Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

aea8010694...27.exe

windows7-x64

8

aea8010694...27.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    27s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2023, 06:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aea80106945aa1d99efd90547ae53dbea8c64c5d55f8e88d7ea177c33ea43527.exe

  • Size

    2.7MB

  • MD5

    62f07351012d111b03e0e483856eb6e9

  • SHA1

    9b75ff86413f8f082755d77dc7dbd646046d98c9

  • SHA256

    aea80106945aa1d99efd90547ae53dbea8c64c5d55f8e88d7ea177c33ea43527

  • SHA512

    e45bf435493538e9b0398d478263697c4d288d709edb697bb47e113100417444e9fe2a062a45ddba130f5745d755ccb3df45f7ceb120c594baee9b4bcee90f05

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTluDVrOoUZBjh3:Q+8X9G3vP3AMUVKP3

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 8 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\aea80106945aa1d99efd90547ae53dbea8c64c5d55f8e88d7ea177c33ea43527.exe
    "C:\Users\Admin\AppData\Local\Temp\aea80106945aa1d99efd90547ae53dbea8c64c5d55f8e88d7ea177c33ea43527.exe"
    1⤵
      PID:3644
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:996
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1848
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4928
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3392
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4116
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SendNotifyMessage
        PID:4804
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2336
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4236
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3384
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:4508
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:4332
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3628
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:1160
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:4452
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:888
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4484
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3208
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4204
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1296
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4424
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4616
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2104
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1192
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1296
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:432
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3704
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2332
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2752
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4376
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1576
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4368
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:3848
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4536
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4628
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4576
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3712
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:2444
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4960
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:2164
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:2332
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4820
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4908
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:2284
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:2252
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:1504
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3340
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3412
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4496
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4104
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4884
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:1468
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4572
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4988
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:3620
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:3768
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4156
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:2336
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:4256
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:4648
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:1188
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:4084
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:4488
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:3920
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4376
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:1848
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:2776
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:3776
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:2208
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2852
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:1008
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:4024
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:1312
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        explorer.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:1992

                                                                                                                                        Network

                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                        Replay Monitor

                                                                                                                                        Loading Replay Monitor...

                                                                                                                                        Downloads

                                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                          Filesize

                                                                                                                                          471B

                                                                                                                                          MD5

                                                                                                                                          1229feb9159ffcbb03f63dc35db39773

                                                                                                                                          SHA1

                                                                                                                                          52de1325285bbd20fed303cbf56b113f3531497f

                                                                                                                                          SHA256

                                                                                                                                          1a1830716ed3c9efa87191e819f3e3f6775740a608a5e5a62c9833119c934db1

                                                                                                                                          SHA512

                                                                                                                                          a895410dd807a222dc1a0649e4d1ec6fbc010ba8cc0ec6a6e16f32cfc0e19b564b1430f2da6f5e605bdbb697394aa013c6469c2143da8f4308a0d60ac7daa231

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                          Filesize

                                                                                                                                          412B

                                                                                                                                          MD5

                                                                                                                                          196b4c0499b305f7e0de82ce546c9557

                                                                                                                                          SHA1

                                                                                                                                          157761558a32c009086646a458963668ce23a651

                                                                                                                                          SHA256

                                                                                                                                          e0989910e8f856d3fac722f1cf6cb947417e1d595b7fb7ee963d7335593b0fda

                                                                                                                                          SHA512

                                                                                                                                          df2fc50348445110d5957070bade969dc0044704030704f7b1264a3fc3415ecc6ac191920d7e7026389e34a4a99a223a6fb1c58037ac7973aa89ea2a33be0903

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                          Filesize

                                                                                                                                          2KB

                                                                                                                                          MD5

                                                                                                                                          54f002c605106116311598bea8c7fb83

                                                                                                                                          SHA1

                                                                                                                                          cfe02d8267815a025ee618cdb9daec244bf0dd3c

                                                                                                                                          SHA256

                                                                                                                                          db425ccdc696ed86d280803f73139ea26cc4d69940b4c04263758ba6fdbea3ff

                                                                                                                                          SHA512

                                                                                                                                          647b978bf11a95cff41c6964c9afca8167c553aa662123b3653e631415d75ecb3e7ea26d219c0f233c22a7fc8b7544af46c734e48a7642277e3d186eb045337f

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\GQQOXP13\microsoft.windows[1].xml
                                                                                                                                          Filesize

                                                                                                                                          96B

                                                                                                                                          MD5

                                                                                                                                          5b94dda8b3f9f4456023fe069e82cdb5

                                                                                                                                          SHA1

                                                                                                                                          debf7ca22c5d613cebf15520f6578830450ad8ac

                                                                                                                                          SHA256

                                                                                                                                          84a7082c6e62fb0ea8c2d573fb9910aa711014724a4a6717f4588963f23974f9

                                                                                                                                          SHA512

                                                                                                                                          14134d08241d33ce1cc4bbcdbf753e550b72f9fa36ac91d0f96efa303fd320f755af42c70f16d8912f52c7e72ca9d7c0502ae6bbba1b91e48b4ff7e9ea917019

                                                                                                                                          Download Submit

                                                                                                                                        • memory/1160-63-0x0000023FB4820000-0x0000023FB4840000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1160-61-0x0000023FB4420000-0x0000023FB4440000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1160-58-0x0000023FB4460000-0x0000023FB4480000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1188-350-0x0000027628CA0000-0x0000027628CC0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1188-353-0x0000027628C60000-0x0000027628C80000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1188-357-0x0000027629070000-0x0000027629090000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1192-106-0x00000200FA6B0000-0x00000200FA6D0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1192-103-0x00000200FA260000-0x00000200FA280000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1192-101-0x00000200FA2A0000-0x00000200FA2C0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1296-116-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/1468-281-0x000002125D060000-0x000002125D080000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1468-283-0x000002125D020000-0x000002125D040000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1468-285-0x000002125D430000-0x000002125D450000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1504-237-0x000001F116E40000-0x000001F116E60000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1504-239-0x000001F116E00000-0x000001F116E20000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/1504-241-0x000001F117200000-0x000001F117220000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2164-189-0x000001F747260000-0x000001F747280000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2164-191-0x000001F747220000-0x000001F747240000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2164-195-0x000001F747660000-0x000001F747680000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2284-229-0x0000000004520000-0x0000000004521000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/2332-139-0x0000000004980000-0x0000000004981000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/2332-204-0x00000000048F0000-0x00000000048F1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/2336-337-0x000001FCF56E0000-0x000001FCF5700000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2336-333-0x000001FCF5090000-0x000001FCF50B0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2336-330-0x000001FCF50D0000-0x000001FCF50F0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/2444-182-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3340-254-0x0000000004330000-0x0000000004331000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3620-312-0x000001E4F8140000-0x000001E4F8160000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3620-309-0x000001E4F7D30000-0x000001E4F7D50000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3620-307-0x000001E4F7D70000-0x000001E4F7D90000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3704-129-0x00000149E6AC0000-0x00000149E6AE0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3704-126-0x00000149E64B0000-0x00000149E64D0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3704-124-0x00000149E64F0000-0x00000149E6510000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/3768-322-0x0000000002970000-0x0000000002971000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/3848-161-0x0000000004420000-0x0000000004421000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4104-273-0x0000000004990000-0x0000000004991000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4116-20-0x00000239B8400000-0x00000239B8420000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4116-14-0x00000239B8030000-0x00000239B8050000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4116-17-0x00000239B7FF0000-0x00000239B8010000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4204-84-0x000001841E260000-0x000001841E280000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4204-90-0x000001841E630000-0x000001841E650000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4204-86-0x000001841E220000-0x000001841E240000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4236-30-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4256-342-0x0000000004BB0000-0x0000000004BB1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4332-50-0x00000000040F0000-0x00000000040F1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4376-147-0x0000021762540000-0x0000021762560000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4376-153-0x0000021762950000-0x0000021762970000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4376-149-0x0000021762500000-0x0000021762520000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4484-76-0x00000000049E0000-0x00000000049E1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4496-264-0x000001AEABCF0000-0x000001AEABD10000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4496-267-0x000001AEAC300000-0x000001AEAC320000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4496-261-0x000001AEABD30000-0x000001AEABD50000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4508-43-0x0000021883CC0000-0x0000021883CE0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4508-40-0x00000218836A0000-0x00000218836C0000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4508-38-0x00000218836E0000-0x0000021883700000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4572-299-0x0000000004980000-0x0000000004981000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4616-95-0x00000000042B0000-0x00000000042B1000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download

                                                                                                                                        • memory/4628-172-0x000001511C140000-0x000001511C160000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4628-168-0x000001511BD70000-0x000001511BD90000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4628-170-0x000001511BD30000-0x000001511BD50000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4908-214-0x00000267C29E0000-0x00000267C2A00000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4908-212-0x00000267C2C20000-0x00000267C2C40000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4908-216-0x00000267C2FF0000-0x00000267C3010000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          128KB

                                                                                                                                          Download

                                                                                                                                        • memory/4928-7-0x0000000003F90000-0x0000000003F91000-memory.dmp

                                                                                                                                          Filesize

                                                                                                                                          4KB

                                                                                                                                          Download