Overview

overview

10

Static

static

3

Nv.exe

windows7-x64

10

Nv.exe

windows10-2004-x64

10

NvSmartMax.dll

windows7-x64

1

NvSmartMax.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    34s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/02/2024, 03:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nv.exe

  • Size

    46KB

  • MD5

    09b8b54f78a10c435cd319070aa13c28

  • SHA1

    6474d0369f97e72e01e4971128d1062f5c2b3656

  • SHA256

    523d28df917f9d265cd2c0d38df26277bc56a535145100ed82e6f5fdeaae7256

  • SHA512

    c1f2f5c4aa5eb55d255e22db032da954a38a0204fb4d9bc76042f140f1b1e171944aa09b0eb11159323a8b9f33974c73fd32a4f76d976aaa8a16cc9c60a34ca7

  • SSDEEP

    768:Ep+QDJgY/OTFStOWjmyPTc+6lye958TZLWMmSbC9X:Epj9IexPANL58TZaDaC9

Score
10/10
plugxpersistencetrojan

Malware Config

Signatures

  • Detects PlugX payload 21 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 14 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nv.exe
    "C:\Users\Admin\AppData\Local\Temp\Nv.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3660
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1860
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4180
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5076
  • C:\ProgramData\SxS\Nv.exe
    "C:\ProgramData\SxS\Nv.exe" 100 3660
    1⤵
    • Deletes itself
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:864
  • C:\ProgramData\SxS\Nv.exe
    "C:\ProgramData\SxS\Nv.exe" 200 0
    1⤵
      PID:3804
      • C:\Windows\SysWOW64\svchost.exe
        C:\Windows\system32\svchost.exe 201 0
        2⤵
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3688
        • C:\Windows\SysWOW64\msiexec.exe
          C:\Windows\system32\msiexec.exe 209 3688
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4884
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1528
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3180
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4612
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1772
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:5012
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2264
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of SendNotifyMessage
          PID:5116
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:5088
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2444
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2264
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3544
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:4284
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
            • Modifies Installed Components in the registry
            • Enumerates connected drives
            • Checks SCSI registry key(s)
            • Modifies registry class
            PID:3748
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4752
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4996
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2512
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4764
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1236
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2268
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4832
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4192
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:2336
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:3500
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4076
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2304
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4996
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4992
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:972
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                          • Checks SCSI registry key(s)
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          PID:3180
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2336
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3932
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4136
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2864
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2952
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4980
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4740
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3708
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3236
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:5092
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3524
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3872
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3664
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4324
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3212
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3548
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:744
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4564
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4064
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3852
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3508
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3692
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:1052
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3400
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:1420
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3368
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4292
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3668
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2196
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3868
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4356
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:2960
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:2604
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4324
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:3920
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:2104
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:984
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:3632
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:4800
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:2068
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:2988
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:2964
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:2864

                                                                                                                              Network

                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                194.178.17.96.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                194.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                                194.178.17.96.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                a96-17-178-194deploystaticakamaitechnologiescom
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                67.31.126.40.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                67.31.126.40.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              • flag-us
                                                                                                                                DNS
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                Remote address:
                                                                                                                                8.8.8.8:53
                                                                                                                                Request
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                IN PTR
                                                                                                                                Response
                                                                                                                              No results found
                                                                                                                              • 8.8.8.8:53
                                                                                                                                194.178.17.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 137 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                194.178.17.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                13.86.106.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                 157 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                13.86.106.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                67.31.126.40.in-addr.arpa
                                                                                                                                dns
                                                                                                                                71 B
                                                                                                                                 157 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                67.31.126.40.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                95.221.229.192.in-addr.arpa
                                                                                                                                dns
                                                                                                                                73 B
                                                                                                                                 144 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                95.221.229.192.in-addr.arpa

                                                                                                                              • 10.127.255.255:53
                                                                                                                                dns
                                                                                                                                svchost.exe
                                                                                                                                2.0kB
                                                                                                                                 14
                                                                                                                              • 8.8.8.8:53
                                                                                                                                exchange.from-sc.com
                                                                                                                                dns
                                                                                                                                svchost.exe
                                                                                                                                66 B
                                                                                                                                 127 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                exchange.from-sc.com

                                                                                                                              • 8.8.8.8:53
                                                                                                                                133.211.185.52.in-addr.arpa
                                                                                                                                dns
                                                                                                                                73 B
                                                                                                                                 147 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                133.211.185.52.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                26.165.165.52.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 146 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                26.165.165.52.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                56.126.166.20.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 158 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                56.126.166.20.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                18.134.221.88.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 137 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                18.134.221.88.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                180.178.17.96.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 137 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                180.178.17.96.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                21.236.111.52.in-addr.arpa
                                                                                                                                dns
                                                                                                                                72 B
                                                                                                                                 158 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                21.236.111.52.in-addr.arpa

                                                                                                                              • 8.8.8.8:53
                                                                                                                                exchange.from-sc.com
                                                                                                                                dns
                                                                                                                                svchost.exe
                                                                                                                                66 B
                                                                                                                                 127 B
                                                                                                                                 1
                                                                                                                                1

                                                                                                                                DNS Request

                                                                                                                                exchange.from-sc.com

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\ProgramData\SxS\Nv.exe
                                                                                                                                Filesize

                                                                                                                                46KB

                                                                                                                                MD5

                                                                                                                                09b8b54f78a10c435cd319070aa13c28

                                                                                                                                SHA1

                                                                                                                                6474d0369f97e72e01e4971128d1062f5c2b3656

                                                                                                                                SHA256

                                                                                                                                523d28df917f9d265cd2c0d38df26277bc56a535145100ed82e6f5fdeaae7256

                                                                                                                                SHA512

                                                                                                                                c1f2f5c4aa5eb55d255e22db032da954a38a0204fb4d9bc76042f140f1b1e171944aa09b0eb11159323a8b9f33974c73fd32a4f76d976aaa8a16cc9c60a34ca7

                                                                                                                                Download Submit

                                                                                                                              • C:\ProgramData\SxS\Nv.mp3
                                                                                                                                Filesize

                                                                                                                                120KB

                                                                                                                                MD5

                                                                                                                                5ef7c3bcbc11cd02c95e509b226eebe9

                                                                                                                                SHA1

                                                                                                                                794a90212d226628c8ce4441c3418c1ecca0e3b8

                                                                                                                                SHA256

                                                                                                                                3d64e638f961b922398e2efaf75504da007e41ea979f213f8eb4f83e00efeebb

                                                                                                                                SHA512

                                                                                                                                c86f464f736125d8fb499efe2555cae1aea5d67fbf15be816883e058ad9107eb399d3ade6c5afe811a2eb59ebdc1d52c992124359fa26085a650eb940fe2eae4

                                                                                                                                Download Submit

                                                                                                                              • C:\ProgramData\SxS\NvSmartMax.dll
                                                                                                                                Filesize

                                                                                                                                20KB

                                                                                                                                MD5

                                                                                                                                0b21678ed8e2b117344cfceba8f097dd

                                                                                                                                SHA1

                                                                                                                                db53bb022cb6de016713f1570f2ae501f20f9c76

                                                                                                                                SHA256

                                                                                                                                eaaa7899b37a3b04dcd02ad6d51e83e035be535f129773621ef0f399a2a98ee3

                                                                                                                                SHA512

                                                                                                                                182268649b360f44f021570ddc9290f5051a8be556ffd66355bc325027ba48c5fe824e1bea925411bdaef4c17e0f3d81a1d3c710b59c4462540d567da625a41a

                                                                                                                                Download Submit

                                                                                                                              • C:\ProgramData\SxS\bug.log
                                                                                                                                Filesize

                                                                                                                                622B

                                                                                                                                MD5

                                                                                                                                aff9dd90b16865f6ddad11be971a5d2d

                                                                                                                                SHA1

                                                                                                                                a2cae18a8c8416baadde9a52988a86ec54a80585

                                                                                                                                SHA256

                                                                                                                                40862649590f14b3201dd7d81118f3e9e9974ce5ce4597f4958611e9b057bf54

                                                                                                                                SHA512

                                                                                                                                0a179d59f6df97d817414cdbf9f4b8536b09366224292bda6b341d44a83520b4af80feeb77349ac46972596168d38844b14f311b53e272c220d2e7fff1994492

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                Filesize

                                                                                                                                471B

                                                                                                                                MD5

                                                                                                                                f88eb318fff764fe8440dded8828cde3

                                                                                                                                SHA1

                                                                                                                                427186c062dd91426f74923d48e22e18a8c7cdf3

                                                                                                                                SHA256

                                                                                                                                f1e52fce23f5dbb23fb877275d6eac9f12a114f6ebf634f6e2a58a23272ee5f5

                                                                                                                                SHA512

                                                                                                                                605d5fa520c8ed02d0e08e4152a4fb5b8f3bb9234347753f01ffe6c9354ab7d94e28e14116410276f20677b864878f14adc85543a1ba16d610bac8f40acfa937

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                Filesize

                                                                                                                                412B

                                                                                                                                MD5

                                                                                                                                cfd58c0577a6d564054cb080e89e8a7d

                                                                                                                                SHA1

                                                                                                                                859fc09435c17c118cca18b19f1bae8f61009b38

                                                                                                                                SHA256

                                                                                                                                13c817c0d3ce4d678a59fb10c2320c19945c18180fbb3986e11d8ac2a50c662e

                                                                                                                                SHA512

                                                                                                                                1ea5b9f931dbe2a6b34c1f633a8ba475a9f6b31c6866859caa55195f0cf33a6431cde6487095a74349c1938ad1a9c96404f37edea9a06559d82953b4f9abb426

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UA6WZR2N\microsoft.windows[1].xml
                                                                                                                                Filesize

                                                                                                                                96B

                                                                                                                                MD5

                                                                                                                                b97f6e2cc1520a2e8426851cb68f3b0f

                                                                                                                                SHA1

                                                                                                                                33a930fe90facb202ec3cd87ca0275af9dd20155

                                                                                                                                SHA256

                                                                                                                                a3546f0c8e475abc90346821be3c3d67f522161ea876c3d14247ba6d79a2b5aa

                                                                                                                                SHA512

                                                                                                                                9b3771942ffce17a52d4c0598bd0d4bb8f196c8731e5b129524b3d9507d411895e4c43d84479f06e5fb28c3403d6b0ec63b97f3a3cdb598873d17fd637abd06a

                                                                                                                                Download Submit

                                                                                                                              • memory/864-67-0x0000000002170000-0x00000000021A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/864-28-0x0000000002170000-0x00000000021A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/1236-176-0x0000022AE3CA0000-0x0000022AE3CC0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1236-181-0x0000022AE4280000-0x0000022AE42A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1236-178-0x0000022AE3C60000-0x0000022AE3C80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1772-76-0x000001D0C7FA0000-0x000001D0C7FC0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1772-82-0x000001D0C8400000-0x000001D0C8420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1772-79-0x000001D0C7F60000-0x000001D0C7F80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2264-122-0x00000000042F0000-0x00000000042F1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2268-189-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2336-212-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2444-106-0x000001CA8EAF0000-0x000001CA8EB10000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2444-110-0x000001CA8F0C0000-0x000001CA8F0E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2444-108-0x000001CA8EAB0000-0x000001CA8EAD0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2512-169-0x0000000004010000-0x0000000004011000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3180-69-0x00000000038C0000-0x00000000038C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3660-0-0x0000000002160000-0x0000000002260000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3660-2-0x00000000022B0000-0x00000000022E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3660-44-0x00000000022B0000-0x00000000022E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-54-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-35-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3688-62-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-166-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-52-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3688-66-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-59-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-60-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-53-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-39-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-37-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3688-55-0x0000000001430000-0x0000000001460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3748-144-0x0000000004A10000-0x0000000004A11000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3804-33-0x0000000000E40000-0x0000000000E70000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/3804-38-0x0000000000E40000-0x0000000000E70000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4076-220-0x000001809DD70000-0x000001809DD90000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4076-224-0x000001809DD30000-0x000001809DD50000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4076-227-0x000001809E140000-0x000001809E160000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4192-203-0x0000028CB8200000-0x0000028CB8220000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4192-197-0x0000028CB7E30000-0x0000028CB7E50000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4192-199-0x0000028CB7DF0000-0x0000028CB7E10000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4284-132-0x000001C91F240000-0x000001C91F260000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4284-134-0x000001C91F650000-0x000001C91F670000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4284-129-0x000001C91F280000-0x000001C91F2A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4884-93-0x0000000001140000-0x0000000001141000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4884-187-0x00000000013F0000-0x0000000001420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4884-95-0x00000000013F0000-0x0000000001420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4884-94-0x00000000013F0000-0x0000000001420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4884-92-0x00000000013F0000-0x0000000001420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4884-91-0x0000000001080000-0x0000000001081000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4884-90-0x00000000013F0000-0x0000000001420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                192KB

                                                                                                                                Download

                                                                                                                              • memory/4996-156-0x0000023096960000-0x0000023096980000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4996-154-0x0000023096550000-0x0000023096570000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4996-152-0x0000023096590000-0x00000230965B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/5116-99-0x0000000002E20000-0x0000000002E21000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              We care about your privacy.

                                                                                                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.