Overview

overview

8

Static

static

3

70d39aadf8...c8.exe

windows7-x64

8

70d39aadf8...c8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/09/2023, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70d39aadf888c40ac8012a374502cd909e99d0245697dc552f1509516ee81dc8.exe

  • Size

    3.2MB

  • MD5

    30ee39aa21a7ac9d092c573f85d9a1ea

  • SHA1

    addf117ddb9dfab332255fccf66ea444f70974f2

  • SHA256

    70d39aadf888c40ac8012a374502cd909e99d0245697dc552f1509516ee81dc8

  • SHA512

    39693d675057f6604544c9b16454922937254840b59e9d41fcd33c6c2520a52531a950c5ee557fd1441b0f9d5dc9ce67a8e88e7e46ce1591de38ee9a2a50b796

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlWdLyXhz9e34TNQl1jYcI01Zl:c+8X9G3vP3AM81yXLTNM1zIU

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 6 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\70d39aadf888c40ac8012a374502cd909e99d0245697dc552f1509516ee81dc8.exe
    "C:\Users\Admin\AppData\Local\Temp\70d39aadf888c40ac8012a374502cd909e99d0245697dc552f1509516ee81dc8.exe"
    1⤵
      PID:3304
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:380
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3780
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1096
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4008
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3396
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4712
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3076
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4832
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of SendNotifyMessage
          PID:3920
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2168
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:2632
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:1288
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:2568
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:456
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:832
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:3016
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4656
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:872
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:1000
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2656
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4828
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1932
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                              • Modifies Installed Components in the registry
                              • Enumerates connected drives
                              • Checks SCSI registry key(s)
                              • Modifies registry class
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4712
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3740
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:972
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1864
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:1120
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                      • Modifies Installed Components in the registry
                                      • Enumerates connected drives
                                      • Checks SCSI registry key(s)
                                      • Modifies registry class
                                      • Suspicious use of SendNotifyMessage
                                      PID:2632
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:684
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4536
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1764
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3228
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2288
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4880
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4464
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1856
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                      • Modifies Internet Explorer settings
                                                      • Modifies registry class
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2568
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1200
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4824
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4088
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2208
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3652
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4368
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                  • Modifies registry class
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:2168
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4132
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3368
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3684
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4200
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4780
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3608
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4908
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4492
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3196
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3292
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:3288
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4572
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:464
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                            • Modifies Installed Components in the registry
                                                                                            • Enumerates connected drives
                                                                                            • Checks SCSI registry key(s)
                                                                                            • Modifies registry class
                                                                                            PID:456
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4560
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:1592
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2240
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:2712
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4656
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                      • Checks SCSI registry key(s)
                                                                                                      PID:2632
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:1388
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3380
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:64
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:3652
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:1348
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:2948
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:828
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:3292
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:1472
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:2088
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:4828
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:1228
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:1536
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2232
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:3952
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:1224
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:2680
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        explorer.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:4176
                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                          1⤵
                                                                                                                                            PID:4236
                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                            explorer.exe
                                                                                                                                            1⤵
                                                                                                                                              PID:5016

                                                                                                                                            Network

                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                            Replay Monitor

                                                                                                                                            Loading Replay Monitor...

                                                                                                                                            Downloads

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\46IOJ2Y1\microsoft.windows[1].xml
                                                                                                                                              Filesize

                                                                                                                                              96B

                                                                                                                                              MD5

                                                                                                                                              132893809ee21f6cc9bd8398d163fde8

                                                                                                                                              SHA1

                                                                                                                                              664b895e0f6ae4f8ed96f36dee355d4e554b29eb

                                                                                                                                              SHA256

                                                                                                                                              af9f28768de7e7f0f21d52b63003adb8fa1b563ab8e4a38bf361a7f51aa8d8d2

                                                                                                                                              SHA512

                                                                                                                                              a540b8cddd2684bf6d11480bc23200200414984b4520842db541e07021520fb6cf356492b7e2517cdd53718f4a8b6002d5268db4c085b5d1ab6ed3cc1973caa8

                                                                                                                                              Download Submit

                                                                                                                                            • memory/456-294-0x0000017399630000-0x0000017399650000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/456-49-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/456-296-0x0000017399A40000-0x0000017399A60000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/456-292-0x0000017399670000-0x0000017399690000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/684-129-0x0000021372F60000-0x0000021372F80000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/684-131-0x0000021372F20000-0x0000021372F40000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/684-133-0x0000021373330000-0x0000021373350000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/828-363-0x000001822BD40000-0x000001822BD60000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/828-365-0x000001822BD00000-0x000001822BD20000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/828-367-0x000001822C110000-0x000001822C130000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/1000-73-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/1120-121-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/1348-355-0x0000000002C90000-0x0000000002C91000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/1864-106-0x000001E49C370000-0x000001E49C390000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/1864-108-0x000001E49C330000-0x000001E49C350000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/1864-110-0x000001E49C740000-0x000001E49C760000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2168-199-0x000002385B5D0000-0x000002385B5F0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2168-201-0x000002385B590000-0x000002385B5B0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2168-203-0x000002385B9A0000-0x000002385B9C0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2240-308-0x00000000044C0000-0x00000000044C1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-168-0x0000000002B20000-0x0000000002B21000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-34-0x0000028D58C40000-0x0000028D58C60000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-37-0x0000028D58C00000-0x0000028D58C20000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-39-0x0000028D59010000-0x0000028D59030000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/2632-27-0x0000000004E00000-0x0000000004E01000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3016-62-0x0000029FD6C10000-0x0000029FD6C30000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3016-59-0x0000029FD6800000-0x0000029FD6820000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3016-57-0x0000029FD6840000-0x0000029FD6860000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3196-261-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3228-146-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3288-269-0x00000248EAD20000-0x00000248EAD40000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3288-271-0x00000248EA9E0000-0x00000248EAA00000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3288-273-0x00000248EB0F0000-0x00000248EB110000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3380-332-0x0000000003E30000-0x0000000003E31000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3608-238-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3652-342-0x0000024A7FD70000-0x0000024A7FD90000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3652-340-0x0000024A7FDB0000-0x0000024A7FDD0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3652-344-0x0000024200380000-0x00000242003A0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/3652-191-0x0000000003FE0000-0x0000000003FE1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3684-215-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3740-98-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4492-249-0x0000019DC5FD0000-0x0000019DC5FF0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4492-246-0x000001A5C7220000-0x000001A5C7240000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4492-251-0x000001A5C75E0000-0x000001A5C7600000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4572-284-0x0000000004070000-0x0000000004071000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4656-316-0x0000020C9AC90000-0x0000020C9ACB0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4656-320-0x0000020C9B060000-0x0000020C9B080000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4656-318-0x0000020C9AC50000-0x0000020C9AC70000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4712-3-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4780-226-0x000001C09D090000-0x000001C09D0B0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4780-229-0x000001C09D6A0000-0x000001C09D6C0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4780-223-0x000001C09D0D0000-0x000001C09D0F0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4824-177-0x0000026378BE0000-0x0000026378C00000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4824-180-0x00000263791F0000-0x0000026379210000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4824-175-0x0000026378E20000-0x0000026378E40000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4828-83-0x000002377B2E0000-0x000002377B300000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4828-85-0x000002377B900000-0x000002377B920000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4828-81-0x000002377B320000-0x000002377B340000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4832-14-0x000002AF4A740000-0x000002AF4A760000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4832-12-0x000002AF4A130000-0x000002AF4A150000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4832-10-0x000002AF4A170000-0x000002AF4A190000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4880-154-0x00000155953C0000-0x00000155953E0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4880-156-0x0000015595380000-0x00000155953A0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download

                                                                                                                                            • memory/4880-159-0x0000015595790000-0x00000155957B0000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              128KB

                                                                                                                                              Download