Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

67593a87ba...15.exe

windows7-x64

10

67593a87ba...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    88s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67593a87ba04b2e579417b8de747f9b063a656292bd47793670a0d1db52d7915.exe

  • Size

    1.5MB

  • MD5

    3d6266994b6a6ab81ed2b6906e401f22

  • SHA1

    7641eada4b3841d2763ee904505518e22a6b59ab

  • SHA256

    67593a87ba04b2e579417b8de747f9b063a656292bd47793670a0d1db52d7915

  • SHA512

    e367fbe5643da89e54a5fa7ab47bfd9155bfdc68115eed32d3e3a417ef3f55e2a897d47e9b8736f4b5fea28fbce6fe8f97b67049366761b2bf6e161b9b91c15c

  • SSDEEP

    24576:i/k+YRDw0pskyxARw0dymEjjzF5OJhC0BJKpSg1MlBqWfwD1a:Sk3DVpsx6Rf0Fjjz8C4ISg1OACwD1

Score
10/10
cobaltstrikebackdoorpersistencetrojan

Malware Config

Extracted

Family

cobaltstrike

C2

http://10.211.55.2:801/XXXXXX

Attributes
  • user_agent

    User-Agent: Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 7.1; Trident/5.0)

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Program crash 27 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\67593a87ba04b2e579417b8de747f9b063a656292bd47793670a0d1db52d7915.exe
      "C:\Users\Admin\AppData\Local\Temp\67593a87ba04b2e579417b8de747f9b063a656292bd47793670a0d1db52d7915.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1936
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2952 -s 7804
      2⤵
      • Program crash
      PID:4116
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 436 -p 2952 -ip 2952
    1⤵
      PID:3228
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2572
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2572 -s 6072
        2⤵
        • Program crash
        PID:324
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2664
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -pss -s 452 -p 2572 -ip 2572
      1⤵
        PID:3804
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3880
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 3880 -s 5944
          2⤵
          • Program crash
          PID:644
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3972
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1720
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 1720 -s 4012
          2⤵
          • Program crash
          PID:3540
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -pss -s 420 -p 1720 -ip 1720
        1⤵
          PID:3196
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -pss -s 360 -p 3880 -ip 3880
          1⤵
            PID:3708
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Modifies registry class
            • Suspicious use of SendNotifyMessage
            PID:4060
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 4060 -s 5844
              2⤵
              • Program crash
              PID:4040
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:440
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:1628
              • C:\Windows\system32\WerFault.exe
                C:\Windows\system32\WerFault.exe -u -p 1628 -s 2880
                2⤵
                • Program crash
                PID:2404
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -pss -s 412 -p 1628 -ip 1628
              1⤵
                PID:1428
              • C:\Windows\system32\WerFault.exe
                C:\Windows\system32\WerFault.exe -pss -s 608 -p 4060 -ip 4060
                1⤵
                  PID:3864
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                  • Modifies Installed Components in the registry
                  • Modifies registry class
                  • Suspicious use of SendNotifyMessage
                  PID:4444
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -u -p 4444 -s 6048
                    2⤵
                    • Program crash
                    PID:4476
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:1108
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -pss -s 544 -p 4444 -ip 4444
                    1⤵
                      PID:3600
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4724
                        • C:\Windows\system32\WerFault.exe
                          C:\Windows\system32\WerFault.exe -u -p 4724 -s 7512
                          2⤵
                          • Program crash
                          PID:4152
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3940
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4836
                            • C:\Windows\system32\WerFault.exe
                              C:\Windows\system32\WerFault.exe -u -p 4836 -s 3572
                              2⤵
                              • Program crash
                              PID:2052
                          • C:\Windows\system32\WerFault.exe
                            C:\Windows\system32\WerFault.exe -pss -s 504 -p 4836 -ip 4836
                            1⤵
                              PID:2980
                            • C:\Windows\system32\WerFault.exe
                              C:\Windows\system32\WerFault.exe -pss -s 548 -p 4724 -ip 4724
                              1⤵
                                PID:3544
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3980
                                  • C:\Windows\system32\WerFault.exe
                                    C:\Windows\system32\WerFault.exe -u -p 3980 -s 7548
                                    2⤵
                                    • Program crash
                                    PID:4944
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1580
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4012
                                      • C:\Windows\system32\WerFault.exe
                                        C:\Windows\system32\WerFault.exe -u -p 4012 -s 3528
                                        2⤵
                                        • Program crash
                                        PID:3628
                                    • C:\Windows\system32\WerFault.exe
                                      C:\Windows\system32\WerFault.exe -pss -s 420 -p 4012 -ip 4012
                                      1⤵
                                        PID:4716
                                      • C:\Windows\system32\WerFault.exe
                                        C:\Windows\system32\WerFault.exe -pss -s 564 -p 3980 -ip 3980
                                        1⤵
                                          PID:2724
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3136
                                            • C:\Windows\system32\WerFault.exe
                                              C:\Windows\system32\WerFault.exe -u -p 3136 -s 7500
                                              2⤵
                                              • Program crash
                                              PID:4736
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:764
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3460
                                                • C:\Windows\system32\WerFault.exe
                                                  C:\Windows\system32\WerFault.exe -u -p 3460 -s 3528
                                                  2⤵
                                                  • Program crash
                                                  PID:1936
                                              • C:\Windows\system32\WerFault.exe
                                                C:\Windows\system32\WerFault.exe -pss -s 444 -p 3460 -ip 3460
                                                1⤵
                                                  PID:4464
                                                • C:\Windows\system32\WerFault.exe
                                                  C:\Windows\system32\WerFault.exe -pss -s 452 -p 3136 -ip 3136
                                                  1⤵
                                                    PID:1320
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3860
                                                      • C:\Windows\system32\WerFault.exe
                                                        C:\Windows\system32\WerFault.exe -u -p 3860 -s 6056
                                                        2⤵
                                                        • Program crash
                                                        PID:840
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1872
                                                      • C:\Windows\system32\WerFault.exe
                                                        C:\Windows\system32\WerFault.exe -pss -s 552 -p 3860 -ip 3860
                                                        1⤵
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:440
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2572
                                                          • C:\Windows\system32\WerFault.exe
                                                            C:\Windows\system32\WerFault.exe -u -p 2572 -s 7232
                                                            2⤵
                                                            • Program crash
                                                            PID:2396
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2144
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:1936
                                                              • C:\Windows\system32\WerFault.exe
                                                                C:\Windows\system32\WerFault.exe -u -p 1936 -s 3536
                                                                2⤵
                                                                • Program crash
                                                                PID:4716
                                                            • C:\Windows\system32\WerFault.exe
                                                              C:\Windows\system32\WerFault.exe -pss -s 384 -p 1936 -ip 1936
                                                              1⤵
                                                                PID:4292
                                                              • C:\Windows\system32\WerFault.exe
                                                                C:\Windows\system32\WerFault.exe -pss -s 424 -p 2572 -ip 2572
                                                                1⤵
                                                                  PID:4836
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4080
                                                                    • C:\Windows\system32\WerFault.exe
                                                                      C:\Windows\system32\WerFault.exe -u -p 4080 -s 7316
                                                                      2⤵
                                                                      • Program crash
                                                                      PID:1264
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:1908
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:2624
                                                                        • C:\Windows\system32\WerFault.exe
                                                                          C:\Windows\system32\WerFault.exe -u -p 2624 -s 3600
                                                                          2⤵
                                                                          • Program crash
                                                                          PID:2368
                                                                      • C:\Windows\system32\WerFault.exe
                                                                        C:\Windows\system32\WerFault.exe -pss -s 548 -p 2624 -ip 2624
                                                                        1⤵
                                                                          PID:436
                                                                        • C:\Windows\system32\WerFault.exe
                                                                          C:\Windows\system32\WerFault.exe -pss -s 504 -p 4080 -ip 4080
                                                                          1⤵
                                                                            PID:2652
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3244
                                                                              • C:\Windows\system32\WerFault.exe
                                                                                C:\Windows\system32\WerFault.exe -u -p 3244 -s 6012
                                                                                2⤵
                                                                                • Program crash
                                                                                PID:3556
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3408
                                                                              • C:\Windows\system32\WerFault.exe
                                                                                C:\Windows\system32\WerFault.exe -pss -s 612 -p 3244 -ip 3244
                                                                                1⤵
                                                                                  PID:1560
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3548
                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                      C:\Windows\system32\WerFault.exe -u -p 3548 -s 5800
                                                                                      2⤵
                                                                                      • Program crash
                                                                                      PID:416
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4880
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:3076
                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                          C:\Windows\system32\WerFault.exe -u -p 3076 -s 3520
                                                                                          2⤵
                                                                                          • Program crash
                                                                                          PID:4344
                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                        C:\Windows\system32\WerFault.exe -pss -s 488 -p 3076 -ip 3076
                                                                                        1⤵
                                                                                          PID:5116
                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                          C:\Windows\system32\WerFault.exe -pss -s 420 -p 3548 -ip 3548
                                                                                          1⤵
                                                                                            PID:4816
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4104
                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                C:\Windows\system32\WerFault.exe -u -p 4104 -s 5776
                                                                                                2⤵
                                                                                                • Program crash
                                                                                                PID:632
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4672
                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                C:\Windows\system32\WerFault.exe -pss -s 544 -p 4104 -ip 4104
                                                                                                1⤵
                                                                                                  PID:2124
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1308
                                                                                                    • C:\Windows\system32\WerFault.exe
                                                                                                      C:\Windows\system32\WerFault.exe -u -p 1308 -s 3456
                                                                                                      2⤵
                                                                                                      • Program crash
                                                                                                      PID:1900
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3372
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4860
                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                          C:\Windows\system32\WerFault.exe -u -p 4860 -s 2672
                                                                                                          2⤵
                                                                                                          • Program crash
                                                                                                          PID:4152
                                                                                                      • C:\Windows\system32\WerFault.exe
                                                                                                        C:\Windows\system32\WerFault.exe -pss -s 592 -p 4860 -ip 4860
                                                                                                        1⤵
                                                                                                          PID:940
                                                                                                        • C:\Windows\system32\WerFault.exe
                                                                                                          C:\Windows\system32\WerFault.exe -pss -s 536 -p 1308 -ip 1308
                                                                                                          1⤵
                                                                                                            PID:3564
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:3656
                                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                                C:\Windows\system32\WerFault.exe -u -p 3656 -s 6076
                                                                                                                2⤵
                                                                                                                • Program crash
                                                                                                                PID:5092
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:4228
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:4440
                                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                                    C:\Windows\system32\WerFault.exe -u -p 4440 -s 3564
                                                                                                                    2⤵
                                                                                                                    • Program crash
                                                                                                                    PID:2380
                                                                                                                • C:\Windows\system32\WerFault.exe
                                                                                                                  C:\Windows\system32\WerFault.exe -pss -s 420 -p 4440 -ip 4440
                                                                                                                  1⤵
                                                                                                                    PID:1252
                                                                                                                  • C:\Windows\system32\WerFault.exe
                                                                                                                    C:\Windows\system32\WerFault.exe -pss -s 560 -p 3656 -ip 3656
                                                                                                                    1⤵
                                                                                                                      PID:2976
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4240
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:3472
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:4392
                                                                                                                            • C:\Windows\system32\WerFault.exe
                                                                                                                              C:\Windows\system32\WerFault.exe -u -p 4392 -s 3544
                                                                                                                              2⤵
                                                                                                                              • Program crash
                                                                                                                              PID:1988
                                                                                                                          • C:\Windows\system32\WerFault.exe
                                                                                                                            C:\Windows\system32\WerFault.exe -pss -s 412 -p 4392 -ip 4392
                                                                                                                            1⤵
                                                                                                                              PID:3264

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              3cd4fca4d4509bcb7d7cd12aa5257e13

                                                                                                                              SHA1

                                                                                                                              6420e012f1863abe74ebd08c0c93ee9449cd1f11

                                                                                                                              SHA256

                                                                                                                              42f6ee82ea0571af5618df4a3f7bba0f805a3a6c2f370f0c16186263d2665b89

                                                                                                                              SHA512

                                                                                                                              19788dd7e0d5aaf3cbdf7785ac80a6d10a8c3c5f5d5fba180fa65619ffe2d93bf708d882bb59f79c9a3c79b7745515eba5d14f11b5cba5995afc32d0f15f5400

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
                                                                                                                              Filesize

                                                                                                                              404B

                                                                                                                              MD5

                                                                                                                              9572f01a0cdfd7a5e836cb1abe21a3ed

                                                                                                                              SHA1

                                                                                                                              2f13b384058e29482af588e59912afa79302052f

                                                                                                                              SHA256

                                                                                                                              0a253927867481062b3fe77f29fc414f8bdfb39980278393078a7eb35dadef82

                                                                                                                              SHA512

                                                                                                                              8c6aaaa9d3c835258eb8f56049a0ed759dd08d6b5c2fed697a8af8553dbfb667ca2c83110f9913101ba1276d2928976e0151f05d9fb1c05e5ac8b4ae30fd485d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BT784649\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              ca164f0f7f747b1e307432b30c0ee059

                                                                                                                              SHA1

                                                                                                                              4a9a2dd1dd0ca2eb016f0900bbbd3f879fbaef11

                                                                                                                              SHA256

                                                                                                                              d9c707addf2be3f865272f0e66f209e50ccea6dec0443dea6f756698bceaca84

                                                                                                                              SHA512

                                                                                                                              c0cebdabe4a193662fc6680fde0691534c456e3221a7df4e32f5d078f7c93561223ebfa6e3ce0b3f63f0338703f92c04ba9e5d31f9a4cdb7b809dc288ebd75f9

                                                                                                                              Download Submit

                                                                                                                            • memory/1308-328-0x00000000044E0000-0x00000000044E1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1628-180-0x000001E3AFD60000-0x000001E3AFD80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1628-177-0x000001E3AF950000-0x000001E3AF970000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1628-174-0x000001E3AF990000-0x000001E3AF9B0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1720-155-0x000001D6E4250000-0x000001D6E4270000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1720-153-0x000001D6E3E40000-0x000001D6E3E60000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1720-151-0x000001D6E3E80000-0x000001D6E3EA0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1936-270-0x0000027339070000-0x0000027339090000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1936-267-0x0000027338C60000-0x0000027338C80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1936-265-0x0000027338CA0000-0x0000027338CC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2572-257-0x0000000004210000-0x0000000004211000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2624-292-0x0000022E43C60000-0x0000022E43C80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2624-290-0x0000022E43850000-0x0000022E43870000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2624-288-0x0000022E43890000-0x0000022E438B0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2952-133-0x0000000003260000-0x0000000003261000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2952-135-0x0000000002C50000-0x0000000002C51000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3076-314-0x0000017A219D0000-0x0000017A219F0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3076-312-0x0000017A21D20000-0x0000017A21D40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3076-316-0x0000017A220E0000-0x0000017A22100000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3136-233-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3460-244-0x00000231AE750000-0x00000231AE770000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3460-241-0x00000231AE790000-0x00000231AE7B0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3460-246-0x00000231AEB60000-0x00000231AEB80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3548-305-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3656-352-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3880-145-0x0000000004500000-0x0000000004501000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3980-213-0x0000000004300000-0x0000000004301000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4012-221-0x0000020F4FF80000-0x0000020F4FFA0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4012-223-0x0000020F4FF40000-0x0000020F4FF60000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4012-225-0x0000020F50350000-0x0000020F50370000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4060-166-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4080-280-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4240-374-0x0000000002860000-0x0000000002861000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4392-382-0x0000029233B60000-0x0000029233B80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4392-385-0x0000029233B20000-0x0000029233B40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4392-388-0x0000029233F20000-0x0000029233F40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4440-359-0x000001F6276D0000-0x000001F6276F0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4440-361-0x000001F627690000-0x000001F6276B0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4440-363-0x000001F627AA0000-0x000001F627AC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4724-190-0x0000000003190000-0x0000000003191000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4836-198-0x000001BCADE80000-0x000001BCADEA0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4836-201-0x000001BCADE40000-0x000001BCADE60000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4836-205-0x000001BCAE250000-0x000001BCAE270000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4860-341-0x000001B7AF4C0000-0x000001B7AF4E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4860-338-0x000001B7AEDB0000-0x000001B7AEDD0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4860-336-0x000001B7AF100000-0x000001B7AF120000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download