Analysis

  • max time kernel
    32s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2023, 14:42

General

  • Target

    0d3a76e1312cd0cafa352a11b0bd4f8008306fa893737cadddb2de3b4a6e0460.exe

  • Size

    3.3MB

  • MD5

    153bb22f1dffdefb57143387d96cae22

  • SHA1

    d62827ce1fe512b2e7763736d7e30a3b4021f8a9

  • SHA256

    0d3a76e1312cd0cafa352a11b0bd4f8008306fa893737cadddb2de3b4a6e0460

  • SHA512

    696e1ec4d2290f6d94e6729b91cc6a3667d2bf4e0bdb6c59414ee7623487c347cfb9344aca6dc13eb25db596793c081a71123caff0bb304cd4ae7b8ce2416772

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlxGF5S3+c7iE//PtYqD:c+8X9G3vP3AMeI+c+EHzD

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 6 IoCs
  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d3a76e1312cd0cafa352a11b0bd4f8008306fa893737cadddb2de3b4a6e0460.exe
    "C:\Users\Admin\AppData\Local\Temp\0d3a76e1312cd0cafa352a11b0bd4f8008306fa893737cadddb2de3b4a6e0460.exe"
    1⤵
      PID:1780
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4256
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:772
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5096
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:212
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2248
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1688
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1556
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3264
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1208
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:3980
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:1792
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:1596
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2956
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:3336
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:1260
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3820
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3564
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3256
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:572
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:236
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4452
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2752
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3872
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:1460
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3972
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4200
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4860
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3252
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4492
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1532
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3280
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3008
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:5048
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2068
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                              • Modifies Installed Components in the registry
                                              • Enumerates connected drives
                                              • Checks SCSI registry key(s)
                                              • Modifies registry class
                                              • Suspicious use of SendNotifyMessage
                                              PID:1208
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:2428
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:1088
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4172
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1032
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4260
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3540
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:1464
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2100
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:864
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:1096
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:1316
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:1336
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4384
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4044
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:1096
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:8
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4632
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4308
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3464
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4248
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1556
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:1344
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:416
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:5008
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4376
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3888
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2960
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4312
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2924
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:872
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4816
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4680
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2212
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3848
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:216
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4064
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:2516
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:2388
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:3000
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:3356
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:3480
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:4264
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:4988
                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                    explorer.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:3052
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:684
                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                        1⤵
                                                                                                                                          PID:4284

                                                                                                                                        Network

                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ANTV7B43\microsoft.windows[1].xml

                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                4114b63fafc98d9307dc8bfae1c379cd

                                                                                                                                                SHA1

                                                                                                                                                8959adf99facaf14c6be813470286c448b0e0b44

                                                                                                                                                SHA256

                                                                                                                                                f93f1cffd4688bc4cd9e3dfb2ee84a1f53f40d966cab8542c5863906faaf197f

                                                                                                                                                SHA512

                                                                                                                                                51eb95339b914b6674922ad2635a193ae1fb1d008c35f03cc8664c46e4f124389a884d7854268c90ac7883102f9a98483e0019a269070b7d6a96fcc70c937723

                                                                                                                                              • memory/8-331-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/572-97-0x0000000004C00000-0x0000000004C01000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1032-249-0x000001F8A51C0000-0x000001F8A51E0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1032-244-0x000001F8A4DF0000-0x000001F8A4E10000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1032-247-0x000001F8A4DB0000-0x000001F8A4DD0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1088-236-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1096-290-0x0000019622FE0000-0x0000019623000000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1096-319-0x00000227D16A0000-0x00000227D16C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1096-317-0x00000227D1090000-0x00000227D10B0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1096-315-0x00000227D10D0000-0x00000227D10F0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1096-292-0x0000019622FA0000-0x0000019622FC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1096-294-0x00000196235B0000-0x00000196235D0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1208-49-0x00000000040D0000-0x00000000040D1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1460-128-0x00000135725C0000-0x00000135725E0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1460-131-0x0000013572580000-0x00000135725A0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1460-134-0x0000013572990000-0x00000135729B0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1464-267-0x000002949B100000-0x000002949B120000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1464-270-0x000002949ADC0000-0x000002949ADE0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1464-273-0x000002949B4D0000-0x000002949B4F0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1532-179-0x0000020419E20000-0x0000020419E40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1532-176-0x0000020419A20000-0x0000020419A40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1532-174-0x0000020419A60000-0x0000020419A80000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1556-359-0x0000017697F20000-0x0000017697F40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1556-361-0x0000017697BD0000-0x0000017697BF0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1556-363-0x0000017698370000-0x0000017698390000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1688-26-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/1792-59-0x00000249D6FD0000-0x00000249D6FF0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1792-61-0x00000249D76E0000-0x00000249D7700000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/1792-57-0x00000249D7320000-0x00000249D7340000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2068-213-0x0000000004340000-0x0000000004341000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2100-282-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/2248-11-0x0000016C3ADE0000-0x0000016C3AE00000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2248-9-0x0000016C3B120000-0x0000016C3B140000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2248-14-0x0000016C3B4F0000-0x0000016C3B510000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2428-225-0x0000020086DF0000-0x0000020086E10000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2428-223-0x00000200867E0000-0x0000020086800000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2428-221-0x0000020086A20000-0x0000020086A40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/2752-120-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3252-166-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3264-38-0x000001E5B4BF0000-0x000001E5B4C10000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3264-36-0x000001E5B45E0000-0x000001E5B4600000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3264-34-0x000001E5B4820000-0x000001E5B4840000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3280-190-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3336-73-0x0000000004550000-0x0000000004551000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3464-352-0x0000000004410000-0x0000000004411000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/3820-81-0x000001B4EBB70000-0x000001B4EBB90000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3820-85-0x000001B4EBF40000-0x000001B4EBF60000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3820-83-0x000001B4EBB30000-0x000001B4EBB50000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/3972-144-0x0000000004A90000-0x0000000004A91000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4260-259-0x0000000002890000-0x0000000002891000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4308-342-0x0000029B774A0000-0x0000029B774C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4308-339-0x0000029B770D0000-0x0000029B770F0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4308-341-0x0000029B77090000-0x0000029B770B0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4384-306-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                              • memory/4452-105-0x0000012C374E0000-0x0000012C37500000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4452-107-0x0000012C374A0000-0x0000012C374C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4452-109-0x0000012C37AC0000-0x0000012C37AE0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4860-153-0x00000211F3B50000-0x00000211F3B70000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4860-151-0x00000211F3B90000-0x00000211F3BB0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/4860-155-0x00000211F3F60000-0x00000211F3F80000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/5048-198-0x000001E608D90000-0x000001E608DB0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/5048-201-0x000001E608D50000-0x000001E608D70000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/5048-204-0x000001E609160000-0x000001E609180000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                              • memory/5096-3-0x0000000004150000-0x0000000004151000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB