Overview

overview

8

Static

static

3

a5c8204b94...74.exe

windows7-x64

8

a5c8204b94...74.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    27s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2023 10:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5c8204b94faa1ecdd377d03985bccb56e77b17487b53a110a7fd53c35018874.exe

  • Size

    3.2MB

  • MD5

    c43fce7a1816958a5ad73300555899c4

  • SHA1

    09cf51138535c0ecce7aa7b82908ac4d599edd2c

  • SHA256

    a5c8204b94faa1ecdd377d03985bccb56e77b17487b53a110a7fd53c35018874

  • SHA512

    ffe715c0aacde9311f2bcad11ab2784516a26679595c78b650ec734d58cd763914cf85179978d3305be7177bbca53441b004fd9847e5a9b54784af7c9ad47875

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlw+tM7nKgoUQh0bx9zHTrK:Q+8X9G3vP3AMu20KKM0jXO

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 6 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5c8204b94faa1ecdd377d03985bccb56e77b17487b53a110a7fd53c35018874.exe
    "C:\Users\Admin\AppData\Local\Temp\a5c8204b94faa1ecdd377d03985bccb56e77b17487b53a110a7fd53c35018874.exe"
    1⤵
      PID:4440
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1660
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:3952
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2880
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:4672
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4080
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1684
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:3436
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            • Suspicious use of SendNotifyMessage
            PID:4264
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:2344
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:5096
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:4688
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Modifies Internet Explorer settings
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:2396
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              PID:3620
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:4020
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:4252
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:2612
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:4996
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:1860
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:3988
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:2120
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:2288
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:884
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:4124
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3480
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4292
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:1120
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3716
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:4152
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4616
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2260
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1680
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4328
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1696
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1040
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1112
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:5104
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:3772
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2608
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4888
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:5056
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:2044
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                      • Modifies Installed Components in the registry
                                                                      • Enumerates connected drives
                                                                      • Checks SCSI registry key(s)
                                                                      • Modifies registry class
                                                                      • Suspicious use of SendNotifyMessage
                                                                      PID:5096
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:3488
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:1688
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2340
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4824
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:4696
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3772
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3632
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:2836
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3656
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:1796
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4876
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2612
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3588
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2412
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:4948
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:1868
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:1156
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:3596
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:3396
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:2656
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:3404
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3416
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:3480
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:3684
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4548
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:2020
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:112
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:836
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:3520
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:1856
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:184
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:3092
                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                      explorer.exe
                                                                                                                                      1⤵
                                                                                                                                        PID:4772
                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                        1⤵
                                                                                                                                          PID:3416
                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                          1⤵
                                                                                                                                            PID:4244
                                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                                            explorer.exe
                                                                                                                                            1⤵
                                                                                                                                              PID:3452
                                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                              1⤵
                                                                                                                                                PID:2836

                                                                                                                                              Network

                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                              Replay Monitor

                                                                                                                                              Loading Replay Monitor...

                                                                                                                                              Downloads

                                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                                Filesize

                                                                                                                                                471B

                                                                                                                                                MD5

                                                                                                                                                4457348ffb6677a1e3a91cb2f4557544

                                                                                                                                                SHA1

                                                                                                                                                1df8c2fbfce71f7d83e7725f7eaba9e2c8090bd0

                                                                                                                                                SHA256

                                                                                                                                                d71daa46393a3ce3c8f83fe692ef9cbcb72300a7d3ed14991e6be2492a6a1510

                                                                                                                                                SHA512

                                                                                                                                                51648f252f29b9860aa1e7b2f8dc2a3e0c5bacf5e0d12655c6f03d7661cba5b8ffc8633dba2b8ea6936a62ac10cdee7d3729b9133ae1f403703832674cc4dbe2

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                                Filesize

                                                                                                                                                412B

                                                                                                                                                MD5

                                                                                                                                                7dde9e24ce4b43cf1769ea4c92153b87

                                                                                                                                                SHA1

                                                                                                                                                2c72dc731bee9235ed9094f1887df483b210f221

                                                                                                                                                SHA256

                                                                                                                                                9c0565563ad001471633bc92f4549c2a495e1fe990483646efa6a89960988b62

                                                                                                                                                SHA512

                                                                                                                                                55fae3f582cbc1ebb81fe9ce32d78ef05d1380b0877f08b3c92fa3c54672ac4edd5db17b90dcf6d9ac50e105a97d2ebbc7ee220728d636eae4cd22f9c00e9cda

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FR0C0F3G\microsoft.windows[1].xml
                                                                                                                                                Filesize

                                                                                                                                                96B

                                                                                                                                                MD5

                                                                                                                                                5426c0681ee66ed3021273f6fcd7e199

                                                                                                                                                SHA1

                                                                                                                                                29e65be02a135ba67ab533efb26fc2fd6c9c74e4

                                                                                                                                                SHA256

                                                                                                                                                02cf46498057464de6f2d37087294473686824e5cb9ab940c972a03be9542403

                                                                                                                                                SHA512

                                                                                                                                                d6763f9e2646b052971e2be5033dd4966b9f77de767a9342a41705a3583525ec98a4b46475f1068e62200c35d88eb395ecc6a8dcb01b23c4c0f011c7540c0537

                                                                                                                                                Download Submit

                                                                                                                                              • memory/1112-196-0x000001ADC9280000-0x000001ADC92A0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1112-198-0x000001ADC9240000-0x000001ADC9260000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1112-201-0x000001ADC9650000-0x000001ADC9670000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1120-139-0x000001AB0FF80000-0x000001AB0FFA0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1120-135-0x000001AB0FB70000-0x000001AB0FB90000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1120-132-0x000001AB0FBB0000-0x000001AB0FBD0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1156-325-0x00000000047E0000-0x00000000047E1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/1696-189-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/1860-85-0x000001A26E4D0000-0x000001A26E4F0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1860-91-0x000001A26E8A0000-0x000001A26E8C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1860-87-0x000001A26E490000-0x000001A26E4B0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1868-314-0x00000212530F0000-0x0000021253110000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1868-309-0x0000021252D20000-0x0000021252D40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/1868-311-0x00000212529E0000-0x0000021252A00000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2260-165-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/2288-113-0x00000255A8A30000-0x00000255A8A50000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2288-110-0x00000255A8620000-0x00000255A8640000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2288-108-0x00000255A8660000-0x00000255A8680000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2340-244-0x000001F7EA540000-0x000001F7EA560000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2340-246-0x000001F7EA500000-0x000001F7EA520000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2340-248-0x000001F7EA910000-0x000001F7EA930000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2396-41-0x000002DBB7630000-0x000002DBB7650000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2396-39-0x000002DBB7670000-0x000002DBB7690000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2396-43-0x000002DBB7A40000-0x000002DBB7A60000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2412-301-0x0000000004320000-0x0000000004321000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/2608-212-0x0000000004620000-0x0000000004621000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/2612-77-0x0000000004500000-0x0000000004501000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/2836-272-0x0000025DF3AA0000-0x0000025DF3AC0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2836-265-0x0000025DF34C0000-0x0000025DF34E0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/2836-267-0x0000025DF3480000-0x0000025DF34A0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3396-339-0x0000019046210000-0x0000019046230000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3396-332-0x0000019045E00000-0x0000019045E20000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3396-335-0x0000019045DC0000-0x0000019045DE0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3416-345-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3436-17-0x0000019895B70000-0x0000019895B90000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3436-20-0x0000019895F80000-0x0000019895FA0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3436-15-0x0000019895BB0000-0x0000019895BD0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3480-124-0x0000000004660000-0x0000000004661000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3488-236-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3620-55-0x0000000004720000-0x0000000004721000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3656-277-0x0000000004420000-0x0000000004421000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3684-353-0x0000010B4A2A0000-0x0000010B4A2C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3684-355-0x0000010B4A260000-0x0000010B4A280000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3684-357-0x0000010B4A880000-0x0000010B4A8A0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/3716-144-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3772-257-0x0000000002E30000-0x0000000002E31000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/3988-100-0x0000000004160000-0x0000000004161000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/4080-8-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download

                                                                                                                                              • memory/4252-62-0x000001C3457B0000-0x000001C3457D0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4252-64-0x000001C345770000-0x000001C345790000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4252-67-0x000001C345B80000-0x000001C345BA0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4328-175-0x000001906C7D0000-0x000001906C7F0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4328-177-0x000001906CEE0000-0x000001906CF00000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4328-173-0x000001906CB20000-0x000001906CB40000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4616-150-0x000001DF836E0000-0x000001DF83700000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4616-153-0x000001DF836A0000-0x000001DF836C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4616-155-0x000001DF83CC0000-0x000001DF83CE0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4876-289-0x00000285F99B0000-0x00000285F99D0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4876-287-0x00000285F93A0000-0x00000285F93C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/4876-285-0x00000285F93E0000-0x00000285F9400000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/5056-224-0x0000024CD43A0000-0x0000024CD43C0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/5056-222-0x0000024CD3F90000-0x0000024CD3FB0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/5056-220-0x0000024CD3FD0000-0x0000024CD3FF0000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                128KB

                                                                                                                                                Download

                                                                                                                                              • memory/5096-31-0x0000000004920000-0x0000000004921000-memory.dmp

                                                                                                                                                Filesize

                                                                                                                                                4KB

                                                                                                                                                Download