-0x00007FFC4A8C0000-0x00007FFC4A8FB000-memory.dmp

    Filesize

    236KB

  • memory/4988-65-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-66-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-46-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-74-0x000000000ADF0000-0x000000000ADF8000-memory.dmp

    Filesize

    32KB

  • memory/4988-45-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-44-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-43-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-47-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-41-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-40-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-39-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-38-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-37-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-36-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-35-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-33-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-32-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-31-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-30-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-29-0x00007FF7F6160000-0x00007FF7F65FD000-memory.dmp

    Filesize

    4.6MB

  • memory/4988-28-0x00007FFC583B0000-0x00007FFC58551000-memory.dmp

    Filesize

    1.6MB

  • memory/4988-27-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-26-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-25-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-24-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-23-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-22-0x00007FFC49210000-0x00007FFC49430000-memory.dmp

    Filesize

    2.1MB

  • memory/4988-21-0x00007FFC57350000-0x00007FFC57A8F000-memory.dmp

    Filesize

    7.2MB

  • memory/4988-20-0x00007FFC57350000-0x00007FFC57A8F000-memory.dmp

    Filesize

    7.2MB