Overview

overview

10

Static

static

10

ep_setup.exe

windows7-x64

1

ep_setup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    66s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ep_setup.exe

  • Size

    2.4MB

  • MD5

    0f0d942625a01ba2bfa7f4ff6374f03b

  • SHA1

    8c08e5ff28353a0116f57afb9e8e1cd0641cffd3

  • SHA256

    0d46bd6e83d661567efd6d79ae760a041f6a1ea72b4b043da428c7fbb93ad27f

  • SHA512

    be976731c23ea8042cc354a98988c0d1832f548d62ae32d8969cd739ee7ee546ea2635550ea803bd9be4c6f3c2518928e1e179233aeca7ae324190b3b4b51ea7

  • SSDEEP

    24576:jvRLtzMabuizATYgBgYBUC6PPE+hhf4udB2mMRK+ZJlrF9ZoiO2V0UcSG3UN9d1r:dRzMabfnwn62Zfp9b1+SkUw

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Stops running service(s) 3 TTPs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 11 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 58 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ep_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\ep_setup.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3948
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:1992
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:4532
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:2836
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:876
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4196
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2228
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4428
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3464
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4676
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1584
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4104
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:3536
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Program Files\ExplorerPatcher\ep_gui.dll",ZZGUI
        2⤵
          PID:4076
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:4204
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4580
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4540
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:2284
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:1816
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4732
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1128

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Program Files\ExplorerPatcher\WebView2Loader.dll
                      Filesize

                      136KB

                      MD5

                      c44baed957b05b9327bd371dbf0dbe99

                      SHA1

                      80b48c656b8555ebc588de3de0ec6c7e75ae4bf1

                      SHA256

                      ad8bb426a8e438493db4d703242f373d9cb36d8c13e88b6647cd083716e09bef

                      SHA512

                      ad1b76594dca7cde6bbcde55bc3abe811f9e903e2cf6613d49201e14e789cfc763cb528d499dd2db84db097a210d63c7d88cc909ca1c836d831e3519c2ce7b35

                      Download Submit

                    • C:\Program Files\ExplorerPatcher\ep_gui.dll
                      Filesize

                      702KB

                      MD5

                      8500f437ff1722d32d25ec4593d8d260

                      SHA1

                      777568914f579d8908c8afee0b2ff1690b97a77b

                      SHA256

                      650b6015c316ea793c4703c960ed5ba105f2b7fafb0692e04320e6044fc9ac58

                      SHA512

                      baa1c8e7f0285c6914bae6980aaa54e95152003485cea180dfaa7505e2dc8462d4e0e22eaa56bda088be550375e521d0f131b58f184a63361f7ca47510a3a344

                      Download Submit

                    • C:\Program Files\ExplorerPatcher\ep_weather_host.dll
                      Filesize

                      238KB

                      MD5

                      bf39429762a6ac4606516dd454ee3d32

                      SHA1

                      8388f4ddd5c91a3dc3c64ec7572ff0c9a16cb304

                      SHA256

                      a3429b8060930cdfed715f5baf4cb9bf1d48a9fcaa25bf84c02587cbf502da88

                      SHA512

                      054270517c3b6800f9efcbcf40bd49a5f845e5687f8b9ada07ac23dec993c9dcb4085fc941df56f8a5aae38ddd54d2520ecfd5fa520e33dd36c44b9fc58e0954

                      Download Submit

                    • C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll
                      Filesize

                      109KB

                      MD5

                      27db891c07f48b2aa217916e313b4290

                      SHA1

                      4e78b077ee65244c04261de5cee48af9db527a45

                      SHA256

                      c37861c2d351366d55b39f95336625f5d4a23b83839b8c419531322aded6d679

                      SHA512

                      4b3792ffc63a2dc44ecace6716b5cac09fff326abb5932e2ae42bb77fefff9acddbdbf7443caaa9fba12b41dd41ab7887dbdaa15066ace23b91ab24c34bd4727

                      Download Submit

                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExplorerPatcher\Properties (ExplorerPatcher).lnk
                      Filesize

                      1KB

                      MD5

                      58bd28356a28f40b1c0985d1f7dccdd0

                      SHA1

                      eb2f3f344e7ce5a27f8379bb6f2140756a1a858b

                      SHA256

                      d0a24801db3def763185329421776dcc641a61a392f509e435cd5686b081ffc2

                      SHA512

                      8d27e1fe4c284306273de56cd52def8eb1a5267ce028fd50a98ac1ece0f02bb35abb2b4f947e085087ea643e6ab3284c7cb453ac2895148e4c0d834c66a93e6f

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                      Filesize

                      1KB

                      MD5

                      6bce6857a403bd80ad3c6d4f3dfbd370

                      SHA1

                      341696e9d77c1848b6bc338c802c05c0d7818ce4

                      SHA256

                      34be38f89b9ff580e9d4bf4a3d05146fc873cef427095e724ca9defea50d64d2

                      SHA512

                      73b548e215c37bbd27ef78cf3d59547ab6c2905d30a8b8911b629629f5232c93fc131b088ad22b3cbf8c214b1dc8020802da6a8b23fb1ad4c9388668cb0c17fa

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                      Filesize

                      404B

                      MD5

                      f19f48d3a3ecdaebefa0899ff4fcb659

                      SHA1

                      4734f67d46dc5f036a045eccc7dcd1f8424b2956

                      SHA256

                      7473580cf33f1f365562516f7190b51fe472e0fac96f0e4aa9c30362cacbcf80

                      SHA512

                      45f1cc3aba7ba70a0f8fa5ca8809910e8da032827b4ab063716b8af6fc6aa36322ef80d4a9894c4ca1bd456df74d152d974a73a2f5ff56e622a6a95c8e2c0ad2

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\173XOV43\microsoft.windows[1].xml
                      Filesize

                      97B

                      MD5

                      69218a4104d98cc60771adb1196cdc00

                      SHA1

                      4f246fa40fdc113a981baf6878b76105315f4716

                      SHA256

                      eae1b6694a6a0ede1fec00de1f4c50c73d39083ef584b85c6ee2c2a9275ee0cc

                      SHA512

                      80ba7bbfc84da3941d571a526c8c94ee7d4b31744279137d4f38b55d84c682647c3ce57652e7729e03ce1a2562b416be79687024a51a3d01161db808790d5ae4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb
                      Filesize

                      2.5MB

                      MD5

                      e3da5bba73faff59abc7bddc7246838b

                      SHA1

                      a6abf136fca12206df1364213233b1cc91d442ad

                      SHA256

                      8922d11b22e0a5303680c5be72e1bcbc48cfe956385a0f50f5b71fd3ac9a9b40

                      SHA512

                      3f64c4fc9e3e82d4a209e59df19c2659c4bf75bcde44f55db9fe17456df784e6dbb2f9e82b9f6ba35a253fc9a41f302f19f045f55ea61def87001820d021c3b9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb
                      Filesize

                      412KB

                      MD5

                      16696babca5c66e354efe1fe47cd4b31

                      SHA1

                      c231ebad2e9cdada73da385965bfe9c1696cbbf9

                      SHA256

                      45659714445af1a30faa93b09c579bfd4c1f51d494143915c6ace0a0161357e5

                      SHA512

                      37c3428c26b77ca8b6776f1bbbef59f4933f3595b349409dfd746164aa7dd78de81ca9f8c86187e9b241e17277476eb6087a1db2170463aba29a8de729ad3631

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb
                      Filesize

                      604KB

                      MD5

                      a86578914bb80cfb08e8db3cbda01fad

                      SHA1

                      448c469ef61a5609709dd7f1a8b24f306ad4d1ac

                      SHA256

                      ea3151b8111ad883654898e1dc5dc8df1e9fa46a37c689c4c34bc9ea284026af

                      SHA512

                      1c9a77349031eb7a6ba1a2d4a0467d7011024ed77e9cc2a60c0939f9c89408fca4390d96605613427b1b479a154183e12f8be183615444dcf6cd4db840bdff42

                      Download Submit

                    • C:\Windows\dxgi.dll
                      Filesize

                      626KB

                      MD5

                      7638f76208571b7c3a2a42dd9b2fcd4c

                      SHA1

                      71dda667c93210c880115044eaf9e8b22c64466d

                      SHA256

                      ecd3d3961c5dc287413bccc5554250a0baa032326617db5140d9c23f4a51a024

                      SHA512

                      957304e779851d27b5b0b1f936ed26a7bf4e65db56ea4fb845c4ddb1f695c220524b133b374825cff93c0b55e0138010d05153ea373fa9fcba848c11b5761349

                      Download Submit

                    • memory/4196-51-0x00007FF8CB530000-0x00007FF8CBB56000-memory.dmp

                      Filesize

                      6.1MB

                      Download

                    • memory/4196-56-0x00007FF8D06D0000-0x00007FF8D0722000-memory.dmp

                      Filesize

                      328KB

                      Download

                    • memory/4196-26-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-27-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-28-0x00007FF8D9B60000-0x00007FF8D9D01000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4196-29-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-30-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-31-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-32-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-33-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-34-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-35-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-36-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-37-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-38-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-39-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-40-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-41-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-42-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-43-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-44-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-45-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-46-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-47-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-48-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-49-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-24-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-52-0x00007FF8C3010000-0x00007FF8C3603000-memory.dmp

                      Filesize

                      5.9MB

                      Download

                    • memory/4196-54-0x00007FF8D06D0000-0x00007FF8D0722000-memory.dmp

                      Filesize

                      328KB

                      Download

                    • memory/4196-53-0x00007FF8D06D0000-0x00007FF8D0722000-memory.dmp

                      Filesize

                      328KB

                      Download

                    • memory/4196-55-0x00007FF8D06D0000-0x00007FF8D0722000-memory.dmp

                      Filesize

                      328KB

                      Download

                    • memory/4196-25-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-57-0x00007FF8D0680000-0x00007FF8D06C6000-memory.dmp

                      Filesize

                      280KB

                      Download

                    • memory/4196-58-0x00007FF8CD810000-0x00007FF8CDA29000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-59-0x00007FF8CD810000-0x00007FF8CDA29000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-60-0x00007FF8D05C0000-0x00007FF8D0610000-memory.dmp

                      Filesize

                      320KB

                      Download

                    • memory/4196-62-0x00007FF8D05C0000-0x00007FF8D0610000-memory.dmp

                      Filesize

                      320KB

                      Download

                    • memory/4196-63-0x00007FF8D0880000-0x00007FF8D08BB000-memory.dmp

                      Filesize

                      236KB

                      Download

                    • memory/4196-66-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-67-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4196-20-0x00007FF8D9D10000-0x00007FF8DA44F000-memory.dmp

                      Filesize

                      7.2MB

                      Download

                    • memory/4196-21-0x00007FF8D9D10000-0x00007FF8DA44F000-memory.dmp

                      Filesize

                      7.2MB

                      Download

                    • memory/4196-22-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4196-23-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-89-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-80-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-81-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-82-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-83-0x00007FF8D9B60000-0x00007FF8D9D01000-memory.dmp

                      Filesize

                      1.6MB

                      Download

                    • memory/4428-85-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-86-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-84-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-88-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-87-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-91-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-90-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-79-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-78-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-77-0x00007FF8CDB80000-0x00007FF8CDDA0000-memory.dmp

                      Filesize

                      2.1MB

                      Download

                    • memory/4428-76-0x00007FF8D9D10000-0x00007FF8DA44F000-memory.dmp

                      Filesize

                      7.2MB

                      Download

                    • memory/4428-75-0x00007FF8D9D10000-0x00007FF8DA44F000-memory.dmp

                      Filesize

                      7.2MB

                      Download

                    • memory/4428-92-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-93-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download

                    • memory/4428-94-0x00007FF6F8710000-0x00007FF6F8BAD000-memory.dmp

                      Filesize

                      4.6MB

                      Download