Overview

overview

8

Static

static

7

d001262874...cs.exe

windows7-x64

8

d001262874...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    54s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d00126287437206de26600759748b860_NeikiAnalytics.exe

  • Size

    256KB

  • MD5

    d00126287437206de26600759748b860

  • SHA1

    817eaed13987bd4a817ac7d285f8856f78b2fb39

  • SHA256

    1453302aa685d783f6dad430348ddfa0033f828c1ff035481e18880c1e67871e

  • SHA512

    ff4bdedefc5b20128099d9329c37440b16f5d80b0aeb53acef9ed74be0ed613d17a6381be9de35108cf9ea44abf5e40be8d5d904e66ea05e2f033f8e7368812a

  • SSDEEP

    6144:WDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:mQCyQ1LHk+zR7QHjGo

Score
8/10
persistencevmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
    persistence
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d00126287437206de26600759748b860_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d00126287437206de26600759748b860_NeikiAnalytics.exe"
    1⤵
    • Drops file in Drivers directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      2⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5052
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yyyy.bat
      2⤵
        PID:976
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2356
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4252
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5076
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1468
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4360
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1568
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3436
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4304
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4552
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4696
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2160
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4412
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3920
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4472
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4364
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2264
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2824
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1812
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1436
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3536
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4500
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1884
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3056
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4132
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4012
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:3584
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4980
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4928
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:748
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3124
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:628
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Modifies registry class
      PID:556
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4072
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:4744
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:3188
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2816
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:1740
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2748
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:3468
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1436
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4252
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4532
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4276
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:2976
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:1944
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3064
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2700
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4120
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4140
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:5040
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:380
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:1900
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:4072
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:2184
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:2792
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1900
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1248
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4272
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4108
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:2368
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4968
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:2756
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3672
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:624
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4012
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:2568
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4232
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3092
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:3388
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4436
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4360
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:4476
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:116
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:3816
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4920
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4168
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4248
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:2788
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:3064
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:796
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:3436
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:4440
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:4060
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:2016
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4016
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3584
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:5076
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:2188
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:3832
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:4248
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:2044

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                            Filesize

                                                                                                                            471B

                                                                                                                            MD5

                                                                                                                            de9446499347641fda4f3e5d1c273db2

                                                                                                                            SHA1

                                                                                                                            fe82314d732fdba5e82a5175b1f34395f271d5a5

                                                                                                                            SHA256

                                                                                                                            132fc4747dec99f951404588d76d461ecf667ab2c2fb317de546368bcbe2192c

                                                                                                                            SHA512

                                                                                                                            2937910667bed771fbfd3b7c013c10ddbd33c7655a29c33291c01291adf083f0c694866d3bebb4f059ecf6ca41a189d2f7940d21e6b5bcad350abfb52ace064f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                            Filesize

                                                                                                                            412B

                                                                                                                            MD5

                                                                                                                            a4fdc6b8caa1f8afdb1499a58bf14638

                                                                                                                            SHA1

                                                                                                                            14e2c2060af807ba9467f476047402ea1b961f6d

                                                                                                                            SHA256

                                                                                                                            f3b4eb501f40f784ae45e5691c2017d55f16c5ee04f28fb56cf8f1ea48131cb0

                                                                                                                            SHA512

                                                                                                                            eab7a4be2513d3cc0e9ed68077fbb9ccacf073e3efeccd59a3a17e49b98ea6d39ade5efcc999c38542d8d49b5614ea2e1ebb73298bf191353400b589b125e840

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            d1bf867094725e2d967821d4b622fd71

                                                                                                                            SHA1

                                                                                                                            2ea83b42da1a36a84a6861926c0d2484730d15c4

                                                                                                                            SHA256

                                                                                                                            cd015e435b549a823da40ec926bbfea11adca1c3c56fd970db718475a60f99ea

                                                                                                                            SHA512

                                                                                                                            adc0dcdec0a263a08e69eae13ceba073f329962ebe1bdd775d0b47b6632c154230f81062d2238e636024fc2d77e899c8a568eeb25dd0af592caa662b14799493

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            2b8d9bfa3c71060663e875681ca59ef2

                                                                                                                            SHA1

                                                                                                                            d19adc1bdd118aa872a3f921ba92ee325eba5ae4

                                                                                                                            SHA256

                                                                                                                            c1a3e7d63ede494a2d6fe16e3c190ea445a047d052f6f0cfe5cbe3cec9553380

                                                                                                                            SHA512

                                                                                                                            bb60d734b125d11db06248ec41ae1ab9af3eb66f787863df5aa1ee770f937ea35706f5b3a9bf07b9b67404fb271562a1d2b0a413a51beedfaa9bac3ae6efb387

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            533750cb997e2119dea62d18b181eac5

                                                                                                                            SHA1

                                                                                                                            382a6285f86783a18015ab21ba406cfb6ddb1cf6

                                                                                                                            SHA256

                                                                                                                            0faffd7865097a43cf4b3dce3c15fcc1d50709a72133ce26c420c4f09e3a9cad

                                                                                                                            SHA512

                                                                                                                            4504e753cdc3188fc5462f58b1551b21da7e3e9cb70411628f28fdb84d051cd5db23cbcbd69a182686c48e6cf8910117baa6665e1460b23ef979c4aae547991b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133598136281935306.txt
                                                                                                                            Filesize

                                                                                                                            75KB

                                                                                                                            MD5

                                                                                                                            8cdd0e31fdc880d03dd47abc4b0efbf9

                                                                                                                            SHA1

                                                                                                                            37648604549b090bc8683dffda89fe8338b18d9c

                                                                                                                            SHA256

                                                                                                                            edf5f36d377aa149ebfbf55c896fe8716ea11f49a9ec61df2d327bc43c835bab

                                                                                                                            SHA512

                                                                                                                            b7cb49eb50e7b5e0d36c7e971b39bde726d36383f5723ad5bb082c266435550030d5a8b53eda5c2ddfc720d73007aba4ffd36b32949161876104328d98a9a511

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\N2176ZEZ\microsoft.windows[1].xml
                                                                                                                            Filesize

                                                                                                                            97B

                                                                                                                            MD5

                                                                                                                            bdd90a1d11585d1f2b7720be412bc048

                                                                                                                            SHA1

                                                                                                                            b6245dfce68b60c708dd7ecabaebeabcbb53920f

                                                                                                                            SHA256

                                                                                                                            ddf2d606339b78bea2b3d3e823f4074cc7a4c8281242a81cc0c2c0332b08330e

                                                                                                                            SHA512

                                                                                                                            e62ea18449d0d36f50bcb3590a2c60397a8dbb7654b375facab3ee3ef6d0efb9a1cd67ba8e4af23ac1b3ca5955a9125c7b8fa2fa6781ad214f37d0ed3ef8c950

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\yyyy
                                                                                                                            Filesize

                                                                                                                            256KB

                                                                                                                            MD5

                                                                                                                            cc5d62a1d11202a3d4ee8e688c9abf84

                                                                                                                            SHA1

                                                                                                                            20a8d2204c3ce8e7a55e5adf61797aa9c50422b6

                                                                                                                            SHA256

                                                                                                                            d221ea9cd72b54caa1b1d5df942b1870c80a362ced10f0eb677db24f1e7f0bcb

                                                                                                                            SHA512

                                                                                                                            77e1d845b02bd8b3106b1cc224f6f9a40d955e85f3fde07926ab9654cb14e400d26348b7edc28a1ebe6884cd3a9705e1d03c8aa8505044c67439cb823d554724

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\yyyy.bat
                                                                                                                            Filesize

                                                                                                                            337B

                                                                                                                            MD5

                                                                                                                            5f0caa20b9945efb0168936be94c29ea

                                                                                                                            SHA1

                                                                                                                            2148cfdbc17c21925582f31d957a8d4c9957b971

                                                                                                                            SHA256

                                                                                                                            ea2862fef1bf7aada54e44e3fb9608a2221aa1f8b659da8c5b76e1056c2e5f00

                                                                                                                            SHA512

                                                                                                                            ff3c77e18f0673017477c2d2ca01fac99d8dbf99e0eee5df7d5d4fd9a0a32af9c174b0242109c529bb3fc6283ea7b5207d2f44adfd57ca4ba8765cdd7e7a9b96

                                                                                                                            Download Submit

                                                                                                                          • C:\Windows\System32\drivers\etc\hosts
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            6f332dcaeeb548cceb98beb934ab3d55

                                                                                                                            SHA1

                                                                                                                            e48872682e514e95dcc14ff9bbdc6e0bef723fca

                                                                                                                            SHA256

                                                                                                                            7937ea22b6d3b09f8d41afef1371aaee906657aafce6678b0b449931a1a8c4c0

                                                                                                                            SHA512

                                                                                                                            e695693e246253fa969b57c20c4147009846d7848bc092c97aa830daf2f89e0c1a1850cb0c7e5715a95ebf19cdf58726eec3a9820f0b8820e495234ce22f2844

                                                                                                                            Download Submit

                                                                                                                          • memory/628-1352-0x000002286E500000-0x000002286E600000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/748-1351-0x0000000004930000-0x0000000004931000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1436-814-0x0000023268C90000-0x0000023268CB0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1436-809-0x0000023267C00000-0x0000023267D00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1436-811-0x0000023267C00000-0x0000023267D00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1436-826-0x0000023268C50000-0x0000023268C70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1436-846-0x0000023269060000-0x0000023269080000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1468-41-0x0000023E18920000-0x0000023E18A20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1468-45-0x0000023E19A70000-0x0000023E19A90000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1468-40-0x0000023E18920000-0x0000023E18A20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1468-59-0x0000023E19E40000-0x0000023E19E60000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1468-49-0x0000023E19A30000-0x0000023E19A50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1884-972-0x00000160405E0000-0x0000016040600000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1884-957-0x000001603F700000-0x000001603F800000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1884-958-0x000001603F700000-0x000001603F800000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1884-962-0x0000016040820000-0x0000016040840000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1884-984-0x0000016040BF0000-0x0000016040C10000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2160-503-0x0000000002160000-0x0000000002161000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/2264-673-0x00000199DB600000-0x00000199DB620000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2264-657-0x00000199DA500000-0x00000199DA600000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2264-684-0x00000199DBA10000-0x00000199DBA30000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2264-658-0x00000199DA500000-0x00000199DA600000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2264-659-0x00000199DA500000-0x00000199DA600000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2264-662-0x00000199DB640000-0x00000199DB660000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2824-807-0x0000000004620000-0x0000000004621000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3056-1087-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3436-221-0x000001D6EC650000-0x000001D6EC670000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3436-209-0x000001D6EC690000-0x000001D6EC6B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3436-205-0x000001D6EB540000-0x000001D6EB640000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3436-204-0x000001D6EB540000-0x000001D6EB640000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3436-206-0x000001D6EB540000-0x000001D6EB640000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3436-233-0x000001D6ECA60000-0x000001D6ECA80000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3496-1-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            560KB

                                                                                                                            Download

                                                                                                                          • memory/3496-14-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            560KB

                                                                                                                            Download

                                                                                                                          • memory/3496-0-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            560KB

                                                                                                                            Download

                                                                                                                          • memory/3536-955-0x0000000004610000-0x0000000004611000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3584-1229-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3920-511-0x00000253BBF20000-0x00000253BBF40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3920-542-0x00000253BC500000-0x00000253BC520000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3920-521-0x00000253BBBE0000-0x00000253BBC00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4012-1089-0x000001D72BC00000-0x000001D72BD00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4012-1091-0x000001D72BC00000-0x000001D72BD00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4012-1106-0x000001D72CD20000-0x000001D72CD40000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4012-1117-0x000001D72D130000-0x000001D72D150000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4012-1094-0x000001D72CD60000-0x000001D72CD80000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4252-39-0x0000000004E00000-0x0000000004E01000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4304-351-0x00000000045F0000-0x00000000045F1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4360-203-0x0000000004370000-0x0000000004371000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4472-655-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4696-353-0x0000021FFDC50000-0x0000021FFDD50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4696-354-0x0000021FFDC50000-0x0000021FFDD50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4696-358-0x0000021FFEDB0000-0x0000021FFEDD0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4696-381-0x0000021FFF180000-0x0000021FFF1A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4696-368-0x0000021FFED70000-0x0000021FFED90000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4928-1236-0x0000025C557D0000-0x0000025C557F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4928-1231-0x0000025C54900000-0x0000025C54A00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4928-1268-0x0000025C55FA0000-0x0000025C55FC0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4928-1248-0x0000025C55790000-0x0000025C557B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download