Overview

overview

8

Static

static

3

4e1bd73483...b3.exe

windows7-x64

8

4e1bd73483...b3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    40s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4e1bd7348398cd0bf5cc54f9ec8506f59cb8ff1c019841345e1020938b68d8b3.exe

  • Size

    2.8MB

  • MD5

    8e5b1a9b1002c733b749c1071a8dadd2

  • SHA1

    90a93ded6b5572991c30bcca1423b35af0fbfd3a

  • SHA256

    4e1bd7348398cd0bf5cc54f9ec8506f59cb8ff1c019841345e1020938b68d8b3

  • SHA512

    2214e57620cf8842a7c2b28719245735dbce6477c018a1c90198530dcd3344fc4b2e01e8fec8b3d289014c011638c3585396f0be835300c341bb4a377be33a0e

  • SSDEEP

    49152:D7TvfU+8X9GrNOsva5RbKhF3ANkTTlvPd+BhlVfu3xBKcgb:Q+8X9G3vP3AMlPd+77uCH

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e1bd7348398cd0bf5cc54f9ec8506f59cb8ff1c019841345e1020938b68d8b3.exe
    "C:\Users\Admin\AppData\Local\Temp\4e1bd7348398cd0bf5cc54f9ec8506f59cb8ff1c019841345e1020938b68d8b3.exe"
    1⤵
      PID:3088
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1344
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2760
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1380
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3312
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2396
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4624
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4392
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:3532
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:712
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4620
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4240
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2552
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:1812
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:3780
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:656
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:1248
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:4304
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:3360
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:3612
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:2300
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:4712
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3956
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4848
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4912
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3108
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:5096
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Suspicious use of SetWindowsHookEx
                          PID:712
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:1392
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:392
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2448
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3568
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                  • Modifies registry class
                                  • Suspicious use of SetWindowsHookEx
                                  PID:2552
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:3124
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:2904
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4596
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:1760
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3356
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4084
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:4872
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4940
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4260
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:228
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:3644
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:3124
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:1464
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3544
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:4480
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3880
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4048
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:2296
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4204
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3548
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4440
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3380
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2400
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4676
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1428
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:2164
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1392
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:3956
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:2552
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3556
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:1332
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4092

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                  Filesize

                                                                                                  471B

                                                                                                  MD5

                                                                                                  eaefbc8a7aff289b5c7916717bed1f92

                                                                                                  SHA1

                                                                                                  e78cf69ea8805f083ddabbab29c675753ed81555

                                                                                                  SHA256

                                                                                                  07b7338e63a59d68f7901bb2942a11fcb97eac798efb7008f0c37622a063b70a

                                                                                                  SHA512

                                                                                                  e1f41b1b75e6a0651529a9046f7c9e1c8616ce62099a6515a0d60ae4c32781d483873d2fc62990f5bc7a1da8269c18455c65c2650dfaf0bbe7930d6dd478c28a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                  Filesize

                                                                                                  412B

                                                                                                  MD5

                                                                                                  241bc7d0e6f4d054053a40c7d5831d2f

                                                                                                  SHA1

                                                                                                  b488527e74af9e3ba94024b066a8a1dba547f4a4

                                                                                                  SHA256

                                                                                                  0882b3659f5ff7e9be1120a9354eebc3e5797f7c8bd0deac704c948ff98576fa

                                                                                                  SHA512

                                                                                                  f647308dd62d0d85bc78263dd41dedfdcd3d913936448be2b02e4d2e45f381422e24ce4b2fc6da493565038578fe00939384658370dbca0add4828b4cb7d8f77

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  88dfc9796ba8468d342010cb5c267967

                                                                                                  SHA1

                                                                                                  f705567f1a16db5bc1b5543fbf278ccec4ef763d

                                                                                                  SHA256

                                                                                                  90a633dd480b39fc32548fb24df04bb27487a217174c43b432cb3d2d7270492a

                                                                                                  SHA512

                                                                                                  eef81f88e003a9a28c7c9ca4880eea778ad144834b07a9235e0cbdc6c93a64a73fdcd7bea02e941940d492ed4d7ee5a59216fa047190f6202874a78bd434c5de

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RFIQ8E9C\microsoft.windows[1].xml
                                                                                                  Filesize

                                                                                                  97B

                                                                                                  MD5

                                                                                                  d29cfa822a15eef844d4f05c7fb5aaf7

                                                                                                  SHA1

                                                                                                  f01670666dbc94107bf6a8579c67946946655962

                                                                                                  SHA256

                                                                                                  21f6c06d5fa13da5796b9a7c610bf833a5c79a772243933c3ed87044d3a1a83a

                                                                                                  SHA512

                                                                                                  b32bb1637fc985fd81e03a798a45664b79a978e66a13bf528c65dce965485b523f129c74b5f896b6f23496004a1b2f4eae04888293b304aa9b39340d86248c5c

                                                                                                  Download Submit

                                                                                                • memory/228-269-0x0000024E75640000-0x0000024E75660000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/228-273-0x0000024E75A10000-0x0000024E75A30000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/228-271-0x0000024E75600000-0x0000024E75620000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/712-157-0x000001FF5AB40000-0x000001FF5AB60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/712-156-0x000001FF5A730000-0x000001FF5A750000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/712-154-0x000001FF5A770000-0x000001FF5A790000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1248-89-0x0000024DA4850000-0x0000024DA4870000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1248-91-0x0000024DA4C60000-0x0000024DA4C80000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1248-87-0x0000024DA4890000-0x0000024DA48B0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1392-169-0x0000000004020000-0x0000000004021000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/1464-295-0x00000224E2930000-0x00000224E2950000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1464-297-0x00000224E2D40000-0x00000224E2D60000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1464-292-0x00000224E2970000-0x00000224E2990000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1760-225-0x000002A0BB030000-0x000002A0BB050000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1760-227-0x000002A0BB440000-0x000002A0BB460000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1760-223-0x000002A0BB070000-0x000002A0BB090000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1812-64-0x0000022615460000-0x0000022615480000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1812-66-0x0000022615420000-0x0000022615440000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/1812-68-0x0000022615820000-0x0000022615840000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2396-8-0x00000000041C0000-0x00000000041C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/2400-362-0x000001C52A840000-0x000001C52A860000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2400-369-0x000001C52AC10000-0x000001C52AC30000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2400-365-0x000001C52A800000-0x000001C52A820000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2448-181-0x00000255C81A0000-0x00000255C81C0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2448-177-0x00000255C7BD0000-0x00000255C7BF0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2448-179-0x00000255C7B90000-0x00000255C7BB0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/2904-216-0x00000000047A0000-0x00000000047A1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3108-146-0x0000000004330000-0x0000000004331000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3124-204-0x00000222999F0000-0x0000022299A10000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3124-202-0x00000222993E0000-0x0000022299400000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3124-200-0x0000022299620000-0x0000022299640000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3356-239-0x00000000045C0000-0x00000000045C1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3380-355-0x0000000004E00000-0x0000000004E01000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3532-32-0x00000000044F0000-0x00000000044F1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3544-307-0x0000000004650000-0x0000000004651000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3568-192-0x0000000004330000-0x0000000004331000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3612-109-0x000001BC3B040000-0x000001BC3B060000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3612-107-0x000001BC3B080000-0x000001BC3B0A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3612-111-0x000001BC3B450000-0x000001BC3B470000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3644-284-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3780-79-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/3880-315-0x0000027C053E0000-0x0000027C05400000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3880-317-0x0000027C053A0000-0x0000027C053C0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3880-319-0x0000027C05AB0000-0x0000027C05AD0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/3956-123-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4048-330-0x0000000004FD0000-0x0000000004FD1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4204-342-0x00000197EA880000-0x00000197EA8A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4204-340-0x00000197EA270000-0x00000197EA290000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4204-338-0x00000197EA2B0000-0x00000197EA2D0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4240-56-0x0000000004660000-0x0000000004661000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4304-99-0x0000000002B60000-0x0000000002B61000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download

                                                                                                • memory/4392-15-0x000002679C2B0000-0x000002679C2D0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4392-19-0x000002679C680000-0x000002679C6A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4392-17-0x000002679C270000-0x000002679C290000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4620-42-0x000001E998620000-0x000001E998640000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4620-45-0x000001E998A20000-0x000001E998A40000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4620-40-0x000001E998660000-0x000001E998680000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4872-251-0x000002832C650000-0x000002832C670000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4872-246-0x000002832C280000-0x000002832C2A0000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4872-248-0x000002832C240000-0x000002832C260000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4912-135-0x000002918DC10000-0x000002918DC30000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4912-133-0x000002918D800000-0x000002918D820000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4912-131-0x000002918D840000-0x000002918D860000-memory.dmp

                                                                                                  Filesize

                                                                                                  128KB

                                                                                                  Download

                                                                                                • memory/4940-261-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  Download