Analysis

  • max time kernel
    76s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 12:39

General

  • Target

    cb6e7a008d3fcb2527e84356399e8ca7.exe

  • Size

    282KB

  • MD5

    cb6e7a008d3fcb2527e84356399e8ca7

  • SHA1

    74110cfdacb330884c68b1f704883167b26f96a3

  • SHA256

    8870fa9991ddb431424378c780ef391c2d4dc32c1b3bb377b03f6eb5f47447a9

  • SHA512

    e6c90afd52a1779dd1996a69c81dcba7d03aee3153a4aea412d6ed63b5330456767462ff24d75ff68bc3157b9e05b306ce06cdb99ef4f53909b1ca7139c5c894

  • SSDEEP

    6144:crPrsEYF57R69Um+nEY0kqk4PXzCPamiHtRNCI6X:2sXF9R6ym+skK07mKX

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Disables taskbar notifications via registry modification
  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe
    "C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe
      C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe startC:\Users\Admin\AppData\Roaming\724F6\85E65.exe%C:\Users\Admin\AppData\Roaming\724F6
      2⤵
        PID:1288
      • C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe
        C:\Users\Admin\AppData\Local\Temp\cb6e7a008d3fcb2527e84356399e8ca7.exe startC:\Program Files (x86)\F62EA\lvvm.exe%C:\Program Files (x86)\F62EA
        2⤵
          PID:3412
        • C:\Program Files (x86)\LP\65A7\B5E2.tmp
          "C:\Program Files (x86)\LP\65A7\B5E2.tmp"
          2⤵
          • Executes dropped EXE
          PID:5464
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4984
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3716
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2104
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3604
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5108
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2392
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:644
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2996
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of SendNotifyMessage
        PID:5200
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5616
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5772
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5168
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4056
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:220
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5096
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5392
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5656
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5208
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2316
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4784
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:6064
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4028
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5180
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5720
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4528
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:6140
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3500
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5512
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4440
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4760
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5224
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4084
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:5288
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1352
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2564
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:6128
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3536
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4728
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:5152
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3628
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:6072
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:8
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3812
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:5448
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3552
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3192
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:5248
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:6020
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3956
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:5792
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4264
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3836
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3396
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:784
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2244
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:5796
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:1848
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:2176
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2920
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1940
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:5952
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:1712
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:5956
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3808
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:5280
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:5156
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:5512
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3792
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:6140
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4760
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:5620
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:5124
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3488
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:2472
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1700
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3204
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1144
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4960
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:4712
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:5632
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:2212
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3120

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files (x86)\LP\65A7\B5E2.tmp

                                                                                                      Filesize

                                                                                                      99KB

                                                                                                      MD5

                                                                                                      9d83b6d4629b9d0e96bbdb171b0dc5db

                                                                                                      SHA1

                                                                                                      e9bed14c44fe554e0e8385096bbacca494da30b1

                                                                                                      SHA256

                                                                                                      d3a6060ff059a7724a483d82025a9231a61143839b633a6d3842a58ccb5a7d7d

                                                                                                      SHA512

                                                                                                      301187bdcab5ca9942b2c7b7114e37e53e58b5661eef50c389622950d7691993a29f5a825132cf499ca73cdb6637d3f58afdc024cb04fac2b8e01f752209572c

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      3cb14eabec0b9c9d65916a24297eabbf

                                                                                                      SHA1

                                                                                                      f77772d3dde902b8adee7393c22c854ad80b67d1

                                                                                                      SHA256

                                                                                                      92a46255f3672e26e216e557fd5600b2c9867131134a66b4450f24464408a2e5

                                                                                                      SHA512

                                                                                                      1287e097de2585083f70d7ab0ecda2da98437acc48ac570fb20102769ad531f13900ff47e58d9d3666ffa56c2b405caf0c4328cbfcdf1fc498b1cc2a737aad1c

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      6c0fe0b466ce213b2c1edc4d0adaf990

                                                                                                      SHA1

                                                                                                      821e8b69064c95bcc2f91dfd7768f57a8c15efc7

                                                                                                      SHA256

                                                                                                      0f70a603bbf4a1fd023565e6c87164d46b10244f7b4a108e4012872ab7928870

                                                                                                      SHA512

                                                                                                      e8af6f0835f966f8325c1003099bfd08b61012c7f31855103578c8cb9ec71cb8264876c487a506bf5e7025053416abb04586823e82186f11b4a8f1a9611dfccd

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      f661c85f12123ddf892b9ac384d8f704

                                                                                                      SHA1

                                                                                                      b3b94009d124a9951bd2a87cec429f8ede0a4dbc

                                                                                                      SHA256

                                                                                                      104d859472c2781b2450c5bc45a39edd1724ee3172292828d8e0bbb0561dc550

                                                                                                      SHA512

                                                                                                      b963f9daa844992d2fd647dc6cb2712af66b149994d3435b39ade0d1bad7657bf66dadded05572d5f178be56d061f9970823aaac14b17ba82117dd150da4e2ea

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UXZE23G7\microsoft.windows[1].xml

                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      cf431c7d433b1384d2f6df919483feeb

                                                                                                      SHA1

                                                                                                      f8ab70eb8a468990556a07731e8f4f698b8a159e

                                                                                                      SHA256

                                                                                                      12be83d718acf262c1535d1109ed07b917a3fd7d55f8a0d8f5d5bcdeeafcf626

                                                                                                      SHA512

                                                                                                      be8ba596a5c29006d5edc9e4089b63ec120062de8e2297b34756dea825b68a0afe361a9b5bcd9a8a9390308ddc97d3108328437b20cd14b89dda54a2991c4218

                                                                                                    • C:\Users\Admin\AppData\Roaming\724F6\62EA.24F

                                                                                                      Filesize

                                                                                                      300B

                                                                                                      MD5

                                                                                                      e93521af374c63f428ffe2f3ebcad927

                                                                                                      SHA1

                                                                                                      a7aaa5549c4bab3337e8e15acb8d234974b0cf25

                                                                                                      SHA256

                                                                                                      d39c8bb4bdee1c80fda683fb5b63c92d4858837fed2fe1c11aeab2c730fa4e1a

                                                                                                      SHA512

                                                                                                      e94db57e908b86ba5f42734c7e3ebb8be3bd4df3e608c3991cfe01d03d4c796339500ac6f630454ba012f345d1f59d856f57a7b3e8f19da68041f74984f4789e

                                                                                                    • C:\Users\Admin\AppData\Roaming\724F6\62EA.24F

                                                                                                      Filesize

                                                                                                      996B

                                                                                                      MD5

                                                                                                      3f5fb1be9be23aeb7faf1ea003eb4440

                                                                                                      SHA1

                                                                                                      8a3a0720012d0ea4fc21862f6a30799432e7e4d9

                                                                                                      SHA256

                                                                                                      8606117bf39f5337d9b794c98aba4c79d8304c3ffcd2b85de765dd538cf771f1

                                                                                                      SHA512

                                                                                                      58d0b78705a6c59536e187db4cc31dc6e6377dff6018c6cdf8c8663a18c76e66fd528d4d3d40938efcc2288b83a036e423c2a9f093cf41c672e37fd2da005959

                                                                                                    • C:\Users\Admin\AppData\Roaming\724F6\62EA.24F

                                                                                                      Filesize

                                                                                                      600B

                                                                                                      MD5

                                                                                                      870f987885f55a7c1e7282524eedfdee

                                                                                                      SHA1

                                                                                                      10dd0c394d0c4f04b746d16c4e4db57def3d51be

                                                                                                      SHA256

                                                                                                      f15111bf8e06a2e5da2588c8acd9ac2e9a009bc4197e25c73ba426c331d3295f

                                                                                                      SHA512

                                                                                                      5f73348f627eacf24257ae1f57b6208f6a011e16111e6d8b2799b3ba73bedfb0faea4a0b8394ce41fb25f602a08c9f2537c6731681345496382def98245cdc11

                                                                                                    • C:\Users\Admin\AppData\Roaming\724F6\62EA.24F

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      7db4bf906c1883dd2dc9d95b2ae8d19e

                                                                                                      SHA1

                                                                                                      aa5fb35612bc3dbca33e1d3447db2babf0d04616

                                                                                                      SHA256

                                                                                                      124211d838c8f916c6f048c8bef9b0e9801a5b2c50e898621448e3a052f0cc6f

                                                                                                      SHA512

                                                                                                      dd50cad7d0b0d3e025ca9427e6da6b7f33fe3bfa1284311d2b9a064357b1d25cb10ebf44782f57139e6ca70259575228c148beade0fddd30fa7cb07a840e059b

                                                                                                    • memory/8-476-0x00000000043B0000-0x00000000043B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/220-268-0x000002A93E3E0000-0x000002A93E400000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/220-270-0x000002A93E9F0000-0x000002A93EA10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/220-266-0x000002A93E620000-0x000002A93E640000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1288-14-0x0000000000600000-0x0000000000700000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/1288-13-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-2-0x0000000000690000-0x0000000000790000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2024-256-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-119-0x0000000000690000-0x0000000000790000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2024-118-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-1-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-321-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-50-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2024-3-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/2392-130-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/2564-424-0x000001AC96100000-0x000001AC96120000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2564-422-0x000001AC96140000-0x000001AC96160000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2564-426-0x000001AC96510000-0x000001AC96530000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2996-141-0x0000018BBE3D0000-0x0000018BBE3F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2996-139-0x0000018BBDFC0000-0x0000018BBDFE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2996-137-0x0000018BBE000000-0x0000018BBE020000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3412-124-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/3412-123-0x0000000000600000-0x0000000000700000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3412-122-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                      Filesize

                                                                                                      432KB

                                                                                                    • memory/3500-368-0x0000000004200000-0x0000000004201000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4084-401-0x00000204387E0000-0x0000020438800000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4084-399-0x0000020438A20000-0x0000020438A40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4084-404-0x0000020438DF0000-0x0000020438E10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4440-379-0x0000021DFB9C0000-0x0000021DFB9E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4440-377-0x0000021DFB3B0000-0x0000021DFB3D0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4440-375-0x0000021DFB600000-0x0000021DFB620000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4728-447-0x00000257058C0000-0x00000257058E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4728-445-0x00000257052A0000-0x00000257052C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4728-443-0x00000257052E0000-0x0000025705300000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4760-391-0x0000000004600000-0x0000000004601000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4784-310-0x0000022A6E310000-0x0000022A6E330000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4784-312-0x0000022A6E2D0000-0x0000022A6E2F0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4784-314-0x0000022A6E8E0000-0x0000022A6E900000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5096-282-0x0000000004430000-0x0000000004431000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5152-455-0x0000000004080000-0x0000000004081000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5168-259-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5180-333-0x0000022B00140000-0x0000022B00160000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5180-336-0x0000022B00550000-0x0000022B00570000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5180-331-0x0000022B00180000-0x0000022B001A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5200-234-0x00000000042F0000-0x00000000042F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5208-302-0x0000000004590000-0x0000000004591000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5288-414-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5448-487-0x000001D6912A0000-0x000001D6912C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5448-485-0x000001D690C90000-0x000001D690CB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5448-483-0x000001D690CD0000-0x000001D690CF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5464-233-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                      Filesize

                                                                                                      112KB

                                                                                                    • memory/5464-231-0x0000000000740000-0x0000000000840000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/5464-230-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                      Filesize

                                                                                                      112KB

                                                                                                    • memory/5656-292-0x000002A029250000-0x000002A029270000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5656-294-0x000002A029860000-0x000002A029880000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5656-290-0x000002A029290000-0x000002A0292B0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5720-346-0x0000000004530000-0x0000000004531000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5772-246-0x000001EADB480000-0x000001EADB4A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5772-244-0x000001EADAE70000-0x000001EADAE90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/5772-242-0x000001EADAEB0000-0x000001EADAED0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6064-324-0x0000000003450000-0x0000000003451000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/6072-463-0x000001FF0EA20000-0x000001FF0EA40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6072-465-0x000001FF0E7E0000-0x000001FF0E800000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6072-467-0x000001FF0EDF0000-0x000001FF0EE10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6128-435-0x00000000026F0000-0x00000000026F1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/6140-356-0x000001A716E80000-0x000001A716EA0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6140-354-0x000001A716EC0000-0x000001A716EE0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/6140-358-0x000001A7174A0000-0x000001A7174C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB