Overview

overview

8

Static

static

7

3dc4419458...cs.exe

windows7-x64

8

3dc4419458...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    46s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dc4419458efb7fe285dccf857cb94b0_NeikiAnalytics.exe

  • Size

    256KB

  • MD5

    3dc4419458efb7fe285dccf857cb94b0

  • SHA1

    87e19be53cbab25650fcfb18ba290b57eaadfed1

  • SHA256

    351d025a584557c5d50e0452e015570d11f275296077b139098127d7a0a4f25b

  • SHA512

    ab5e6f3d760538f1777e33f7afe361335ca1696e15f2bb33d0721ad04aaa05c50c314c05a3dfdb022466b1a1d9f715873755c71c8b216c0cf72f6c57c928b998

  • SSDEEP

    6144:yDLQxoyQ1LpnFyZ+dayL9rvolH8u3ZhGod:qQCyQ1LHk+zR7QHjGo

Score
8/10
persistencevmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Modifies Installed Components in the registry 2 TTPs 9 IoCs
    persistence
  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dc4419458efb7fe285dccf857cb94b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3dc4419458efb7fe285dccf857cb94b0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Drivers directory
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      2⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1556
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yyyy.bat
      2⤵
        PID:1572
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2860
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4232
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2040
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4976
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:624
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4456
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3000
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:2924
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2608
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1472
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4672
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4740
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1120
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1456
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2264
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1212
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1468
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3780
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:5044
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2852
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4768
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4720
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4956
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4896
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2040
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:3452
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3576
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:1872
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3036
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3848
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3100
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4292
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:2688
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3488
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:4124
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:912
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:936
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2000
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:428
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:5080
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:2304
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4956
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4916
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:5072
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:2712
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2932
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4176
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:2784
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3240
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1384
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:4288
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:540
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1020
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4080
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:4160
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2936
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3160
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4328
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:688
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:4060
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4300
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:696
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:5076
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3844
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3768
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4916
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:2348
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:400
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:1176
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:2052
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:4404
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:1020
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4268
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2512
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4872
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:3000
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:4368
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:3968
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:2952
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:3160
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:3724
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4868
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:3780
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:4316
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:3908
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:5096
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:2056

                                                                                                                                Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                  Filesize

                                                                                                                                  471B

                                                                                                                                  MD5

                                                                                                                                  a9964db630b7c0c6dcaa031a2b57157b

                                                                                                                                  SHA1

                                                                                                                                  baf856fadf461462859fc31618ec81edf7c3165d

                                                                                                                                  SHA256

                                                                                                                                  3f26d8f3599d33ca9880cd8efd7d68142e68e17d56a19c6dcf2ffe4efd0666b1

                                                                                                                                  SHA512

                                                                                                                                  1b4091d40f38931594049e3924608d40a0a1c159a5455c40afca23d1667b19c0764d296c9071644c87aa4aaf247ecc3614807d39e0152b46ebc02c98e51bf9b9

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                  Filesize

                                                                                                                                  412B

                                                                                                                                  MD5

                                                                                                                                  1302569ebbb4460b82b3d3e72eec461c

                                                                                                                                  SHA1

                                                                                                                                  88dc423a8fda59f4505cb6aff093e2cc77d7fbaa

                                                                                                                                  SHA256

                                                                                                                                  c6cc41bc584770f9a1ea282fd6fb8c3a29a388e2bbc40a046bcb305b6e8298d2

                                                                                                                                  SHA512

                                                                                                                                  e391794de4da49a3b2d60479431f415c433e9e22803eed9ae4a1b3f69879e7b3ad11a2edd2b12a37e06722b99f5d450b18c37aae41f6d502e471b2146995c1c2

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                  Filesize

                                                                                                                                  2KB

                                                                                                                                  MD5

                                                                                                                                  5c5867742992fbc0bee0cc68fb2b6538

                                                                                                                                  SHA1

                                                                                                                                  ceb86b53ba0a360e4bc465e11dfdbf4dbc9208c1

                                                                                                                                  SHA256

                                                                                                                                  a1e9bdf496de82a320f805861094e71e96d1215f4a1ba65e11a8fd81698f3b94

                                                                                                                                  SHA512

                                                                                                                                  a78a7dbfd0fdb1bb48dbede62dc0e97dcc9cbc3d41544af354bcc5ad97feb9441b3bd6286766e01002c4e362060c03e01f692954d4c1a5a5b3aa105614d4fe22

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                                  SHA1

                                                                                                                                  92495421ad887f27f53784c470884802797025ad

                                                                                                                                  SHA256

                                                                                                                                  0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                                  SHA512

                                                                                                                                  61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                                  Filesize

                                                                                                                                  36KB

                                                                                                                                  MD5

                                                                                                                                  ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                                  SHA1

                                                                                                                                  eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                                  SHA256

                                                                                                                                  20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                                  SHA512

                                                                                                                                  bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133606275967550535.txt
                                                                                                                                  Filesize

                                                                                                                                  75KB

                                                                                                                                  MD5

                                                                                                                                  79ea60e4feeffe4483ba2d0ea61852fb

                                                                                                                                  SHA1

                                                                                                                                  7d5921a1b6240cc717ad4f4478bbcfc42f3af8e8

                                                                                                                                  SHA256

                                                                                                                                  1e85f6cd486b20682b1a6af9f34e7993a558f3b5dccd1e80a55178847e794923

                                                                                                                                  SHA512

                                                                                                                                  4d0866c2b63af9570fa20bca628a6e67b3704d7ab5a8a1311fb614f38b54444cc6630390092282f075751cae38000a17e4bf1cb992a8900b0c72965c0b24dbf4

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\U23Z080G\microsoft.windows[1].xml
                                                                                                                                  Filesize

                                                                                                                                  97B

                                                                                                                                  MD5

                                                                                                                                  292a283bdecf4cd89c3ad863a28bc72f

                                                                                                                                  SHA1

                                                                                                                                  18e896fec5f8b3ea2963d0a5cb45a244050c35c1

                                                                                                                                  SHA256

                                                                                                                                  09794c6006f357000111d7d13c1c20075eaea58f68df78e118d14b4547835ec2

                                                                                                                                  SHA512

                                                                                                                                  71349774dcf41cd9e72c881cd374ffaf2527b2156a616cc064f10f34e7bbf0ea6174916acb2b8b06428f2b2f29315359e66dde317965463ea1eb70fef52beaaa

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\yyyy
                                                                                                                                  Filesize

                                                                                                                                  256KB

                                                                                                                                  MD5

                                                                                                                                  3dd5015ffbccbe16b55465c80ae691b1

                                                                                                                                  SHA1

                                                                                                                                  b98ea79493a1a1f71c6e146ba7b740921e7e3469

                                                                                                                                  SHA256

                                                                                                                                  afbe8c9dffde72e27631bae03d63ef6d82ae9b928a6860e38a9ed4bf05eaba96

                                                                                                                                  SHA512

                                                                                                                                  a945cc28fb7aa9779d7d7e8e7a180adde5dc7c9d07eac6e917451efc73e09ac82a0833e22ffe9e942ac385025ed0c900bca2aff6c56aeb70467c514625ad11dc

                                                                                                                                  Download Submit

                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\yyyy.bat
                                                                                                                                  Filesize

                                                                                                                                  337B

                                                                                                                                  MD5

                                                                                                                                  93b941cc7a70d001e6d480eb9bd704b6

                                                                                                                                  SHA1

                                                                                                                                  ef528e8c4e43e89a0227a7ecb4a7ac3770cf22f3

                                                                                                                                  SHA256

                                                                                                                                  f7d340120a100defc8f9daad4a27a5688e8bbeae8bb9b2093bd8fc299a2feaf3

                                                                                                                                  SHA512

                                                                                                                                  a84a733def70bbc8808a211ada4d4163c4682acfb062c8607ce3357946fdc42f49f8355767cd2aa47d23cd81be651f5e34af7817a78cd81208fa7ea4f61fbc0a

                                                                                                                                  Download Submit

                                                                                                                                • C:\Windows\System32\drivers\etc\hosts
                                                                                                                                  Filesize

                                                                                                                                  2KB

                                                                                                                                  MD5

                                                                                                                                  6f332dcaeeb548cceb98beb934ab3d55

                                                                                                                                  SHA1

                                                                                                                                  e48872682e514e95dcc14ff9bbdc6e0bef723fca

                                                                                                                                  SHA256

                                                                                                                                  7937ea22b6d3b09f8d41afef1371aaee906657aafce6678b0b449931a1a8c4c0

                                                                                                                                  SHA512

                                                                                                                                  e695693e246253fa969b57c20c4147009846d7848bc092c97aa830daf2f89e0c1a1850cb0c7e5715a95ebf19cdf58726eec3a9820f0b8820e495234ce22f2844

                                                                                                                                  Download Submit

                                                                                                                                • memory/624-196-0x00000000033B0000-0x00000000033B1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1120-490-0x00000238A6D00000-0x00000238A6E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1120-495-0x00000238A7E20000-0x00000238A7E40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1120-507-0x00000238A7DE0000-0x00000238A7E00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1120-521-0x00000238A81F0000-0x00000238A8210000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-679-0x000001BBB1420000-0x000001BBB1440000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-660-0x000001BBB1020000-0x000001BBB1040000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-642-0x000001BBAFF00000-0x000001BBB0000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-644-0x000001BBAFF00000-0x000001BBB0000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-647-0x000001BBB1060000-0x000001BBB1080000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1212-643-0x000001BBAFF00000-0x000001BBB0000000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1456-640-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1468-785-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/1472-352-0x000001D2B8220000-0x000001D2B8320000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1472-379-0x000001D2B9750000-0x000001D2B9770000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1472-366-0x000001D2B9340000-0x000001D2B9360000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1472-356-0x000001D2B9380000-0x000001D2B93A0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/1472-351-0x000001D2B8220000-0x000001D2B8320000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/1872-1222-0x0000000004080000-0x0000000004081000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2040-1081-0x000001E0EAA00000-0x000001E0EAB00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/2040-1096-0x000001E0EBB20000-0x000001E0EBB40000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2040-1108-0x000001E0EBF30000-0x000001E0EBF50000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2040-1086-0x000001E0EBB60000-0x000001E0EBB80000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/2852-934-0x0000000002D50000-0x0000000002D51000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/2924-349-0x0000000004060000-0x0000000004061000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/3000-199-0x0000020AC4C00000-0x0000020AC4D00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3000-203-0x0000020AC5AE0000-0x0000020AC5B00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3000-198-0x0000020AC4C00000-0x0000020AC4D00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3000-223-0x0000020AC60C0000-0x0000020AC60E0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3000-211-0x0000020AC5AA0000-0x0000020AC5AC0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3848-1242-0x000002EC856A0000-0x000002EC856C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/3848-1224-0x000002EC84900000-0x000002EC84A00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/3848-1229-0x000002EC856E0000-0x000002EC85700000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4232-27-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4672-489-0x0000000004900000-0x0000000004901000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4700-14-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  560KB

                                                                                                                                  Download

                                                                                                                                • memory/4700-0-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  560KB

                                                                                                                                  Download

                                                                                                                                • memory/4700-2-0x0000000000400000-0x000000000048C000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  560KB

                                                                                                                                  Download

                                                                                                                                • memory/4720-936-0x0000015CD2A00000-0x0000015CD2B00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4720-964-0x0000015CD3EC0000-0x0000015CD3EE0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4720-937-0x0000015CD2A00000-0x0000015CD2B00000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/4720-951-0x0000015CD38B0000-0x0000015CD38D0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4720-941-0x0000015CD38F0000-0x0000015CD3910000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4956-1079-0x0000000004870000-0x0000000004871000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-64-0x000002160B7A0000-0x000002160B7C0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-43-0x000002160B390000-0x000002160B3B0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-33-0x000002160B3D0000-0x000002160B3F0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/4976-28-0x000002160A300000-0x000002160A400000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/5044-802-0x0000015166B70000-0x0000015166B90000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/5044-814-0x0000015166F80000-0x0000015166FA0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download

                                                                                                                                • memory/5044-787-0x0000015165850000-0x0000015165950000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1024KB

                                                                                                                                  Download

                                                                                                                                • memory/5044-792-0x0000015166BB0000-0x0000015166BD0000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  128KB

                                                                                                                                  Download