Overview

overview

8

Static

static

3

0221173e23...74.exe

windows7-x64

8

0221173e23...74.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    36s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2023, 06:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0221173e2333ea600fa446cc22b51ab42a0710f4fca4b9ece28392a509931274.exe

  • Size

    3.2MB

  • MD5

    1449a3f4b370c5d1cc433e15d9a1f95a

  • SHA1

    36172a3bd5f9df1fbf145004dcb6459c0918e9d5

  • SHA256

    0221173e2333ea600fa446cc22b51ab42a0710f4fca4b9ece28392a509931274

  • SHA512

    2d5b9842619c4e7bdac40b9f6f7e08957806c608243321ce465925fd58b0fabc41222dec927022a3499e459db2cfcafe37501c79b2eb76206d636d807fdd368a

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTl1mj0IXorGvUHXG/zSc1:Q+8X9G3vP3AMrml3vUWbp1

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0221173e2333ea600fa446cc22b51ab42a0710f4fca4b9ece28392a509931274.exe
    "C:\Users\Admin\AppData\Local\Temp\0221173e2333ea600fa446cc22b51ab42a0710f4fca4b9ece28392a509931274.exe"
    1⤵
      PID:2952
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1672
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2508
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1596
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4444
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3864
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4920
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3840
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2740
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4152
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1992
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3852
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3600
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3660
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3588
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5044
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:3756
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:3040
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:968
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3392
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3608
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:1316
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3384
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4660
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:968
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3176
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4988
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:3900
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:888
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3968
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2700
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2352
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4988
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:2984
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4748
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:2792
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:1488
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:2552
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:4576
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4972
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4052
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4604
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2156
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3588
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:4064
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4604
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3804
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4204
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3512
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4680
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:2732
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3432
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:1904
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4620
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4376
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2524
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4388
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:1796
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1440
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4520
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:384
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3540
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4348
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:4552
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:3660
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3384
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:1764
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:2092
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:1196
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:2108
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:2808
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:3792
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:4732
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:1900
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:4220
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:1988
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                  PID:4192
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:3452
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:2944

                                                                                                                                    Network

                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                          Replay Monitor

                                                                                                                                          Loading Replay Monitor...

                                                                                                                                          Downloads

                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                            Filesize

                                                                                                                                            471B

                                                                                                                                            MD5

                                                                                                                                            8e43b483e148c93026dd83487a7fa3c5

                                                                                                                                            SHA1

                                                                                                                                            98e775e71da8afd24b353b355803632c8b8b3522

                                                                                                                                            SHA256

                                                                                                                                            a2e935c525dfa460e4721c29bc07023d3a939e6e1127c00203a76435cd5ff254

                                                                                                                                            SHA512

                                                                                                                                            6edd33f99b8a802e50468334dbd9390929de53b755a4b646f9c6426d757344caad1562b552ca19dfb352306c600011196766b803b9c38d8a57094d135a68543f

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                            Filesize

                                                                                                                                            412B

                                                                                                                                            MD5

                                                                                                                                            b7c09e276fffcaf3fc1750ab8836a00c

                                                                                                                                            SHA1

                                                                                                                                            2c6ae9d82d35c6a0e60e1c19f7f1fbddd2c42d4b

                                                                                                                                            SHA256

                                                                                                                                            6bb7d2c704ccf6d9996a53ab78ba08ecf265c112e89df5c47fc38f59f2d1b17f

                                                                                                                                            SHA512

                                                                                                                                            352d97920d992a89a03ec4c5e6c30ea25923cc5f6391d0f961be70253531b4e50e4f2ff4e79f77a1d3e0dea408abb4fcf270bc38d1cd881b66059c583b95fefc

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                            Filesize

                                                                                                                                            97B

                                                                                                                                            MD5

                                                                                                                                            82b066a0c26e9c3c026d421e012a093e

                                                                                                                                            SHA1

                                                                                                                                            2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                            SHA256

                                                                                                                                            a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                            SHA512

                                                                                                                                            4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                            Download Submit

                                                                                                                                          • memory/384-352-0x00000000046F0000-0x00000000046F1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/888-165-0x00000000041D0000-0x00000000041D1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/1488-211-0x0000000004D30000-0x0000000004D31000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/1596-8-0x00000000048F0000-0x00000000048F1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/1796-341-0x000002B791950000-0x000002B791970000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/1796-336-0x000002B791580000-0x000002B7915A0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/1796-338-0x000002B791540000-0x000002B791560000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/1904-317-0x000001E0A6140000-0x000001E0A6160000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/1904-314-0x000001E0A5D30000-0x000001E0A5D50000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/1904-312-0x000001E0A5D70000-0x000001E0A5D90000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2156-258-0x0000000002E30000-0x0000000002E31000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/2524-328-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/2700-172-0x000002115C870000-0x000002115C890000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2700-175-0x000002115C830000-0x000002115C850000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2700-177-0x000002115CC40000-0x000002115CC60000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2732-304-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/2740-42-0x0000020DF51F0000-0x0000020DF5210000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2740-39-0x0000020DF4BE0000-0x0000020DF4C00000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2740-37-0x0000020DF4E20000-0x0000020DF4E40000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2792-200-0x000002D842DB0000-0x000002D842DD0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2792-198-0x000002D8427A0000-0x000002D8427C0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2792-196-0x000002D8427E0000-0x000002D842800000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/2984-188-0x00000000042B0000-0x00000000042B1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/3040-95-0x0000000004100000-0x0000000004101000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/3176-142-0x0000000004780000-0x0000000004781000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/3384-125-0x000002462FA90000-0x000002462FAB0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3384-127-0x000002462FA50000-0x000002462FA70000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3384-129-0x0000024630060000-0x0000024630080000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3392-109-0x000001C29A9C0000-0x000001C29A9E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3392-106-0x000001C29A5B0000-0x000001C29A5D0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3392-102-0x000001C29A5F0000-0x000001C29A610000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3588-85-0x0000015F11260000-0x0000015F11280000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3588-87-0x0000015F11670000-0x0000015F11690000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3588-83-0x0000015F112A0000-0x0000015F112C0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3600-75-0x00000000035B0000-0x00000000035B1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/3608-117-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/3852-64-0x000001CEB0F70000-0x000001CEB0F90000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3852-62-0x000001CEB0B60000-0x000001CEB0B80000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3852-60-0x000001CEB0BA0000-0x000001CEB0BC0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3864-18-0x000001CD47D20000-0x000001CD47D40000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3864-16-0x000001CD475E0000-0x000001CD47600000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3864-14-0x000001CD47920000-0x000001CD47940000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3900-151-0x0000022E683C0000-0x0000022E683E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3900-154-0x0000022E689D0000-0x0000022E689F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/3900-149-0x0000022E68600000-0x0000022E68620000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4064-267-0x000002AADF080000-0x000002AADF0A0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4064-269-0x000002AADF490000-0x000002AADF4B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4064-265-0x000002AADF0C0000-0x000002AADF0E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4152-53-0x0000000003540000-0x0000000003541000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/4204-292-0x000002AF2B9C0000-0x000002AF2B9E0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4204-288-0x000002AF2B600000-0x000002AF2B620000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4204-290-0x000002AF2B3B0000-0x000002AF2B3D0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4348-366-0x0000017B838E0000-0x0000017B83900000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4348-363-0x0000017B83290000-0x0000017B832B0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4348-360-0x0000017B832D0000-0x0000017B832F0000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4576-221-0x0000018EC7900000-0x0000018EC7920000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4576-219-0x0000018EC7940000-0x0000018EC7960000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4576-223-0x0000018EC7D00000-0x0000018EC7D20000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4604-246-0x000002389A310000-0x000002389A330000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4604-244-0x0000023899F00000-0x0000023899F20000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4604-280-0x00000000048C0000-0x00000000048C1000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/4604-242-0x0000023899F40000-0x0000023899F60000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            128KB

                                                                                                                                            Download

                                                                                                                                          • memory/4920-30-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download

                                                                                                                                          • memory/4972-234-0x0000000004270000-0x0000000004271000-memory.dmp

                                                                                                                                            Filesize

                                                                                                                                            4KB

                                                                                                                                            Download