Resubmissions

22-02-2024 12:58

240222-p7qe4ahh87 10

22-02-2024 12:58

240222-p7hegshf4t 10

21-02-2024 14:52

240221-r83g6ahd51 10

21-02-2024 13:15

240221-qhgbkafg2t 10

19-02-2024 11:43

240219-nv2rxsdc55 10

18-02-2024 23:40

240218-3n9lhsff8w 10

Analysis

  • max time kernel
    89s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2024 23:40

General

  • Target

    253012a62bc1d805c8c0b1bbf936c6f0.exe

  • Size

    2.4MB

  • MD5

    253012a62bc1d805c8c0b1bbf936c6f0

  • SHA1

    33728ba8f5ad3a4f0e1a5d6890022c377c0c00f8

  • SHA256

    a25e2487bb4b638d6333d652db58532f3f29dd5ddb7711f70f52e0e61e8d3f51

  • SHA512

    06842aab184f35c855dbf450534f9de7d66bb5923d0119c3ada19a08dc9f5c2b287321c571cf8b4727927517c6dabe37130e7b9a6eed4892159112ab6e45f57f

  • SSDEEP

    24576:j+G047epooYKZYzX1HWvWKz4E+hhf4udB2mMmsZJlrA9yoiO2V0KcJx3UnpLco7r:B047epoC8cWKssZfM9m1AJxUFr

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 15 IoCs
  • Stops running service(s) 3 TTPs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 32 IoCs
  • Registers COM server for autorun 1 TTPs 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 48 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\253012a62bc1d805c8c0b1bbf936c6f0.exe
    "C:\Users\Admin\AppData\Local\Temp\253012a62bc1d805c8c0b1bbf936c6f0.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" stop ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:1040
    • C:\Windows\system32\sc.exe
      "C:\Windows\system32\sc.exe" start ep_dwm_D17F1E1A-5919-4427-8F89-A1A8503CA3EB
      2⤵
      • Launches sc.exe
      PID:3836
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:2088
    • C:\Windows\system32\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll"
      2⤵
      • Loads dropped DLL
      • Registers COM server for autorun
      • Modifies registry class
      PID:1092
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3820
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:3764
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:3744
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4820
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4536
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4848
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:428
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1768
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1268
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1416
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    PID:3812
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4144
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4340
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:1756
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Loads dropped DLL
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1612
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:216
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:820
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3144
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2820
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4840
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4528
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4032
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2740
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of SetWindowsHookEx
      PID:1512
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1660
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2192
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1396
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4148
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2376
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1388
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4060
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1524
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3564
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:1796
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:2172
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Loads dropped DLL
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2004
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:2124
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2684
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Loads dropped DLL
        PID:4968
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:4196
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:3700
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:2112
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:224
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:3984
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1780
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:5044
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:3848
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:3644
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:1620
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:4380
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:4972
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:4136
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4936
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:636
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:1416
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:3616
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:5012
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4860
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:1016
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:2632
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:868
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:5048
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:412
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2324
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:1136
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:1416
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:4232
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:624
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4288
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3208
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:2840

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Program Files\ExplorerPatcher\WebView2Loader.dll

                                                                        Filesize

                                                                        136KB

                                                                        MD5

                                                                        c44baed957b05b9327bd371dbf0dbe99

                                                                        SHA1

                                                                        80b48c656b8555ebc588de3de0ec6c7e75ae4bf1

                                                                        SHA256

                                                                        ad8bb426a8e438493db4d703242f373d9cb36d8c13e88b6647cd083716e09bef

                                                                        SHA512

                                                                        ad1b76594dca7cde6bbcde55bc3abe811f9e903e2cf6613d49201e14e789cfc763cb528d499dd2db84db097a210d63c7d88cc909ca1c836d831e3519c2ce7b35

                                                                      • C:\Program Files\ExplorerPatcher\ep_gui.dll

                                                                        Filesize

                                                                        702KB

                                                                        MD5

                                                                        50fac6e71b1693c8601e5edfe2314c0c

                                                                        SHA1

                                                                        ffc45bf1c9a5b0f2ca59d5057335ae79c84306d4

                                                                        SHA256

                                                                        3c362868f6740606f86b38c5d492f714265ef67bb9b29f64882bdc4a5519621e

                                                                        SHA512

                                                                        800700b79f227131a76d32e4e8c4073e0906ffe28f1e4d67e7f964747280faf56eabb72bf1520f42abc1a28869d35c956eb094eaf4ce6ed96ab4d4d314ccf391

                                                                      • C:\Program Files\ExplorerPatcher\ep_weather_host.dll

                                                                        Filesize

                                                                        238KB

                                                                        MD5

                                                                        74d2a253680034bfc1c8b24f3bd777ac

                                                                        SHA1

                                                                        1a00fb3b4628002149fe560a7e231f0bc4a6e97b

                                                                        SHA256

                                                                        52a99a4d45e8847decea13d49ef9aea5ebb629d6f810b6d529df344b9f632299

                                                                        SHA512

                                                                        f3351fb54790e01cf69b66c824a934d9beb8866140a97823d79c18400b8ece845ed71070c5ec2cb21c6f17560fb462794e66b4bc3354e79ef552094c22944063

                                                                      • C:\Program Files\ExplorerPatcher\ep_weather_host_stub.dll

                                                                        Filesize

                                                                        109KB

                                                                        MD5

                                                                        578479c0c09270e357ca9a9320a2540a

                                                                        SHA1

                                                                        4e0fe7abb9b760004995e95103e28796e986cceb

                                                                        SHA256

                                                                        f5a33582ac070a90d214d26e70d05f72df1885a8626a837bbe6ff731cd22ed82

                                                                        SHA512

                                                                        d0ce12ea49e268bfd55c9d72a380ad7c5c23d406124cc917c0d745979f19ff7688fad7c094d118c1d9efdaf66cd66f17daea03e7eb122d24d8571a79620e9954

                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                        Filesize

                                                                        471B

                                                                        MD5

                                                                        d17eb6610dbe36ef4fb738c8da508c54

                                                                        SHA1

                                                                        1f589216976b49cf425a3aeefef7a3be62437fe0

                                                                        SHA256

                                                                        287c274908f66acc3e76292f4ca48904feae3d16858c7e0ffe55fc0e50664f98

                                                                        SHA512

                                                                        73a32e4d80a16f0ec8fe4bb016d491fd70a74db0a622976d3787cc6a4dd186d0fb30d984b156ed52a7d72c44e55aa3fdd0e287077ad27a92a99557eaddf56a2c

                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                        Filesize

                                                                        412B

                                                                        MD5

                                                                        abc2c018c9b1e9b67fff8fa951de73ae

                                                                        SHA1

                                                                        bc36409c22fa18875096679cbefcdb76b1292ba7

                                                                        SHA256

                                                                        ea5386d77c2508d327b5b48951530b71a3cad49bef56bfef08d1274c176c6ab0

                                                                        SHA512

                                                                        64e0d3816134be577aca914e1dab4e8e0a2a536ff3d6f36d2a17f0e0b7dbe740e944f55746129d281cc386a472fcbc5236d0c092ded8f0c6e5e662c3e277236d

                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\V50TXLKS\microsoft.windows[1].xml

                                                                        Filesize

                                                                        97B

                                                                        MD5

                                                                        0dd9849d7dcb276fe7952fbef01f27d2

                                                                        SHA1

                                                                        696b4212cc8a84291f88203695dbfe81567db0b9

                                                                        SHA256

                                                                        ab905cb2e3d901f2d2e2abbe041717c3c220c2fbf8f5a6b84554246918e1ccd0

                                                                        SHA512

                                                                        7c9ee87c2c2a4bb137141e1fdf4d5f64e3873c734dc3848bc98d9f4c5511c11124a700ce84c927ad8d76f6afbd3f8fa653a70f744927517249fda132767ca715

                                                                      • C:\Windows\dxgi.dll

                                                                        Filesize

                                                                        627KB

                                                                        MD5

                                                                        38fa7926c879b55635a697a6f49cb034

                                                                        SHA1

                                                                        539cfcee9654ed2a7b04236d3cd907224e1f6d87

                                                                        SHA256

                                                                        8c1c2a374dc65a688837c3fc1c689b66bc9c2cd57209e576084710aa00c44ea3

                                                                        SHA512

                                                                        5b8d9cc0e8ef425263aba02b1c539517c16d596ecd31f4c647bc4d6eea86211312527c92be486bb8f739ae114704467467e71dcf68ef2f10ae1909e185a494d4

                                                                      • C:\Windows\dxgi.dll

                                                                        Filesize

                                                                        128KB

                                                                        MD5

                                                                        b19ddc5f9f51cd8ac6aaee73c44c78a4

                                                                        SHA1

                                                                        18177570b2f4f9b1992afcc48573f6adda863667

                                                                        SHA256

                                                                        1d1d8fccc6211892eb789d841d095306ca1079cc6f1bce3f30c37ab3621cbd4c

                                                                        SHA512

                                                                        19fff9dfa5d93d9c17c22945d880c6738e523086c794c598f526ffb2e5c28f4b4aaeee3f6cc38b119846b40dc963f0c21b892515b3ed744c0cdf9b9db9455f9b

                                                                      • memory/3744-89-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-94-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-90-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-92-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-91-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-75-0x00007FFDA0B50000-0x00007FFDA128F000-memory.dmp

                                                                        Filesize

                                                                        7.2MB

                                                                      • memory/3744-88-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-87-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-86-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-93-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-85-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-84-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3744-83-0x00007FFD9FB10000-0x00007FFD9FCB1000-memory.dmp

                                                                        Filesize

                                                                        1.6MB

                                                                      • memory/3744-82-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-81-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-80-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-79-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-78-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-77-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3744-76-0x00007FFDA0B50000-0x00007FFDA128F000-memory.dmp

                                                                        Filesize

                                                                        7.2MB

                                                                      • memory/3820-34-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-43-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-47-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-48-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-49-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-50-0x00007FFD8A710000-0x00007FFD8AD36000-memory.dmp

                                                                        Filesize

                                                                        6.1MB

                                                                      • memory/3820-51-0x00007FFD89E20000-0x00007FFD8A413000-memory.dmp

                                                                        Filesize

                                                                        5.9MB

                                                                      • memory/3820-52-0x00007FFD942F0000-0x00007FFD94342000-memory.dmp

                                                                        Filesize

                                                                        328KB

                                                                      • memory/3820-54-0x00007FFD942F0000-0x00007FFD94342000-memory.dmp

                                                                        Filesize

                                                                        328KB

                                                                      • memory/3820-55-0x00007FFD942F0000-0x00007FFD94342000-memory.dmp

                                                                        Filesize

                                                                        328KB

                                                                      • memory/3820-56-0x00007FFD96230000-0x00007FFD96276000-memory.dmp

                                                                        Filesize

                                                                        280KB

                                                                      • memory/3820-53-0x00007FFD942F0000-0x00007FFD94342000-memory.dmp

                                                                        Filesize

                                                                        328KB

                                                                      • memory/3820-57-0x00007FFD8AEC0000-0x00007FFD8B0D9000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-58-0x00007FFD8AEC0000-0x00007FFD8B0D9000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-59-0x00007FFD93470000-0x00007FFD934C0000-memory.dmp

                                                                        Filesize

                                                                        320KB

                                                                      • memory/3820-65-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-66-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-62-0x00007FFD96BF0000-0x00007FFD96C2B000-memory.dmp

                                                                        Filesize

                                                                        236KB

                                                                      • memory/3820-61-0x00007FFD93470000-0x00007FFD934C0000-memory.dmp

                                                                        Filesize

                                                                        320KB

                                                                      • memory/3820-45-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-44-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-46-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-42-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-41-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-40-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-39-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-38-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-37-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-36-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-35-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-33-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-32-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-31-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-30-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-28-0x00007FFD9FB10000-0x00007FFD9FCB1000-memory.dmp

                                                                        Filesize

                                                                        1.6MB

                                                                      • memory/3820-29-0x00007FF7A1EF0000-0x00007FF7A238D000-memory.dmp

                                                                        Filesize

                                                                        4.6MB

                                                                      • memory/3820-27-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-26-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-25-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-24-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-23-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-22-0x00007FFD93130000-0x00007FFD93350000-memory.dmp

                                                                        Filesize

                                                                        2.1MB

                                                                      • memory/3820-21-0x00007FFDA0B50000-0x00007FFDA128F000-memory.dmp

                                                                        Filesize

                                                                        7.2MB

                                                                      • memory/3820-20-0x00007FFDA0B50000-0x00007FFDA128F000-memory.dmp

                                                                        Filesize

                                                                        7.2MB