Overview

overview

8

Static

static

3

6f7fb8eb11...af.exe

windows7-x64

8

6f7fb8eb11...af.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2023, 12:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f7fb8eb1144e6b9d95bdb8cd7991c90a6f6ea92e96dfdae29d90584d939ddaf.exe

  • Size

    3.4MB

  • MD5

    df618c6bda8386eb0a29945628951d50

  • SHA1

    455109011bcbd3da507b1b3585b6e68bdcdae3ef

  • SHA256

    6f7fb8eb1144e6b9d95bdb8cd7991c90a6f6ea92e96dfdae29d90584d939ddaf

  • SHA512

    c7b78f89251b7e55c8e7d874c46298072c2152ef6326e8ee6e43bad43c9ea59210df62ffa74d79a950bf1498481f8639d0fcba5d3e12f98a788b47ccb3bba85a

  • SSDEEP

    49152:H7TvfU+8X9GrNOsva5RbKhF3ANkTTlXZKrW5c7thwL6zv2M2wh:c+8X9G3vP3AMOh/z+MTh

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 6 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\6f7fb8eb1144e6b9d95bdb8cd7991c90a6f6ea92e96dfdae29d90584d939ddaf.exe
    "C:\Users\Admin\AppData\Local\Temp\6f7fb8eb1144e6b9d95bdb8cd7991c90a6f6ea92e96dfdae29d90584d939ddaf.exe"
    1⤵
      PID:4064
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4040
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4676
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3692
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3760
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1944
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:2248
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4348
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3164
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2904
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:3760
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Modifies registry class
          PID:3436
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4284
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:752
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:1556
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3740
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2296
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1544
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:5112
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:4420
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:4244
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3188
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:4284
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:3924
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3300
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4220
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:3216
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:816
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4808
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:324
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4304
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4688
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2268
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4188
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4296
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4012
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:500
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:3472
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4904
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1944
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:2296
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:32
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:1836
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                      • Modifies Installed Components in the registry
                                                                      • Enumerates connected drives
                                                                      • Modifies registry class
                                                                      PID:1556
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4532
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4436
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4048
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3424
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3564
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4208
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3352
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4200
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:2040
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4784
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:380
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:2792
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:2036
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:5076
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3548
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:3964
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3388
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:3556
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:1588
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4476
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:3628
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:524
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:2624
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:1004
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:4808
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:720
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:2400
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:2248
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:4536
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:5108

                                                                                                                                Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8A7891822FCFF127E4EADADE9757112B
                                                                                                                                  Filesize

                                                                                                                                  1KB

                                                                                                                                  MD5

                                                                                                                                  164e759643eb779d13240fa1cfacf72a

                                                                                                                                  SHA1

                                                                                                                                  ca50036e6bca732e1a637fd72cac9eaf466343fe

                                                                                                                                  SHA256

                                                                                                                                  9b8b989aba79c1592e95ecf589a487ff6dc880a0f922ec087d3c44be36ce3c03

                                                                                                                                  SHA512

                                                                                                                                  012fae457fa8f0a71b2a6f91d5d9547149ab950af9ee61ca9a47a4c1795cfc255542254674978056d63d869d1a4ec0963a54e8921fd021ea728874f86866e324

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A7891822FCFF127E4EADADE9757112B
                                                                                                                                  Filesize

                                                                                                                                  246B

                                                                                                                                  MD5

                                                                                                                                  92f5941250654bc6338a6a6bf3be46eb

                                                                                                                                  SHA1

                                                                                                                                  0ef51cb1f8757fad1fca7d95f6e8e55da8e10066

                                                                                                                                  SHA256

                                                                                                                                  96896cbbf210a610539fecacfdf984f1b3901d424294f89b4158ccf4dc5bf89d

                                                                                                                                  SHA512

                                                                                                                                  53db81a0c395ae45735ef9c883639250ac541c8ff71b55100608c85f83d373b74374508662015c73ac0b3be33557e4daf8ce9fc480a24d11d8dd423c7ed76910

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133450424528537221.txt
                                                                                                                                  Filesize

                                                                                                                                  74KB

                                                                                                                                  MD5

                                                                                                                                  0770cd8fe6784708d08860d93a5cb762

                                                                                                                                  SHA1

                                                                                                                                  ec3a74a70a55ac4e73f6ccaf01a7f4b86ca45cf8

                                                                                                                                  SHA256

                                                                                                                                  77c4ad43697c8de81a391a842311a1331fb37da159dcfe94eaa23e193479b1c2

                                                                                                                                  SHA512

                                                                                                                                  40c0c9f1e3a29320f68248439afe28ab00eef45b3dfbb9a3cc743a2f83374e6c2e8f36c57131a2c1b840c9f99b6c58b29f40ed453b03cd16607745fedae8e511

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133450424528537221.txt
                                                                                                                                  Filesize

                                                                                                                                  74KB

                                                                                                                                  MD5

                                                                                                                                  0770cd8fe6784708d08860d93a5cb762

                                                                                                                                  SHA1

                                                                                                                                  ec3a74a70a55ac4e73f6ccaf01a7f4b86ca45cf8

                                                                                                                                  SHA256

                                                                                                                                  77c4ad43697c8de81a391a842311a1331fb37da159dcfe94eaa23e193479b1c2

                                                                                                                                  SHA512

                                                                                                                                  40c0c9f1e3a29320f68248439afe28ab00eef45b3dfbb9a3cc743a2f83374e6c2e8f36c57131a2c1b840c9f99b6c58b29f40ed453b03cd16607745fedae8e511

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PP0GIZJY\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  0dfaf78473f3abc4592af5efa3697131

                                                                                                                                  SHA1

                                                                                                                                  e726b34092196e52e4bced2e1a91fde0a4bdc5c8

                                                                                                                                  SHA256

                                                                                                                                  fbdc8ff459fcadbdd38ffc007ac8f401a87d0fef760732ecbed7404f2894ded8

                                                                                                                                  SHA512

                                                                                                                                  f36c3a0ff9673c555c0509cbfd8767d6a7dc0f2e6e64500b4499eca969e021ee2a8ad2b5bcc9a1391b22d4fa5b4a3e62f4b80ce89006c803374d562853f27c5b

                                                                                                                                  Download Submit

                                                                                                                                • memory/324-174-0x000002AA06620000-0x000002AA06640000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/324-176-0x000002AA063E0000-0x000002AA06400000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/324-179-0x000002AA069F0000-0x000002AA06A10000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/380-330-0x0000000004490000-0x0000000004491000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/752-80-0x000002523F360000-0x000002523F380000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/752-84-0x000002523F730000-0x000002523F750000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/752-82-0x000002523F320000-0x000002523F340000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/816-166-0x00000000040A0000-0x00000000040A1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1544-118-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1556-95-0x0000000004A00000-0x0000000004A01000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1556-260-0x00000000047F0000-0x00000000047F1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1588-378-0x000001D59DAC0000-0x000001D59DAE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1588-376-0x000001D59DB00000-0x000001D59DB20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1588-380-0x000001D59E0E0000-0x000001D59E100000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2036-344-0x0000025C7E240000-0x0000025C7E260000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2036-341-0x0000025C7DE30000-0x0000025C7DE50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2036-338-0x0000025C7DE70000-0x0000025C7DE90000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2248-48-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2268-200-0x000001754BA20000-0x000001754BA40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2268-202-0x000001754BE30000-0x000001754BE50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2268-197-0x000001754BA60000-0x000001754BA80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-103-0x000001CC86A30000-0x000001CC86A50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-244-0x0000027F31540000-0x0000027F31560000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-106-0x000001CC869F0000-0x000001CC86A10000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-108-0x000001CC86E00000-0x000001CC86E20000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-250-0x0000027F31910000-0x0000027F31930000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2296-247-0x0000027F31500000-0x0000027F31520000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3164-60-0x0000023E5B980000-0x0000023E5B9A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3164-58-0x0000023E5B570000-0x0000023E5B590000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3164-56-0x0000023E5B5B0000-0x0000023E5B5D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3388-369-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3436-72-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3472-225-0x00000292E03C0000-0x00000292E03E0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3472-223-0x00000292DFDB0000-0x00000292DFDD0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3472-221-0x00000292E0000000-0x00000292E0020000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3564-291-0x000001E8D5770000-0x000001E8D5790000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3564-295-0x000001E8D5B40000-0x000001E8D5B60000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3564-293-0x000001E8D5730000-0x000001E8D5750000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3760-22-0x00000000049E0000-0x00000000049E1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3964-361-0x000001A241BD0000-0x000001A241BF0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3964-358-0x000001A241E20000-0x000001A241E40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3964-364-0x000001A2421E0000-0x000001A242200000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4012-213-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4048-284-0x0000000004820000-0x0000000004821000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4200-307-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4244-141-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4284-149-0x0000026185A20000-0x0000026185A40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4284-154-0x0000026186000000-0x0000026186020000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4284-151-0x00000261859E0000-0x0000026185A00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4304-189-0x0000000004F40000-0x0000000004F41000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4420-131-0x0000016E858A0000-0x0000016E858C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4420-126-0x0000016E852D0000-0x0000016E852F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4420-129-0x0000016E85290000-0x0000016E852B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4436-270-0x000001A646DA0000-0x000001A646DC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4436-272-0x000001A6473C0000-0x000001A6473E0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4436-268-0x000001A646DE0000-0x000001A646E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4676-33-0x000001B240400000-0x000001B240420000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4676-31-0x000001B23FFF0000-0x000001B240010000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4676-29-0x000001B240030000-0x000001B240050000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4784-317-0x000001F8C91E0000-0x000001F8C9200000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4784-319-0x000001F8C98F0000-0x000001F8C9910000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4784-315-0x000001F8C9520000-0x000001F8C9540000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4904-237-0x0000000004A10000-0x0000000004A11000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/5076-351-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download