Overview

overview

10

Static

static

3

e9839a31cc...7e.exe

windows7-x64

10

e9839a31cc...7e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    86s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/03/2024, 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e.exe

  • Size

    259KB

  • MD5

    b05a74505fa03339578dff002ba57c69

  • SHA1

    b9851e84dbd2c8b2ecccb30452ddccb0496ef974

  • SHA256

    e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e

  • SHA512

    616337efd4b6a84f0590226b52d8c7398723afe43bb1fc879089a7474b7fd8949e16353bb4ff713da4295dbc4885d5eb34d9483d7441b726592371bb8f285dd3

  • SSDEEP

    3072:NCEgl6HLc0iImEkhg569+wjkabBB2n2qr4j54wCxe9yFfqdwiB9ez/WnQEbK3Zk:NsUrc06Fue/kZr4j5vwbb0WWnQEbe

Score
10/10
dcratdjvugluptebalummaredlinesmokeloadervidar5739ef2bbcd39fcd59c5746bfe4238c5logsdiller cloud (tg: @logsdillabot)pub1backdoordiscoverydropperevasioninfostealerloaderpersistenceransomwareratspywarestealertrojanupx

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

djvu

C2

http://sajdfue.com/test1/get.php

Attributes
  • extension

    .vook

  • offline_id

    1eSPzWRaNslCgtjBZfL5pzvovoiaVI4IZSnvAwt1

  • payload_url

    http://sdfjhuz.com/dl/build2.exe

    http://sajdfue.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Do not ask assistants from youtube and recovery data sites for help in recovering your data. They can use your free decryption quota and scam you. Our contact is emails in this text document only. You can get and look video overview decrypt tool: https://wetransfer.com/downloads/3ed7a617738550b0a00c5aa231c0752020240316170955/d71ce1 Price of private key and decrypt software is $999. Discount 50% available if you contact us first 72 hours, that's price for you is $499. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0857PsawqS

rsa_pubkey.plain

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.0:29587

Extracted

Family

vidar

Version

8.6

Botnet

5739ef2bbcd39fcd59c5746bfe4238c5

C2

https://steamcommunity.com/profiles/76561199658817715

https://t.me/sa9ok
Attributes
  • profile_id_v2

    5739ef2bbcd39fcd59c5746bfe4238c5

  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Extracted

Family

lumma

C2

https://resergvearyinitiani.shop/api

https://affordcharmcropwo.shop/api

Signatures

  • DcRat 4 IoCs

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Detect Vidar Stealer 5 IoCs
    stealer
  • Detected Djvu ransomware 18 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 2 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Detect binaries embedding considerable number of MFA browser extension IDs. 1 IoCs
  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects Windows executables referencing non-Windows User-Agents 6 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 4 IoCs
  • Detects executables Discord URL observed in first stage droppers 2 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 6 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 2 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 2 IoCs
  • UPX dump on OEP (original entry point) 1 IoCs
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 12 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 6 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e.exe
    "C:\Users\Admin\AppData\Local\Temp\e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e.exe"
    1⤵
    • DcRat
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:3480
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9049.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
      2⤵
        PID:4536
    • C:\Users\Admin\AppData\Local\Temp\9D99.exe
      C:\Users\Admin\AppData\Local\Temp\9D99.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Users\Admin\AppData\Local\Temp\9D99.exe
        C:\Users\Admin\AppData\Local\Temp\9D99.exe
        2⤵
        • DcRat
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:4136
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\035e78d8-2d9c-498f-bd88-b2b123e078ef" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:2252
        • C:\Users\Admin\AppData\Local\Temp\9D99.exe
          "C:\Users\Admin\AppData\Local\Temp\9D99.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:4424
          • C:\Users\Admin\AppData\Local\Temp\9D99.exe
            "C:\Users\Admin\AppData\Local\Temp\9D99.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:3680
            • C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build2.exe
              "C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build2.exe"
              5⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:1308
              • C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build2.exe
                "C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build2.exe"
                6⤵
                • Executes dropped EXE
                PID:1268
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 2064
                  7⤵
                  • Program crash
                  PID:2296
    • C:\Users\Admin\AppData\Local\Temp\AA4C.exe
      C:\Users\Admin\AppData\Local\Temp\AA4C.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3736
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
          PID:1676
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          2⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3492
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 836
          2⤵
          • Program crash
          PID:4528
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3736 -ip 3736
        1⤵
          PID:2444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1268 -ip 1268
          1⤵
            PID:3852
          • C:\Users\Admin\AppData\Local\Temp\D506.exe
            C:\Users\Admin\AppData\Local\Temp\D506.exe
            1⤵
            • Executes dropped EXE
            PID:3116
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D94D.bat" "
            1⤵
              PID:2504
              • C:\Windows\system32\reg.exe
                reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
                2⤵
                  PID:2612
              • C:\Users\Admin\AppData\Local\Temp\56F.exe
                C:\Users\Admin\AppData\Local\Temp\56F.exe
                1⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of AdjustPrivilegeToken
                PID:1272
                • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                  2⤵
                    PID:4008
                • C:\Users\Admin\AppData\Local\Temp\135A.exe
                  C:\Users\Admin\AppData\Local\Temp\135A.exe
                  1⤵
                  • Executes dropped EXE
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4724
                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    powershell -nologo -noprofile
                    2⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:532
                  • C:\Users\Admin\AppData\Local\Temp\135A.exe
                    "C:\Users\Admin\AppData\Local\Temp\135A.exe"
                    2⤵
                    • Executes dropped EXE
                    • Adds Run key to start application
                    • Checks for VirtualBox DLLs, possible anti-VM trick
                    • Drops file in Windows directory
                    • Modifies data under HKEY_USERS
                    PID:4116
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      powershell -nologo -noprofile
                      3⤵
                      • Drops file in System32 directory
                      • Modifies data under HKEY_USERS
                      PID:5000
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                      3⤵
                        PID:4528
                        • C:\Windows\system32\netsh.exe
                          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                          4⤵
                          • Modifies Windows Firewall
                          PID:4128
                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        powershell -nologo -noprofile
                        3⤵
                        • Drops file in System32 directory
                        • Modifies data under HKEY_USERS
                        PID:100
                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        powershell -nologo -noprofile
                        3⤵
                        • Drops file in System32 directory
                        • Modifies data under HKEY_USERS
                        PID:4200
                      • C:\Windows\rss\csrss.exe
                        C:\Windows\rss\csrss.exe
                        3⤵
                        • Executes dropped EXE
                        PID:3828
                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                          powershell -nologo -noprofile
                          4⤵
                          • Drops file in System32 directory
                          • Modifies data under HKEY_USERS
                          PID:3436
                        • C:\Windows\SYSTEM32\schtasks.exe
                          schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                          4⤵
                          • DcRat
                          • Creates scheduled task(s)
                          PID:4248
                        • C:\Windows\SYSTEM32\schtasks.exe
                          schtasks /delete /tn ScheduledUpdate /f
                          4⤵
                            PID:4240
                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            powershell -nologo -noprofile
                            4⤵
                            • Drops file in System32 directory
                            • Modifies data under HKEY_USERS
                            PID:2400
                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            powershell -nologo -noprofile
                            4⤵
                            • Modifies data under HKEY_USERS
                            PID:3432
                          • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                            C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                            4⤵
                              PID:1724
                            • C:\Windows\SYSTEM32\schtasks.exe
                              schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                              4⤵
                              • DcRat
                              • Creates scheduled task(s)
                              PID:4940
                            • C:\Windows\windefender.exe
                              "C:\Windows\windefender.exe"
                              4⤵
                                PID:2780
                                • C:\Windows\SysWOW64\cmd.exe
                                  cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                  5⤵
                                    PID:1292
                                    • C:\Windows\SysWOW64\sc.exe
                                      sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                      6⤵
                                      • Launches sc.exe
                                      PID:3564
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                            • Modifies Installed Components in the registry
                            • Enumerates connected drives
                            • Checks SCSI registry key(s)
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:1380
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                            • Suspicious use of SetWindowsHookEx
                            PID:1580
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                            • Modifies Installed Components in the registry
                            • Enumerates connected drives
                            • Checks SCSI registry key(s)
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            PID:2492
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:3668
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:964
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                            • Modifies Installed Components in the registry
                            • Enumerates connected drives
                            • Checks SCSI registry key(s)
                            • Modifies registry class
                            • Suspicious use of SendNotifyMessage
                            PID:4616
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                            • Suspicious use of SetWindowsHookEx
                            PID:5076
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:2184
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                            • Modifies Installed Components in the registry
                            • Enumerates connected drives
                            • Checks SCSI registry key(s)
                            • Modifies registry class
                            • Suspicious use of SendNotifyMessage
                            PID:1508
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                            • Suspicious use of SetWindowsHookEx
                            PID:3952
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                            • Modifies Internet Explorer settings
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:4572
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                            • Modifies Installed Components in the registry
                            • Enumerates connected drives
                            • Checks SCSI registry key(s)
                            • Modifies registry class
                            PID:3260
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                            • Suspicious use of SetWindowsHookEx
                            PID:208
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4396
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:228
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4788
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4072
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4472
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1160
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:2492
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2008
                                          • C:\Windows\windefender.exe
                                            C:\Windows\windefender.exe
                                            1⤵
                                              PID:2848
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:1600
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4764
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:3840
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3300
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1224
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4244
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3736
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:4284
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3952
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1292
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2644
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:1500
                                                                      • C:\Windows\system32\WerFault.exe
                                                                        C:\Windows\system32\WerFault.exe -u -p 1500 -s 3572
                                                                        2⤵
                                                                          PID:4200
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:1264
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:3432
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4024
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2740
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2272
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:2172
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:1380
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:5100
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:216
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3684
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3428
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:2644
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3924
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1300
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:2984
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4380
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3336
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:4624
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:2144
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4800

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Reconnaissance

                                                                                                              Resource Development

                                                                                                              Initial Access

                                                                                                              Execution

                                                                                                              Scheduled Task/Job

                                                                                                              1
                                                                                                              T1053

                                                                                                              Persistence

                                                                                                              Boot or Logon Autostart Execution

                                                                                                              2
                                                                                                              T1547

                                                                                                              Registry Run Keys / Startup Folder

                                                                                                              2
                                                                                                              T1547.001

                                                                                                              Create or Modify System Process

                                                                                                              1
                                                                                                              T1543

                                                                                                              Windows Service

                                                                                                              1
                                                                                                              T1543.003

                                                                                                              Scheduled Task/Job

                                                                                                              1
                                                                                                              T1053

                                                                                                              Privilege Escalation

                                                                                                              Boot or Logon Autostart Execution

                                                                                                              2
                                                                                                              T1547

                                                                                                              Registry Run Keys / Startup Folder

                                                                                                              2
                                                                                                              T1547.001

                                                                                                              Create or Modify System Process

                                                                                                              1
                                                                                                              T1543

                                                                                                              Windows Service

                                                                                                              1
                                                                                                              T1543.003

                                                                                                              Scheduled Task/Job

                                                                                                              1
                                                                                                              T1053

                                                                                                              Defense Evasion

                                                                                                              File and Directory Permissions Modification

                                                                                                              1
                                                                                                              T1222

                                                                                                              Impair Defenses

                                                                                                              1
                                                                                                              T1562

                                                                                                              Disable or Modify System Firewall

                                                                                                              1
                                                                                                              T1562.004

                                                                                                              Modify Registry

                                                                                                              3
                                                                                                              T1112

                                                                                                              Credential Access

                                                                                                              Unsecured Credentials

                                                                                                              3
                                                                                                              T1552

                                                                                                              Credentials In Files

                                                                                                              3
                                                                                                              T1552.001

                                                                                                              Discovery

                                                                                                              Peripheral Device Discovery

                                                                                                              2
                                                                                                              T1120

                                                                                                              Query Registry

                                                                                                              5
                                                                                                              T1012

                                                                                                              System Information Discovery

                                                                                                              5
                                                                                                              T1082

                                                                                                              Lateral Movement

                                                                                                              Collection

                                                                                                              Data from Local System

                                                                                                              3
                                                                                                              T1005

                                                                                                              Command and Control

                                                                                                              Web Service

                                                                                                              1
                                                                                                              T1102

                                                                                                              Exfiltration

                                                                                                              Impact

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                2a789d6b366b95c47c2e68c27f863f81

                                                                                                                SHA1

                                                                                                                1b123bd94179f5b8746bc960691ddb9546855e05

                                                                                                                SHA256

                                                                                                                ba4990d90cdd27ce932e39c10e178659436aeb5a290faa47f4825da9eca6bc94

                                                                                                                SHA512

                                                                                                                027180aabc65ae3ca35f83161b11d289d87af854656483ac2cf703d94f695c4d5bce0fce1901278ab4cbfc985c9b9aa1f455c889913834c4b1734a365c7f8e3b

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                Filesize

                                                                                                                471B

                                                                                                                MD5

                                                                                                                4305f3b83ea7e48583ca9863f6a51c75

                                                                                                                SHA1

                                                                                                                83587d71d6baeca1bc553f67a84c399789c91cb5

                                                                                                                SHA256

                                                                                                                2251e0ab16b12b3590efe8b9793dc002345123f8a9dd98c4c31c957995b99273

                                                                                                                SHA512

                                                                                                                94c77f16fa66618ed073af0157d191efd39b9ef78ff7113a224117c8156594b36076b40ab7aafb8ec534dd82a069339486b693c8d672e431e2330be4a4c4eea5

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
                                                                                                                Filesize

                                                                                                                724B

                                                                                                                MD5

                                                                                                                8202a1cd02e7d69597995cabbe881a12

                                                                                                                SHA1

                                                                                                                8858d9d934b7aa9330ee73de6c476acf19929ff6

                                                                                                                SHA256

                                                                                                                58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

                                                                                                                SHA512

                                                                                                                97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                                                                                                Filesize

                                                                                                                410B

                                                                                                                MD5

                                                                                                                575b969011d8f91970278924c3743895

                                                                                                                SHA1

                                                                                                                da7c4b5e380f3b0e3ef568d42f0d076fc87b1852

                                                                                                                SHA256

                                                                                                                aaab513c7912a63667011f6045db02a762e35db84b8fc262f7a026ff50f0f8d6

                                                                                                                SHA512

                                                                                                                f203a4c0865752703e38d854ace992449d062e3ec65a6b3af5dda4eee253a7785dc441800fa65172b8b8a7e5dc5ded5e5f65ec056fb804ebed6e99bee0f1b2c5

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                Filesize

                                                                                                                412B

                                                                                                                MD5

                                                                                                                feb1889f3276db5b76ae78fb005deef6

                                                                                                                SHA1

                                                                                                                a2eba183d70421524c811e4006fc2733cb51fea0

                                                                                                                SHA256

                                                                                                                3b63cb544427ca38135568c1c8ddf4d490b65de0338bedf37dc872091b33977b

                                                                                                                SHA512

                                                                                                                3bf2cfce86b4f63f64aac8c223a1400673307034de0169d7dd949184c0340382b15392cf324e78ff5f313d9796864c44071e1d061c76aaaa8165416ef0e4d22f

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
                                                                                                                Filesize

                                                                                                                392B

                                                                                                                MD5

                                                                                                                fa67213a3d650c30a88fba4e10ad754b

                                                                                                                SHA1

                                                                                                                e63c52fef18101618bea214de5268d9468b3c795

                                                                                                                SHA256

                                                                                                                0adcbf2848b61004fde1db5bd5713fcec6642517f25a7db8ff0c19f4036b0665

                                                                                                                SHA512

                                                                                                                0e77bfec0682d8ecc332eeb41c43015e6eb3645d73a7411e51c9f3504aad7430f269fe2a8312ed37eb6766bbef77bb10d3cae0e2eb48b8f59f3370fe362a1819

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
                                                                                                                Filesize

                                                                                                                1022B

                                                                                                                MD5

                                                                                                                29a68b111b09263c1be555310b6b9b31

                                                                                                                SHA1

                                                                                                                5ca3933082bb405b20abdf7c1f4fa3382bcbbcbf

                                                                                                                SHA256

                                                                                                                854058f31e23e7edb25502f4781f21b7907b73ed963ea3c36153106727cffdb9

                                                                                                                SHA512

                                                                                                                d8768d40ec6ec2adee6ea81b588dfd30abb08392e31cbdcc028ed61b231c94ce08201aacf578bef4bba852f2f94d1242c24f21241fdfc449a0dff6b261a0ddac

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                dce35e3a41ba54a72d987d7374129ecf

                                                                                                                SHA1

                                                                                                                5e159da21efdeccb3c6457b9c7bd7a7263daee57

                                                                                                                SHA256

                                                                                                                0f0f2f71a68976863f5171c639d75a195fe255e6debb652826e4efa11fe631eb

                                                                                                                SHA512

                                                                                                                c934589c5f361c410374246ac5c9f9af43012597f65d8ee5c7c85bc79b2a3faab92eed5adaf02d4424d5365579218ecae1742f65e42552668992f78d50a73060

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\39XIXV5T\microsoft.windows[1].xml
                                                                                                                Filesize

                                                                                                                96B

                                                                                                                MD5

                                                                                                                29e3c94dfa03b794f03e17d8b45295d9

                                                                                                                SHA1

                                                                                                                1a598a72d3d486f77e861f98abcd2f4a8e936365

                                                                                                                SHA256

                                                                                                                7ff0263086f28cc1d842d07a23128b955780d3c8b85b130228c7f65ce2b4262a

                                                                                                                SHA512

                                                                                                                e2180d73f45da32ac4fb355546103496d73cdf7cb966c60f6a414bc7052e46431177e9009bdfd730d2fe6955b986392720fe3bdc8afbc0388f1b70e438a4ef9c

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\135A.exe
                                                                                                                Filesize

                                                                                                                4.1MB

                                                                                                                MD5

                                                                                                                e445c438749eab1cc57d98407a83875a

                                                                                                                SHA1

                                                                                                                4b67b8f084aaf3a7a89534b32beab4e5faef674d

                                                                                                                SHA256

                                                                                                                f5cb5ace2b7d35f46c14eb827cf041dba371d5b9b9c8c7ef8ca4af01faebab37

                                                                                                                SHA512

                                                                                                                1e338586df2dcf4a77f9605860e18c5feb6f0cdabf7165877a53996af944aac361a4ca1faa2cce791a0d1336458965888d05af495bb6e2faac6031ed3cd160d4

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\56F.exe
                                                                                                                Filesize

                                                                                                                30.6MB

                                                                                                                MD5

                                                                                                                ff35671d54d612772b0c22c141a3056e

                                                                                                                SHA1

                                                                                                                d005a27cd48556bf17eb9c2b43af49b67347cc0e

                                                                                                                SHA256

                                                                                                                2f625ea35f82332c639049c4a849f39cd2b74acb013880d156a2f647497c2512

                                                                                                                SHA512

                                                                                                                9a40a657f196036ef07c410db225f7a023f7299abc078cefd5d97489e7359ce9c640d72b98fedbf3f11ebaba1987b0acd5c7892b1ba5b5ae18709037df45790e

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\9049.bat
                                                                                                                Filesize

                                                                                                                77B

                                                                                                                MD5

                                                                                                                55cc761bf3429324e5a0095cab002113

                                                                                                                SHA1

                                                                                                                2cc1ef4542a4e92d4158ab3978425d517fafd16d

                                                                                                                SHA256

                                                                                                                d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

                                                                                                                SHA512

                                                                                                                33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\9D99.exe
                                                                                                                Filesize

                                                                                                                759KB

                                                                                                                MD5

                                                                                                                46a230d9be88dd7dca63ab0ec41c0b14

                                                                                                                SHA1

                                                                                                                8072cc39226b6b18164eb58a81ce7433fae55c58

                                                                                                                SHA256

                                                                                                                59b4a0b07d2a7901e49e8cc55c2eae5b457fde6e8b25295374a3e4ee37e207b5

                                                                                                                SHA512

                                                                                                                8c21b6c8f33608e47ead31e1e731a7cd4791d53a05f4574143156f067669a4ced8b48ffcd4f13f5d9cf9eb63dfa7873d8f491b4a02e05370fd03ca210adf9a28

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\AA4C.exe
                                                                                                                Filesize

                                                                                                                392KB

                                                                                                                MD5

                                                                                                                89ec2c6bf09ed9a38bd11acb2a41cd1b

                                                                                                                SHA1

                                                                                                                408549982b687ca8dd5efb0e8b704a374bd8909d

                                                                                                                SHA256

                                                                                                                da1e155c46ca6b23409d059b6d85341c0b86c92d2c69dbda85eef3894313662d

                                                                                                                SHA512

                                                                                                                c565dbb25dd35ae8dce2a4cf15640053aca8b99c5c78db23648e6618ef316362b77142c6524b47089a7ea05632adee091ec5e82ed95aeb86d2331b8c5f8cc56a

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\D506.exe
                                                                                                                Filesize

                                                                                                                6.5MB

                                                                                                                MD5

                                                                                                                9e52aa572f0afc888c098db4c0f687ff

                                                                                                                SHA1

                                                                                                                ef7c2bb222e69ad0e10c8686eb03dcbee7933c2b

                                                                                                                SHA256

                                                                                                                4a40f9d491f09521f4b0c6076a0eb488f6d8e1cf4b67aa6569c2ccce13556443

                                                                                                                SHA512

                                                                                                                d0991e682ae8c954721e905753b56c01f91b85313beb9996331793c3efa8acc13d574ef5ba44853ecc3e05822931ed655bad1924fa11b774a43e015f42185f62

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5lm2irhl.5yu.ps1
                                                                                                                Filesize

                                                                                                                60B

                                                                                                                MD5

                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                SHA1

                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                SHA256

                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                SHA512

                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                                                                                                Filesize

                                                                                                                281KB

                                                                                                                MD5

                                                                                                                d98e33b66343e7c96158444127a117f6

                                                                                                                SHA1

                                                                                                                bb716c5509a2bf345c6c1152f6e3e1452d39d50d

                                                                                                                SHA256

                                                                                                                5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

                                                                                                                SHA512

                                                                                                                705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build2.exe
                                                                                                                Filesize

                                                                                                                277KB

                                                                                                                MD5

                                                                                                                8dae8b6a6be6e3527183594d1c26a2d3

                                                                                                                SHA1

                                                                                                                b87e40cee60869a36e79c88c8a3a34baf0bc4889

                                                                                                                SHA256

                                                                                                                afce72cd3bc717c784962083066e3ede2b0aaadbe0908ec7360096c923774fa5

                                                                                                                SHA512

                                                                                                                0bf065700db647efba39a13a58242a595907e6c11885575cf0bdad9e23ab40583c8a6535464e46d75d075e20d88b7a6305a761df9da787fdc8728483dd48f96e

                                                                                                                Download Submit

                                                                                                              • C:\Users\Admin\AppData\Local\aa744570-9aeb-4678-8d93-4549a00eb816\build3.exe
                                                                                                                Filesize

                                                                                                                1KB

                                                                                                                MD5

                                                                                                                d90c6fbc596956110435056b522305d4

                                                                                                                SHA1

                                                                                                                503d8fd3b016573b5b0c700cd185c82ef233b8dd

                                                                                                                SHA256

                                                                                                                10bc18ac44e2ad7364ec8bfcf370abc1508de5ed10cd425b2704adbad844b8c3

                                                                                                                SHA512

                                                                                                                84ca83b9e92af279d1c716a16c3cb139458b4930c4a433ac86c14ac1a2a17f430a659aa7d2f1867d3b2c28bd9f3063fde4fc39fc088c8fedb47c277e5944ea7e

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                                                                                                Filesize

                                                                                                                2KB

                                                                                                                MD5

                                                                                                                968cb9309758126772781b83adb8a28f

                                                                                                                SHA1

                                                                                                                8da30e71accf186b2ba11da1797cf67f8f78b47c

                                                                                                                SHA256

                                                                                                                92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

                                                                                                                SHA512

                                                                                                                4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                7cf599653aede52e7f8a36f016421d5e

                                                                                                                SHA1

                                                                                                                44cc8d97b6fa60e37059c5e3f34cee84c1afa1fd

                                                                                                                SHA256

                                                                                                                9e114e4bc56152dc85da6ea1d6659978f69d98cc371c1524bea9a37b3a3e3b63

                                                                                                                SHA512

                                                                                                                6469ddb07e3a413bb42e621761d43c55365f9babe44a32f4542dbbc4820fc63aa47cbfcca8c5d52a1355634e1d349537a5aab03625be907cfddf0132e7938558

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                999a6560cc57140098a24fe5046aa68d

                                                                                                                SHA1

                                                                                                                40efbbc310d37fb3c6ed889a2f719654dd589799

                                                                                                                SHA256

                                                                                                                18277ab2fdd6300412e0e1b75affebb9c9a7f39ffc6ac3da6ff09546a7707aaa

                                                                                                                SHA512

                                                                                                                054df464147510720ab001f000277815ab8bcac71087bde75de1c033ea2122e7766f4bc445530715634927a8af980592859fd885898f638845100d353ec2996b

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                97be63faca20277ab32179eb76f32af3

                                                                                                                SHA1

                                                                                                                fe48332e65cd5f389289d959f944fe98ea5536b7

                                                                                                                SHA256

                                                                                                                f58cb5eb10a08aa72e39d7d2e2a4e4e2d8d80256e3a6977d614ff3fbd0010a99

                                                                                                                SHA512

                                                                                                                a2c94a01f677f65bac7eb36f85b3701e41087bc2b70b0737238f5f3d9f8ce2557d48755663de0252f69ce3b03a6e5fd01f48ab173619dede9a6e12598ba355d5

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                12623f257049fc3d1e87a5bfa1b5c2c9

                                                                                                                SHA1

                                                                                                                2795eb43a71c68044c81887fa38a2c4c04dbc952

                                                                                                                SHA256

                                                                                                                ce497215e964d4033b8039cb22d06b535233c0b14ffc0efaf32e6a3a66d17bee

                                                                                                                SHA512

                                                                                                                f3f88f54af31697e100d4047183ecb98f116c3e086d83804a07ec050c0d476b7e9ef9205c40af4d1563f0a767a5af412539bfe4616120ab59862a3371f77d7bc

                                                                                                                Download Submit

                                                                                                              • C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
                                                                                                                Filesize

                                                                                                                19KB

                                                                                                                MD5

                                                                                                                146d8c48a0c94134568c6a1bd58532d0

                                                                                                                SHA1

                                                                                                                3166f56b2bccfb4cd6e5ed2e71f3ea4b5d1fbc78

                                                                                                                SHA256

                                                                                                                c8c0b8b1d985c63d7d45964e71cc2e983b230933c10faaa108c89d7a71dbbdd1

                                                                                                                SHA512

                                                                                                                bf155ec773d832c90934e60da4ea46615373d1b092541413504c60dfab7d6bffe66e067d1021aea5477714e2eecd1e0719cfcf239b0a673e37f3fe5e49df27ff

                                                                                                                Download Submit

                                                                                                              • C:\Windows\windefender.exe
                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                MD5

                                                                                                                8e67f58837092385dcf01e8a2b4f5783

                                                                                                                SHA1

                                                                                                                012c49cfd8c5d06795a6f67ea2baf2a082cf8625

                                                                                                                SHA256

                                                                                                                166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

                                                                                                                SHA512

                                                                                                                40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

                                                                                                                Download Submit

                                                                                                              • memory/964-309-0x0000018CC2490000-0x0000018CC24B0000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/964-313-0x0000018CC2B00000-0x0000018CC2B20000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/964-311-0x0000018CC2450000-0x0000018CC2470000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/1268-113-0x0000000000400000-0x0000000000644000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.3MB

                                                                                                                Download

                                                                                                              • memory/1268-105-0x0000000000400000-0x0000000000644000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.3MB

                                                                                                                Download

                                                                                                              • memory/1268-109-0x0000000000400000-0x0000000000644000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.3MB

                                                                                                                Download

                                                                                                              • memory/1268-123-0x0000000000400000-0x0000000000644000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.3MB

                                                                                                                Download

                                                                                                              • memory/1272-345-0x00007FF7EF2F0000-0x00007FF7F123C000-memory.dmp

                                                                                                                Filesize

                                                                                                                31.3MB

                                                                                                                Download

                                                                                                              • memory/1272-248-0x00007FF7EF2F0000-0x00007FF7F123C000-memory.dmp

                                                                                                                Filesize

                                                                                                                31.3MB

                                                                                                                Download

                                                                                                              • memory/1272-413-0x00007FF7EF2F0000-0x00007FF7F123C000-memory.dmp

                                                                                                                Filesize

                                                                                                                31.3MB

                                                                                                                Download

                                                                                                              • memory/1308-104-0x0000000002180000-0x00000000021B1000-memory.dmp

                                                                                                                Filesize

                                                                                                                196KB

                                                                                                                Download

                                                                                                              • memory/1308-103-0x00000000006E0000-0x00000000007E0000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/1508-522-0x0000000004830000-0x0000000004831000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/1976-20-0x00000000027B0000-0x0000000002843000-memory.dmp

                                                                                                                Filesize

                                                                                                                588KB

                                                                                                                Download

                                                                                                              • memory/1976-21-0x0000000002850000-0x000000000296B000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.1MB

                                                                                                                Download

                                                                                                              • memory/2184-391-0x00000278CC120000-0x00000278CC140000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2184-387-0x00000278CBB50000-0x00000278CBB70000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2184-388-0x00000278CBB10000-0x00000278CBB30000-memory.dmp

                                                                                                                Filesize

                                                                                                                128KB

                                                                                                                Download

                                                                                                              • memory/2492-303-0x00000000041C0000-0x00000000041C1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-188-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-143-0x00000000017E0000-0x00000000017E1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-183-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-182-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-193-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-181-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-192-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-191-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-180-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-135-0x0000000000540000-0x0000000001225000-memory.dmp

                                                                                                                Filesize

                                                                                                                12.9MB

                                                                                                                Download

                                                                                                              • memory/3116-140-0x0000000001740000-0x0000000001741000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-141-0x00000000017A0000-0x00000000017A1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-142-0x00000000017D0000-0x00000000017D1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-145-0x00000000017F0000-0x00000000017F1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-144-0x0000000000540000-0x0000000001225000-memory.dmp

                                                                                                                Filesize

                                                                                                                12.9MB

                                                                                                                Download

                                                                                                              • memory/3116-187-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-146-0x0000000001800000-0x0000000001801000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-147-0x0000000000540000-0x0000000001225000-memory.dmp

                                                                                                                Filesize

                                                                                                                12.9MB

                                                                                                                Download

                                                                                                              • memory/3116-149-0x0000000001810000-0x0000000001811000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3116-190-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-189-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-179-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-184-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-178-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-176-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-186-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-164-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-165-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-185-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-167-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-168-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-170-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-169-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-172-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-171-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-173-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-174-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-175-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-163-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3116-177-0x0000000003F20000-0x0000000004020000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3444-238-0x0000000001350000-0x0000000001351000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3444-4-0x0000000003230000-0x0000000003246000-memory.dmp

                                                                                                                Filesize

                                                                                                                88KB

                                                                                                                Download

                                                                                                              • memory/3480-1-0x0000000000D40000-0x0000000000E40000-memory.dmp

                                                                                                                Filesize

                                                                                                                1024KB

                                                                                                                Download

                                                                                                              • memory/3480-2-0x00000000026F0000-0x00000000026FB000-memory.dmp

                                                                                                                Filesize

                                                                                                                44KB

                                                                                                                Download

                                                                                                              • memory/3480-3-0x0000000000400000-0x0000000000AEA000-memory.dmp

                                                                                                                Filesize

                                                                                                                6.9MB

                                                                                                                Download

                                                                                                              • memory/3480-5-0x0000000000400000-0x0000000000AEA000-memory.dmp

                                                                                                                Filesize

                                                                                                                6.9MB

                                                                                                                Download

                                                                                                              • memory/3492-160-0x0000000007AB0000-0x0000000007FDC000-memory.dmp

                                                                                                                Filesize

                                                                                                                5.2MB

                                                                                                                Download

                                                                                                              • memory/3492-114-0x0000000006660000-0x0000000006C78000-memory.dmp

                                                                                                                Filesize

                                                                                                                6.1MB

                                                                                                                Download

                                                                                                              • memory/3492-162-0x00000000739B0000-0x0000000074160000-memory.dmp

                                                                                                                Filesize

                                                                                                                7.7MB

                                                                                                                Download

                                                                                                              • memory/3492-86-0x0000000000400000-0x0000000000450000-memory.dmp

                                                                                                                Filesize

                                                                                                                320KB

                                                                                                                Download

                                                                                                              • memory/3492-108-0x00000000055E0000-0x0000000005672000-memory.dmp

                                                                                                                Filesize

                                                                                                                584KB

                                                                                                                Download

                                                                                                              • memory/3492-102-0x0000000005A90000-0x0000000006034000-memory.dmp

                                                                                                                Filesize

                                                                                                                5.6MB

                                                                                                                Download

                                                                                                              • memory/3492-152-0x00000000073B0000-0x0000000007572000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.8MB

                                                                                                                Download

                                                                                                              • memory/3492-110-0x00000000739B0000-0x0000000074160000-memory.dmp

                                                                                                                Filesize

                                                                                                                7.7MB

                                                                                                                Download

                                                                                                              • memory/3492-128-0x0000000006190000-0x00000000061F6000-memory.dmp

                                                                                                                Filesize

                                                                                                                408KB

                                                                                                                Download

                                                                                                              • memory/3492-120-0x0000000006040000-0x000000000608C000-memory.dmp

                                                                                                                Filesize

                                                                                                                304KB

                                                                                                                Download

                                                                                                              • memory/3492-111-0x0000000005820000-0x0000000005830000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/3492-119-0x00000000058E0000-0x000000000591C000-memory.dmp

                                                                                                                Filesize

                                                                                                                240KB

                                                                                                                Download

                                                                                                              • memory/3492-166-0x0000000007310000-0x0000000007360000-memory.dmp

                                                                                                                Filesize

                                                                                                                320KB

                                                                                                                Download

                                                                                                              • memory/3492-117-0x0000000005880000-0x0000000005892000-memory.dmp

                                                                                                                Filesize

                                                                                                                72KB

                                                                                                                Download

                                                                                                              • memory/3492-115-0x0000000005950000-0x0000000005A5A000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.0MB

                                                                                                                Download

                                                                                                              • memory/3492-112-0x00000000057A0000-0x00000000057AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                40KB

                                                                                                                Download

                                                                                                              • memory/3680-207-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-42-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-43-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-202-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-129-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-100-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-157-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-161-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-44-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-159-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-49-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3680-50-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/3736-71-0x00000000739B0000-0x0000000074160000-memory.dmp

                                                                                                                Filesize

                                                                                                                7.7MB

                                                                                                                Download

                                                                                                              • memory/3736-70-0x0000000000120000-0x0000000000184000-memory.dmp

                                                                                                                Filesize

                                                                                                                400KB

                                                                                                                Download

                                                                                                              • memory/3736-79-0x0000000004C00000-0x0000000004C10000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/3736-85-0x0000000004A80000-0x0000000004A81000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/3736-101-0x0000000002510000-0x0000000004510000-memory.dmp

                                                                                                                Filesize

                                                                                                                32.0MB

                                                                                                                Download

                                                                                                              • memory/3736-116-0x00000000739B0000-0x0000000074160000-memory.dmp

                                                                                                                Filesize

                                                                                                                7.7MB

                                                                                                                Download

                                                                                                              • memory/4008-411-0x00000000009A0000-0x00000000009EB000-memory.dmp

                                                                                                                Filesize

                                                                                                                300KB

                                                                                                                Download

                                                                                                              • memory/4008-414-0x00000000009A0000-0x00000000009EB000-memory.dmp

                                                                                                                Filesize

                                                                                                                300KB

                                                                                                                Download

                                                                                                              • memory/4116-435-0x0000000000400000-0x0000000000ECD000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/4136-36-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4136-26-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4136-25-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4136-24-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4136-22-0x0000000000400000-0x0000000000537000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4424-39-0x0000000000CE0000-0x0000000000D77000-memory.dmp

                                                                                                                Filesize

                                                                                                                604KB

                                                                                                                Download

                                                                                                              • memory/4616-376-0x00000000030A0000-0x00000000030A1000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/4724-260-0x0000000000400000-0x0000000000ECD000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download