Analysis

  • max time kernel
    31s
  • max time network
    82s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 19:49

General

  • Target

    2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe

  • Size

    276KB

  • MD5

    5f982f95a3b1529f43d3b1150c4b4489

  • SHA1

    9d1ec5115b2ec1ee79cbc0cb2cc470a75049ea31

  • SHA256

    2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0

  • SHA512

    7c568a2e2d9bc19d19aab93f9302f0d133890445a41d281ecfe885c4128dc012da9264c5809672f5a09ff96c108c922dd382a6164d343f69274eb086cfe554c4

  • SSDEEP

    6144:9rTfUHeeSKOS9ccFKk3Y9t9YxVPAAIFE6:9n8yN0Mr8Qk6

Score
9/10

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 64 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
    "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1316
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
      2⤵
        PID:2564
        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
          3⤵
            PID:4772
            • C:\Users\Public\Microsoft Build\Isass.exe
              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
              4⤵
                PID:2920
                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                  5⤵
                    PID:3528
                    • C:\Users\Public\Microsoft Build\Isass.exe
                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                      6⤵
                        PID:5044
                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                          7⤵
                            PID:3784
                            • C:\Users\Public\Microsoft Build\Isass.exe
                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                              8⤵
                                PID:2316
                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                  9⤵
                                    PID:1676
                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                      10⤵
                                        PID:684
                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                          11⤵
                                            PID:4920
                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                              12⤵
                                                PID:5008
                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                  13⤵
                                                    PID:5092
                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                      14⤵
                                                        PID:3188
                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                          15⤵
                                                            PID:4484
                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                              16⤵
                                                                PID:1560
                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                  17⤵
                                                                    PID:4764
                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                      18⤵
                                                                        PID:1620
                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                          19⤵
                                                                            PID:1892
                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                              20⤵
                                                                                PID:2872
                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                  21⤵
                                                                                    PID:2964
                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                      22⤵
                                                                                        PID:4136
                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                          23⤵
                                                                                            PID:368
                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                              24⤵
                                                                                                PID:588
                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                  25⤵
                                                                                                    PID:1144
                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                      26⤵
                                                                                                        PID:3980
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                          27⤵
                                                                                                            PID:1480
                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                              28⤵
                                                                                                                PID:2148
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                  29⤵
                                                                                                                    PID:952
                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                      30⤵
                                                                                                                        PID:4540
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                          31⤵
                                                                                                                            PID:4712
                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                              32⤵
                                                                                                                                PID:2224
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                  33⤵
                                                                                                                                    PID:3928
                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                      34⤵
                                                                                                                                        PID:5044
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                          35⤵
                                                                                                                                            PID:4912
                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                              36⤵
                                                                                                                                                PID:4728
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                  37⤵
                                                                                                                                                    PID:2560
                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                      38⤵
                                                                                                                                                        PID:3768
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                          39⤵
                                                                                                                                                            PID:3664
                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                              40⤵
                                                                                                                                                                PID:540
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                  41⤵
                                                                                                                                                                    PID:1880
                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                      42⤵
                                                                                                                                                                        PID:4048
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                          43⤵
                                                                                                                                                                            PID:4204
                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                              44⤵
                                                                                                                                                                                PID:3388
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                  45⤵
                                                                                                                                                                                    PID:3412
                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                      46⤵
                                                                                                                                                                                        PID:3216
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                          47⤵
                                                                                                                                                                                            PID:1988
                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                              48⤵
                                                                                                                                                                                                PID:3472
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                  49⤵
                                                                                                                                                                                                    PID:2348
                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                      50⤵
                                                                                                                                                                                                        PID:1876
                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                          51⤵
                                                                                                                                                                                                            PID:5072
                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                              52⤵
                                                                                                                                                                                                                PID:3528
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                  53⤵
                                                                                                                                                                                                                    PID:4856
                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                      54⤵
                                                                                                                                                                                                                        PID:4912
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                          55⤵
                                                                                                                                                                                                                            PID:2984
                                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                              56⤵
                                                                                                                                                                                                                                PID:1156
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                  57⤵
                                                                                                                                                                                                                                    PID:4900
                                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                      58⤵
                                                                                                                                                                                                                                        PID:392
                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                          59⤵
                                                                                                                                                                                                                                            PID:4464
                                                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                              60⤵
                                                                                                                                                                                                                                                PID:3812
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                  61⤵
                                                                                                                                                                                                                                                    PID:4424
                                                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                      62⤵
                                                                                                                                                                                                                                                        PID:4204
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                          63⤵
                                                                                                                                                                                                                                                            PID:1548
                                                                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                              64⤵
                                                                                                                                                                                                                                                                PID:2904
                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                  65⤵
                                                                                                                                                                                                                                                                    PID:4884
                                                                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                      66⤵
                                                                                                                                                                                                                                                                        PID:1988
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                          67⤵
                                                                                                                                                                                                                                                                            PID:3472
                                                                                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                              68⤵
                                                                                                                                                                                                                                                                                PID:1068
                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                                  69⤵
                                                                                                                                                                                                                                                                                    PID:1216
                                                                                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                      70⤵
                                                                                                                                                                                                                                                                                        PID:1896
                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                                          71⤵
                                                                                                                                                                                                                                                                                            PID:4728
                                                                                                                                                                                                                                                                                            • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                                                              "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                              72⤵
                                                                                                                                                                                                                                                                                                PID:3760
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                                                  73⤵
                                                                                                                                                                                                                                                                                                    PID:4008
                                                                                                                                                                                                                                                                                                    • C:\Users\Public\Microsoft Build\Isass.exe
                                                                                                                                                                                                                                                                                                      "C:\Users\Public\Microsoft Build\Isass.exe" Tablet C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                                      74⤵
                                                                                                                                                                                                                                                                                                        PID:4900
                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe
                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\2f38841d7eaedb9cd61f2db5a31a08653684e6083d4ae9a2c383d38ce2fae6c0.exe"
                                                                                                                                                                                                                                                                                                          75⤵
                                                                                                                                                                                                                                                                                                            PID:1220

                                                                                                                                                      Network

                                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                                      Replay Monitor

                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                      Downloads

                                                                                                                                                      • C:\Users\Public\Microsoft Build\Isass.exe

                                                                                                                                                        Filesize

                                                                                                                                                        211KB

                                                                                                                                                        MD5

                                                                                                                                                        70cc7e668d4d271148bcd4034c545e0c

                                                                                                                                                        SHA1

                                                                                                                                                        ab5efae9b8d95a537ec378935c4d24cb10c0fc27

                                                                                                                                                        SHA256

                                                                                                                                                        46aa89de26cd3802b9c938641c82ccce1e5879c376cbef841a45cc75d6cfc364

                                                                                                                                                        SHA512

                                                                                                                                                        28c1967a57d19eb254ac988a93a17124e2757ba6bebe1ef9619ad05ce201d5f3e6977a6fb463daaddf099a7918a66688c22e4a7c00eb8a3f915170d149d9327f

                                                                                                                                                      • C:\Users\Public\Microsoft Build\Isass.exe

                                                                                                                                                        Filesize

                                                                                                                                                        149KB

                                                                                                                                                        MD5

                                                                                                                                                        33bd23e5a94e8b89c77b603fc542b2e2

                                                                                                                                                        SHA1

                                                                                                                                                        2277fd71f6935ff406adc519f537397a975ad55f

                                                                                                                                                        SHA256

                                                                                                                                                        55028199044cd6460ce49e5cefb52b69e044f8e03551b3270d956e194a567555

                                                                                                                                                        SHA512

                                                                                                                                                        fa2972f6e44959c96b08389b6cf92785aeb79e30a006faff57f0becdfa57915eaca3a2b5792960da9c60603c95338a88ec4e4e6c84fea89c7be2dcff233309cd

                                                                                                                                                      • memory/368-78-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/368-81-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/368-79-0x0000000001E60000-0x0000000001E61000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/392-195-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/540-132-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/588-82-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/588-83-0x0000000001E60000-0x0000000001E61000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/588-85-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/684-37-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/684-39-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/684-38-0x0000000001A40000-0x0000000001A41000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/952-100-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/952-101-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1144-87-0x0000000001E20000-0x0000000001E21000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1144-86-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1156-191-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1316-23-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1316-6-0x0000000001A70000-0x0000000001A71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1316-5-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1316-148-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1316-84-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1480-94-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1480-96-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1480-93-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1560-54-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1560-56-0x0000000001A00000-0x0000000001A01000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1620-61-0x0000000001A50000-0x0000000001A51000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1620-62-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1676-34-0x0000000001A50000-0x0000000001A51000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1676-33-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1676-36-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1876-172-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1892-66-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1892-64-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/1892-63-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/1988-162-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2148-98-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2148-97-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2224-108-0x0000000003A20000-0x0000000003A21000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2224-109-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2316-32-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2316-31-0x0000000002060000-0x0000000002061000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2348-169-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2560-121-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2564-10-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2564-11-0x0000000003A20000-0x0000000003A21000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2564-12-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2872-68-0x0000000001A30000-0x0000000001A31000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2872-67-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2920-17-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2920-18-0x0000000001A70000-0x0000000001A71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2920-19-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2964-72-0x0000000003610000-0x0000000003611000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/2964-71-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/2984-189-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3188-48-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3188-51-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3188-50-0x00000000001D0000-0x00000000001D1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/3216-159-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3388-149-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3412-156-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3472-165-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3528-22-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3528-20-0x0000000001A60000-0x0000000001A61000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/3528-179-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3768-126-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3768-124-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3784-30-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3784-28-0x0000000001A70000-0x0000000001A71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/3784-27-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3812-202-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3928-112-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3928-110-0x0000000001A50000-0x0000000001A51000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/3980-91-0x00000000019F0000-0x00000000019F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/3980-90-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/3980-92-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4136-77-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4136-75-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4204-209-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4424-206-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4464-199-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4484-55-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4484-76-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4540-104-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4540-102-0x00000000020F0000-0x00000000020F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4712-106-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4712-107-0x0000000001A70000-0x0000000001A71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4728-118-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4728-119-0x0000000001E70000-0x0000000001E71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4764-58-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4764-57-0x0000000001A60000-0x0000000001A61000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4772-13-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4772-16-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4772-14-0x0000000001C30000-0x0000000001C31000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4856-183-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4892-7-0x0000000001A70000-0x0000000001A71000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4892-9-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4892-4-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4900-193-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4912-116-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4912-185-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4912-117-0x00000000001F0000-0x00000000001F1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/4920-43-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4920-40-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/4920-41-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/5008-45-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5008-70-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5044-24-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5044-26-0x0000000001F90000-0x0000000001F91000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                      • memory/5044-114-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5044-113-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5092-47-0x0000000000400000-0x00000000016A8000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        18.7MB

                                                                                                                                                      • memory/5092-49-0x0000000003710000-0x0000000003711000-memory.dmp

                                                                                                                                                        Filesize

                                                                                                                                                        4KB