Analysis

  • max time kernel
    31s
  • max time network
    72s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-02-2024 09:22

General

  • Target

    entry_1_0/ep_setup (1).exe

  • Size

    2.4MB

  • MD5

    253012a62bc1d805c8c0b1bbf936c6f0

  • SHA1

    33728ba8f5ad3a4f0e1a5d6890022c377c0c00f8

  • SHA256

    a25e2487bb4b638d6333d652db58532f3f29dd5ddb7711f70f52e0e61e8d3f51

  • SHA512

    06842aab184f35c855dbf450534f9de7d66bb5923d0119c3ada19a08dc9f5c2b287321c571cf8b4727927517c6dabe37130e7b9a6eed4892159112ab6e45f57f

  • SSDEEP

    24576:j+G047epooYKZYzX1HWvWKz4E+hhf4udB2mMmsZJlrA9yoiO2V0KcJx3UnpLco7r:B047epoC8cWKssZfM9m1AJxUFr

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
  • Stops running service(s) 3 TTPs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 6 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 36 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 47 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\entry_1_0\ep_setup (1).exe
    "C:\Users\Admin\AppData\Local\Temp\entry_1_0\ep_setup (1).exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:3416
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:220
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:2880
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:4296
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2764
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3580
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3908
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4104
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1760
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2244
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3432
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3844
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1664
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1292
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:3732
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4408
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:1936
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2524
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:4456
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3624
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1324
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3328
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4244

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files\ExplorerPatcher\WebView2Loader.dll

                                    Filesize

                                    136KB

                                    MD5

                                    c44baed957b05b9327bd371dbf0dbe99

                                    SHA1

                                    80b48c656b8555ebc588de3de0ec6c7e75ae4bf1

                                    SHA256

                                    ad8bb426a8e438493db4d703242f373d9cb36d8c13e88b6647cd083716e09bef

                                    SHA512

                                    ad1b76594dca7cde6bbcde55bc3abe811f9e903e2cf6613d49201e14e789cfc763cb528d499dd2db84db097a210d63c7d88cc909ca1c836d831e3519c2ce7b35

                                  • C:\Program Files\ExplorerPatcher\ep_gui.dll

                                    Filesize

                                    702KB

                                    MD5

                                    50fac6e71b1693c8601e5edfe2314c0c

                                    SHA1

                                    ffc45bf1c9a5b0f2ca59d5057335ae79c84306d4

                                    SHA256

                                    3c362868f6740606f86b38c5d492f714265ef67bb9b29f64882bdc4a5519621e

                                    SHA512

                                    800700b79f227131a76d32e4e8c4073e0906ffe28f1e4d67e7f964747280faf56eabb72bf1520f42abc1a28869d35c956eb094eaf4ce6ed96ab4d4d314ccf391

                                  • C:\Program Files\ExplorerPatcher\ep_weather_host.dll

                                    Filesize

                                    238KB

                                    MD5

                                    74d2a253680034bfc1c8b24f3bd777ac

                                    SHA1

                                    1a00fb3b4628002149fe560a7e231f0bc4a6e97b

                                    SHA256

                                    52a99a4d45e8847decea13d49ef9aea5ebb629d6f810b6d529df344b9f632299

                                    SHA512

                                    f3351fb54790e01cf69b66c824a934d9beb8866140a97823d79c18400b8ece845ed71070c5ec2cb21c6f17560fb462794e66b4bc3354e79ef552094c22944063

                                  • C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll

                                    Filesize

                                    109KB

                                    MD5

                                    578479c0c09270e357ca9a9320a2540a

                                    SHA1

                                    4e0fe7abb9b760004995e95103e28796e986cceb

                                    SHA256

                                    f5a33582ac070a90d214d26e70d05f72df1885a8626a837bbe6ff731cd22ed82

                                    SHA512

                                    d0ce12ea49e268bfd55c9d72a380ad7c5c23d406124cc917c0d745979f19ff7688fad7c094d118c1d9efdaf66cd66f17daea03e7eb122d24d8571a79620e9954

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C

                                    Filesize

                                    313B

                                    MD5

                                    26b77e57ebe090ac4524f51dcad8fb5d

                                    SHA1

                                    bf847577c8c0bc93fa659e2ea88436efe30be676

                                    SHA256

                                    3e335beb569fa77f3b3927abda1b9bdbfa7fd57176c888d822f90bad02b817e1

                                    SHA512

                                    994c3042a2582987bb33b7939a165d834b2a0a37bbc238c7a651a09c68653566d8b04c975dcdbdd6dbe2ad92309fd73bed342a1f0e91335d8fd646b5c887dd11

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

                                    Filesize

                                    1KB

                                    MD5

                                    6f69c33a55b1b55c335a3d3c87fd840b

                                    SHA1

                                    2536b9842697e768448c67244bc7aa4d6c4545a6

                                    SHA256

                                    defb6657e0e0ba3f06a92b8097c9e7f5c9ed640824c364ec10ccf2292a3bc0ca

                                    SHA512

                                    60ec69626f194327f22804d38c6c34196a3be6e5b97e243d0ade3cb87c592662f24551b684780b4e06b34009e1fd8f18d77f5a775972409105479ce63fa3b365

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                    Filesize

                                    471B

                                    MD5

                                    572ea307898c8c6eaa8dc4985a77e177

                                    SHA1

                                    07f16d7a86f8b799364a5c654253e9a2058667af

                                    SHA256

                                    a0af8a9e91c0c0e591be7382e2e875d6ad52eb6fa86dbba599704a5d5189e298

                                    SHA512

                                    01f77c6cd80e50006476a66170dcf4238b6b8d5173a20c071605411dc49610d88950b52d6d8935e07301dd69a42c84c713fa50f7d6bc75686b452f77a5a6d191

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

                                    Filesize

                                    471B

                                    MD5

                                    b92c0ede7cfafda116cc6cfb1a941c87

                                    SHA1

                                    581610fd1b36673a8d9535ac808e0204606465d5

                                    SHA256

                                    a354422bd21ba3acc4ad592ced854a0d0093d6e98d4760025005bd3e3f00d577

                                    SHA512

                                    ad0b8fcb4b7221b257d4196952e08ee877f0f8fe4306678fa6288442c2abf2d2241421b8c89c82fb70f65050ce4209d92be9452d92e8b70820776cc754584efe

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C

                                    Filesize

                                    408B

                                    MD5

                                    e3c96567e633b1cf8c503c4724db6fd0

                                    SHA1

                                    430fe9269775f5769facc35f4d19b1ee5090717a

                                    SHA256

                                    c69b306906cdd958cd32d917a15fcb3b54f35cad55e8d8ba4e447e999f8a712c

                                    SHA512

                                    f5c7d6289b2fc345ac343f425465619e6bab46a9a35a529f278e7e955edf95fd38630d4591afc2584e4bb7b32a856598136fee3eb83430c2aebf05c3a91be8f5

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63

                                    Filesize

                                    404B

                                    MD5

                                    aff6a63aca4e4f7acc38306a0f6375dd

                                    SHA1

                                    c23dae70c23e80278698aa68735116f7f0b30abb

                                    SHA256

                                    c4fc78d2bb677a0c1602832a1ee8fb355ce12142642d9498c064d1aae6011a5b

                                    SHA512

                                    596d5b12b0838b630a5274ae57ba818829d4e1a8db3046ac4eda6424a3f5d230894e4b7108259f29adcbebd46c1970c1b413b43393f44b7dc2577084d2b94e4a

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                    Filesize

                                    400B

                                    MD5

                                    fdd8bc387977849b6f87aab262904294

                                    SHA1

                                    337e9a12b2e84bff676059a31319fd0ac1d22553

                                    SHA256

                                    096f11e26931cf3838cb75a24e0cd2344c776ff46da0a312b8095152648230a9

                                    SHA512

                                    b910a2706f918468a744dc1ef02efee41b8ffef74a19bcc6c3cab59376aee4c0ce03f43590f1dd01c600cc64a37ca1837064ef60ce75cd72d30a37182bb893d2

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

                                    Filesize

                                    404B

                                    MD5

                                    c5b14f7020722b6c9bc7b531cd4912e7

                                    SHA1

                                    91d81369cc903f45514058cbb6cb4da07025d42d

                                    SHA256

                                    7592249dccca253458b6877a74716009251652dbb8f9ed29c195a2fa4f23b836

                                    SHA512

                                    29f61590bb549648e299647d014ff7846aee3bb54f03cbb68ec432b7fff59c2857d1452a639956c887c10762e48bcdcdb59ec5a8ad506d12164f0f0b214a8188

                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

                                    Filesize

                                    22KB

                                    MD5

                                    ce724509ddcb97da29efb2a13f41b3f2

                                    SHA1

                                    f02145ece51e0ba99056e2275fc33d89867d95e5

                                    SHA256

                                    8a4bf3b55021808df2316da3b429001ee4946bc161e35ca25a981dfd69410387

                                    SHA512

                                    772a41d2bf44771ed164d869cf57111959e3e0031f09d78d138e4403e3dc96fa1a0fb70a56894124130fd3d4bee7d840a8013c37f0378a70aca8d9ce52c978fa

                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1HCECE5V\microsoft.windows[1].xml

                                    Filesize

                                    97B

                                    MD5

                                    6583a2f89cc3c90f77ffa922acf7ee63

                                    SHA1

                                    eccd205c1bb4764f160e86cfd0d860976c32708f

                                    SHA256

                                    34cbdb325cf0420e4bfbc19da431b639890b153b6ac0635ce79ba37ffc677ac2

                                    SHA512

                                    0c7daec9157074607177f75d7ccf190027d9e1830d832cbf16426bfcf221258db4fba74ee35f20c85a9bd6022a1db0409a2f3ec84ecc7317142cf9759eead021

                                  • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

                                    Filesize

                                    956KB

                                    MD5

                                    43e1e762002934d5a977d230e303e1a8

                                    SHA1

                                    437f743dc2a41164d8be1521df35cadd69be5905

                                    SHA256

                                    ac18b5a5de8734ce5d944ef9ee269de58a07ab7c540233404c5266265f649a40

                                    SHA512

                                    349f9905cd5036792cb8bf8382d1bd5e09ae701de023ec7b41a555782c1619e27f52163a53fbe5bd1fc0b5f68146227dc06a4551f75e4509baa4041cfa9a1bae

                                  • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

                                    Filesize

                                    480KB

                                    MD5

                                    d1876a4fe1849914b95578d22607091a

                                    SHA1

                                    a0608475469e29a9901080cc9dcd9eb3bf9a5e53

                                    SHA256

                                    8b1a8fe646f9c6cf080ba144d706072c9c8f293b7d69cfbd655ab7ba5006fc1d

                                    SHA512

                                    b7fe77f468ec8dc4f2028b52da46407e0d57fcfce95541b575a21a051d7b51ff5ab8d637f01bd8c42a724131fecf1f5509391a51f7d1efc1d506b109c87dd401

                                  • C:\Users\Admin\AppData\Roaming\ExplorerPatcher\twinui.pcshell.pdb

                                    Filesize

                                    2.2MB

                                    MD5

                                    0c3519dacafb7c08d95c7b1615c669a6

                                    SHA1

                                    eccef2c11bd7f492c8cc3cab331cdd33f30f7b59

                                    SHA256

                                    70d6d337d8f3e7e7927ddd2f718350cd5194815ccbe3399c54bc38d3bc35dfc5

                                    SHA512

                                    f7bc729e58c9d1ce36335f0657b1f154bd5542e2319fd409e24779cd984a6ebb7f28ab0d16e6c8d21b2bb607206040ea0f4b79e9478e5a9f273dc39af9480d7a

                                  • C:\Windows\dxgi.dll

                                    Filesize

                                    627KB

                                    MD5

                                    38fa7926c879b55635a697a6f49cb034

                                    SHA1

                                    539cfcee9654ed2a7b04236d3cd907224e1f6d87

                                    SHA256

                                    8c1c2a374dc65a688837c3fc1c689b66bc9c2cd57209e576084710aa00c44ea3

                                    SHA512

                                    5b8d9cc0e8ef425263aba02b1c539517c16d596ecd31f4c647bc4d6eea86211312527c92be486bb8f739ae114704467467e71dcf68ef2f10ae1909e185a494d4

                                  • memory/2764-57-0x00007FFA90E10000-0x00007FFA91029000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-52-0x00007FFA9D810000-0x00007FFA9D862000-memory.dmp

                                    Filesize

                                    328KB

                                  • memory/2764-32-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-33-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-34-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-35-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-36-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-37-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-38-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-39-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-40-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-41-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-43-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-44-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-45-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-46-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-48-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-49-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-50-0x00007FFA8D040000-0x00007FFA8D666000-memory.dmp

                                    Filesize

                                    6.1MB

                                  • memory/2764-47-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-53-0x00007FFA9D810000-0x00007FFA9D862000-memory.dmp

                                    Filesize

                                    328KB

                                  • memory/2764-55-0x00007FFA9D810000-0x00007FFA9D862000-memory.dmp

                                    Filesize

                                    328KB

                                  • memory/2764-30-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-59-0x00007FFA9A1D0000-0x00007FFA9A220000-memory.dmp

                                    Filesize

                                    320KB

                                  • memory/2764-62-0x00007FFA9D780000-0x00007FFA9D7BB000-memory.dmp

                                    Filesize

                                    236KB

                                  • memory/2764-65-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-66-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-61-0x00007FFA9A1D0000-0x00007FFA9A220000-memory.dmp

                                    Filesize

                                    320KB

                                  • memory/2764-58-0x00007FFA90E10000-0x00007FFA91029000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-56-0x00007FFA9D7C0000-0x00007FFA9D806000-memory.dmp

                                    Filesize

                                    280KB

                                  • memory/2764-54-0x00007FFA9D810000-0x00007FFA9D862000-memory.dmp

                                    Filesize

                                    328KB

                                  • memory/2764-31-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-51-0x00007FFA8FD30000-0x00007FFA90323000-memory.dmp

                                    Filesize

                                    5.9MB

                                  • memory/2764-42-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/2764-20-0x00007FFAA66F0000-0x00007FFAA6E2F000-memory.dmp

                                    Filesize

                                    7.2MB

                                  • memory/2764-21-0x00007FFAA66F0000-0x00007FFAA6E2F000-memory.dmp

                                    Filesize

                                    7.2MB

                                  • memory/2764-22-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-23-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-24-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-25-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-26-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-27-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/2764-28-0x00007FFAA5470000-0x00007FFAA5611000-memory.dmp

                                    Filesize

                                    1.6MB

                                  • memory/2764-29-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-82-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-92-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-87-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-89-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-88-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-90-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-91-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-85-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-94-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-86-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-84-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-80-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-79-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-78-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-77-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-76-0x00007FFAA66F0000-0x00007FFAA6E2F000-memory.dmp

                                    Filesize

                                    7.2MB

                                  • memory/3908-75-0x00007FFAA66F0000-0x00007FFAA6E2F000-memory.dmp

                                    Filesize

                                    7.2MB

                                  • memory/3908-81-0x00007FFA98570000-0x00007FFA98790000-memory.dmp

                                    Filesize

                                    2.1MB

                                  • memory/3908-93-0x00007FF7AF3D0000-0x00007FF7AF86D000-memory.dmp

                                    Filesize

                                    4.6MB

                                  • memory/3908-83-0x00007FFAA5470000-0x00007FFAA5611000-memory.dmp

                                    Filesize

                                    1.6MB