Overview

overview

8

Static

static

3

d5ca86c159...5c.exe

windows7-x64

8

d5ca86c159...5c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    34s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2023 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5ca86c159163c8ea662b46d8a39ab589ffc47825355b3fae0b23162af4bbd5c.exe

  • Size

    2.8MB

  • MD5

    176354099bf447ae332a808d1acce979

  • SHA1

    54697a26c891e9282e1621301bd95ff4e7171988

  • SHA256

    d5ca86c159163c8ea662b46d8a39ab589ffc47825355b3fae0b23162af4bbd5c

  • SHA512

    512cf16ef1ab0c8508143b3a3c08bb295251589f018c9c71d736fdb29eae2b8213a1ecd957502ba01aaba017c910de27c37cbc3bbc0f2ff37c97955291ac1f3a

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlB4mTBU7EhaIUYou2:Q+8X9G3vP3AM1Va0D2

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5ca86c159163c8ea662b46d8a39ab589ffc47825355b3fae0b23162af4bbd5c.exe
    "C:\Users\Admin\AppData\Local\Temp\d5ca86c159163c8ea662b46d8a39ab589ffc47825355b3fae0b23162af4bbd5c.exe"
    1⤵
      PID:2612
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2816
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2568
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4548
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:952
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:4456
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3056
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1512
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:3864
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:224
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:404
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:3412
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:1596
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:1508
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:3992
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:464
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Suspicious use of SetWindowsHookEx
            PID:4748
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:2728
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4248
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:2672
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:988
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1416
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:2648
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:2460
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:2188
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3788
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:3188
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3528
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3176
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3828
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:3656
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:3392
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:2824
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1976
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3492
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2856
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:2440
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3432
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3692
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:5100
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:3212
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:2284
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3608
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4876
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3236
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2608
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:4952
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3980
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:3300
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4500
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:2824
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1196
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3476
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4652
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4076
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:2820
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3156
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:3928
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3188
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3432
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:3792
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:5100
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:3324
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3028
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:2156
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3832
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:1868
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4244
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3320
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:3684
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:4636
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4980
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:1496
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:5020
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:3792
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:3288
                                                                                                                              • C:\Windows\explorer.exe
                                                                                                                                explorer.exe
                                                                                                                                1⤵
                                                                                                                                • Checks SCSI registry key(s)
                                                                                                                                PID:464
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2920
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:2428

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                    Filesize

                                                                                                                                    471B

                                                                                                                                    MD5

                                                                                                                                    1a45b85bfabf0ea3977146d124cb7c60

                                                                                                                                    SHA1

                                                                                                                                    47abb6e5700a6b025d33cf276eac625e45f02a58

                                                                                                                                    SHA256

                                                                                                                                    513c25298482ef475b15ab35c2356f91642f6ba9ac95c1a97f379b42055fc0f2

                                                                                                                                    SHA512

                                                                                                                                    fe7f8a397bc4133887e5ea1661b6135b4c2ecfe9faaedac63a50c5795c60771c7050d62e99d66b53465e781f03007b12f49816b3b8a4804bf9fc91e5c1c80bd5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                    Filesize

                                                                                                                                    412B

                                                                                                                                    MD5

                                                                                                                                    a052cccb0571baa1321364b647e04b12

                                                                                                                                    SHA1

                                                                                                                                    8a14a4b5e70ef0893f0f0b3247181ac4cbeaf1f1

                                                                                                                                    SHA256

                                                                                                                                    38dac18f1a3068eb92c57f72c876c61a78e6d3f3d321a423824316c20101f46f

                                                                                                                                    SHA512

                                                                                                                                    f425b12b28b4db2eb89de582629ad3937fd01555bfdbe3012f46686e1735d4898d7c02afc7c89290d6638e5173ea7829d80afb5f71b8dc199cfb8fd058c28c85

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    82b066a0c26e9c3c026d421e012a093e

                                                                                                                                    SHA1

                                                                                                                                    2e4493ff239034dd93befa48a286616fa1222526

                                                                                                                                    SHA256

                                                                                                                                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                                                                                                                                    SHA512

                                                                                                                                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                                                                                                                                    Download Submit

                                                                                                                                  • memory/404-40-0x000001EE9FFD0000-0x000001EE9FFF0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/404-42-0x000001EEA06E0000-0x000001EEA0700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/404-38-0x000001EEA0320000-0x000001EEA0340000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/464-54-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/988-85-0x000002458D5E0000-0x000002458D600000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/988-88-0x000002458D5A0000-0x000002458D5C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/988-91-0x000002458DBB0000-0x000002458DBD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1196-286-0x000002119D490000-0x000002119D4B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1196-288-0x000002119D450000-0x000002119D470000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1196-290-0x000002119DA60000-0x000002119DA80000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1416-100-0x0000000003170000-0x0000000003171000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1512-15-0x00000205246D0000-0x00000205246F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1512-17-0x0000020524690000-0x00000205246B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1512-21-0x0000020524CA0000-0x0000020524CC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2188-123-0x0000000004780000-0x0000000004781000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2284-236-0x0000000002D50000-0x0000000002D51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2460-113-0x0000018B058A0000-0x0000018B058C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2460-110-0x0000018B05490000-0x0000018B054B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2460-108-0x0000018B054D0000-0x0000018B054F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2728-62-0x0000027580940000-0x0000027580960000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2728-64-0x0000027580900000-0x0000027580920000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2728-66-0x0000027580D10000-0x0000027580D30000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2824-170-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2856-194-0x00000000028F0000-0x00000000028F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3156-314-0x00000284FD690000-0x00000284FD6B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3156-312-0x00000284FD280000-0x00000284FD2A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3156-310-0x00000284FD2C0000-0x00000284FD2E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3188-133-0x0000028ADFDA0000-0x0000028ADFDC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3188-135-0x0000028AE03B0000-0x0000028AE03D0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3188-131-0x0000028ADFDE0000-0x0000028ADFE00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3212-224-0x000002ABB0620000-0x000002ABB0640000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3212-226-0x000002ABB03D0000-0x000002ABB03F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3212-230-0x000002ABB09E0000-0x000002ABB0A00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3236-254-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3324-359-0x000001D1C8DB0000-0x000001D1C8DD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3324-357-0x000001D1C9000000-0x000001D1C9020000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3324-361-0x000001D1C93C0000-0x000001D1C93E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3392-159-0x000001EB5FE10000-0x000001EB5FE30000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3392-155-0x000001EB5FA40000-0x000001EB5FA60000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3392-157-0x000001EB5FA00000-0x000001EB5FA20000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-201-0x0000012CE0A10000-0x0000012CE0A30000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-340-0x0000024E33830000-0x0000024E33850000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-203-0x0000012CE09D0000-0x0000012CE09F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-335-0x0000024E33420000-0x0000024E33440000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-205-0x0000012CE0DE0000-0x0000012CE0E00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3432-333-0x0000024E33460000-0x0000024E33480000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3492-180-0x00000175E45C0000-0x00000175E45E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3492-178-0x00000175E4600000-0x00000175E4620000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3492-182-0x00000175E49D0000-0x00000175E49F0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3692-216-0x00000000043B0000-0x00000000043B1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3792-349-0x00000000040D0000-0x00000000040D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3828-147-0x0000000003070000-0x0000000003071000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3864-30-0x0000000004470000-0x0000000004471000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3928-325-0x00000000048A0000-0x00000000048A1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4076-302-0x0000000004350000-0x0000000004351000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4248-77-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4456-9-0x0000000004D10000-0x0000000004D11000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4500-278-0x00000000048F0000-0x00000000048F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4876-244-0x000001F163500000-0x000001F163520000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4876-246-0x000001F163910000-0x000001F163930000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4876-242-0x000001F163540000-0x000001F163560000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4952-267-0x00000274B3030000-0x00000274B3050000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4952-265-0x00000274B2C20000-0x00000274B2C40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4952-262-0x00000274B2C60000-0x00000274B2C80000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download