Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

MENU.bat

windows7-x64

7

MENU.bat

windows10-2004-x64

7

Work/RegToScript.exe

windows7-x64

1

Work/RegToScript.exe

windows10-2004-x64

1

Work/RestExplorer.exe

windows7-x64

8

Work/RestExplorer.exe

windows10-2004-x64

8

Work/SoundChanger.exe

windows7-x64

7

Work/SoundChanger.exe

windows10-2004-x64

7

Work/TrInstaller.exe

windows7-x64

1

Work/TrInstaller.exe

windows10-2004-x64

1

Work/cecho.exe

windows7-x64

7

Work/cecho.exe

windows10-2004-x64

7

Work/explorer.exe.dll

windows10-2004-x64

1

Work/nircmd.exe

windows7-x64

1

Work/nircmd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    53s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Work/RestExplorer.exe

  • Size

    806KB

  • MD5

    ac75bde2b70097ca86e16987bf387857

  • SHA1

    06e72123132e1ef58f7b7ea3c8e65cb75062e6d6

  • SHA256

    ec890a669da3c53b73ca83ec0c267fa0dcf1ad428feb829a3422ebc36bc1841f

  • SHA512

    f4994e8e5a807caa254e73e9796d61bcea204f0aa80cc391bccddbf28478f738c1d4f095518196a9b152654596beb184b36507ffcf434407d78ad1c3e43b96a0

  • SSDEEP

    12288:v69zDWz/xwNqdsbrIX3JALF1QbCagrEGgtNryyCJuDT/PNa04YQtHyw4AR6SPWc:v2DW/xbmX2YIb+Qsu3/PNLDQtHyZiP3

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 11 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Work\RestExplorer.exe
    "C:\Users\Admin\AppData\Local\Temp\Work\RestExplorer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      2⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2144
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3296
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1336
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3768
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1732
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3360
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2488
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4476
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:388
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3856
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4884
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1924
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2028
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3400
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2672
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1928
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2284
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1204
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4820
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4344
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3916
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3608
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1928
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3888
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1344
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3360
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3812
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1052
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:220
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1708
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:4360
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:3592
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3424
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:5016
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:932
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:2104
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3916
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4276
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3724
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1984
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3688
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4292
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1748
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4672
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2228
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3728
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1448
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2208
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4040
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3880
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4612
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4356
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:676
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4676
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3684
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4788
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3296
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2404
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3564
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3612
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:2092
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3140
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1112
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2404
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:692
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:2652
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1168
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:404
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1012
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3128
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3700
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4612
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3428
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4144
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2404
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4344
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:5104
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3576
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:2108
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2120
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:1984
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:1492
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:2932
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3744
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:400
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:1612
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:3060
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:4540
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:3568

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                          Filesize

                                                                                                                          471B

                                                                                                                          MD5

                                                                                                                          2ce7fea23c098215902ac261c83172b0

                                                                                                                          SHA1

                                                                                                                          aca7bda26f80d3a4154b4f1cdebaf6d30c3eb037

                                                                                                                          SHA256

                                                                                                                          b0932339947184c6434ffe2d84ca045e94768e365ed727695756a8ae8ff781aa

                                                                                                                          SHA512

                                                                                                                          291811ed456b9a41b937fc1f54ab9f05995497b276e4f723b662456c2e18d928830e75950d95b123ceacb8acbf34611d7cf50ca234b65237862e8640df042bdb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                          Filesize

                                                                                                                          412B

                                                                                                                          MD5

                                                                                                                          f5abd0b192872f2051de67c48427fe86

                                                                                                                          SHA1

                                                                                                                          950209d2e719a4f17321cbdf9fd64f3f0173ed14

                                                                                                                          SHA256

                                                                                                                          f8c55f4ec96209ac5e729cce81997178e784c50cdba966a54e5dc90b08739a43

                                                                                                                          SHA512

                                                                                                                          b2198c6d4872b74d852d4350bc846addf35843a7d0ea8cb21cf55bf19ec74dad054062c1ef235acdd8f702110c66ea38117900513287223544230984fd7c9f94

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                          Filesize

                                                                                                                          28KB

                                                                                                                          MD5

                                                                                                                          9c805f8c537c845db35cde550d780183

                                                                                                                          SHA1

                                                                                                                          791f4a1c7a96af69e3ca7b6082fdf191b1d80add

                                                                                                                          SHA256

                                                                                                                          b8e4d57b23b10f70dc598afda96be6f24834dd38fbea4ccc01269cc352a48560

                                                                                                                          SHA512

                                                                                                                          03d426b7723b4989f7d70a5eb90c5ecfe5e47d429c558185bcf12f114b2bfe3a725bc1b6002df3fd0ff30d2362d1dca4ceb0fefdc1d0b51568217018efdd88c2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                                                                                                                          Filesize

                                                                                                                          28KB

                                                                                                                          MD5

                                                                                                                          b57f35d1d2f3d379620b6f7518e68423

                                                                                                                          SHA1

                                                                                                                          85dbdb8fdda06838cdc6c08bd1c0781ab45c8383

                                                                                                                          SHA256

                                                                                                                          2391ca4ae6310d89bedf9c0d259527f7594190888f6fe50ad4db44f8e1082458

                                                                                                                          SHA512

                                                                                                                          7c8324e3e10e6a3a9838df265936e91d2f90121c1ddd5a512cc417dbb68d9d06622c4b37066d00bf1a47c93776d4e1ec4827476555edb5aa53334634a5b0f425

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          c400ae6ed2f2d1cc0c31939e4c53a224

                                                                                                                          SHA1

                                                                                                                          2b41b9a2219b2e9642ab333700352bc3d75b8ac6

                                                                                                                          SHA256

                                                                                                                          298fe3f7d8701b4b40d2b48fcf82e3748433e26e2ba8b12c94cc16f51f53d476

                                                                                                                          SHA512

                                                                                                                          61a683068647818f2309076dd531c37ef04771df6c40ee6e61d570f4f0f79444d55c960109952e96a9892e69894fd39e6ad3f04c0e1bffa21da157f27e513d2c

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                          Filesize

                                                                                                                          36KB

                                                                                                                          MD5

                                                                                                                          0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                          SHA1

                                                                                                                          92495421ad887f27f53784c470884802797025ad

                                                                                                                          SHA256

                                                                                                                          0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                          SHA512

                                                                                                                          61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel
                                                                                                                          Filesize

                                                                                                                          36KB

                                                                                                                          MD5

                                                                                                                          fb5f8866e1f4c9c1c7f4d377934ff4b2

                                                                                                                          SHA1

                                                                                                                          d0a329e387fb7bcba205364938417a67dbb4118a

                                                                                                                          SHA256

                                                                                                                          1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

                                                                                                                          SHA512

                                                                                                                          0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133614740314869142.txt
                                                                                                                          Filesize

                                                                                                                          75KB

                                                                                                                          MD5

                                                                                                                          ce88a108043a3d69e5325754ba9c7181

                                                                                                                          SHA1

                                                                                                                          c64f06b8081f5ec0ae7c0e1fe7b0f248aa6550c4

                                                                                                                          SHA256

                                                                                                                          b2552766ebb3469549cea5b6b609077fa6e38c000eba6befadfd275e11a8095e

                                                                                                                          SHA512

                                                                                                                          cb5e53fb1520b68178ad465cde801ed779521b843de44f894fc8fdbd071f33f663a60f570b134ff0996bf407ef9ecee72810b16dd9276469e6b0efb5d5c85829

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\92G8RFY9\microsoft.windows[1].xml
                                                                                                                          Filesize

                                                                                                                          97B

                                                                                                                          MD5

                                                                                                                          154014c190bcc3ee57ed7e94a2f5d4b9

                                                                                                                          SHA1

                                                                                                                          20848fea26d00af1a18c235031228444530ec9d4

                                                                                                                          SHA256

                                                                                                                          bcd046aa48862e2cc160ed1dc72283cfeeffce82c66d4aae555664ae3043ac53

                                                                                                                          SHA512

                                                                                                                          91c232d6bb42bebe9f998bae5e1a08d9ea0a8ed86ead98ab733fcf8170ecb100f3294ba378ac4b07ed7b8023760a20324145fcd3884d8848334de81a718d8be5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\4a6y8m0w.tmp
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          d9acba73dffd843661462beb9426b321

                                                                                                                          SHA1

                                                                                                                          04be5d82c4a76987ad20be81cb1d9bd594157fa7

                                                                                                                          SHA256

                                                                                                                          6950445d7d967f1429b2ab03cbdcf2c245155972733e323a0ffe94dd04e6d304

                                                                                                                          SHA512

                                                                                                                          0066274c467a8f408291e09d8389cae79a5e7c4711d99d8cff4649f0b9b8770dc8fd57f5479c7bff985b7637eab41ce81b39142c8bea414923a0d7baaa0252dc

                                                                                                                          Download Submit

                                                                                                                        • memory/388-232-0x000001BC961B0000-0x000001BC961D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/388-220-0x000001BC95BA0000-0x000001BC95BC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/388-204-0x000001BC94D00000-0x000001BC94E00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/388-208-0x000001BC95BE0000-0x000001BC95C00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1052-1229-0x0000000004720000-0x0000000004721000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1204-679-0x000001B90F170000-0x000001B90F190000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1204-667-0x000001B90ED60000-0x000001B90ED80000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1204-657-0x000001B90EDA0000-0x000001B90EDC0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1344-1080-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/1708-1230-0x00000295C2400000-0x00000295C2500000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1708-1235-0x00000295C32A0000-0x00000295C32C0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1708-1242-0x00000295C3260000-0x00000295C3280000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1708-1231-0x00000295C2400000-0x00000295C2500000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1708-1267-0x00000295C3880000-0x00000295C38A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1924-381-0x000002539FF90000-0x000002539FFB0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1924-354-0x000002539EB00000-0x000002539EC00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1924-357-0x000002539FBC0000-0x000002539FBE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1924-368-0x000002539FB80000-0x000002539FBA0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/1924-353-0x000002539EB00000-0x000002539EC00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1924-352-0x000002539EB00000-0x000002539EC00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/1928-650-0x0000000004D70000-0x0000000004D71000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2028-498-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2104-1518-0x0000027150540000-0x0000027150640000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2104-1517-0x0000027150540000-0x0000027150640000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/2488-201-0x0000000004620000-0x0000000004621000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2672-537-0x0000025B95680000-0x0000025B956A0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2672-506-0x0000025B952B0000-0x0000025B952D0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2672-517-0x0000025B95270000-0x0000025B95290000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/2672-500-0x0000025B94200000-0x0000025B94300000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3360-42-0x000002CA36A00000-0x000002CA36B00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3360-46-0x000002CA37B20000-0x000002CA37B40000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3360-55-0x000002CA377D0000-0x000002CA377F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3360-41-0x000002CA36A00000-0x000002CA36B00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3360-67-0x000002CA37EE0000-0x000002CA37F00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3424-1409-0x00000246BDD60000-0x00000246BDD80000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3424-1378-0x00000246BD990000-0x00000246BD9B0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3424-1388-0x00000246BD950000-0x00000246BD970000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3608-938-0x0000000004D80000-0x0000000004D81000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3768-39-0x0000000004040000-0x0000000004041000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3812-1087-0x0000026B1A300000-0x0000026B1A320000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3812-1099-0x0000026B19FC0000-0x0000026B19FE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3812-1119-0x0000026B1A6D0000-0x0000026B1A6F0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3856-350-0x0000000004840000-0x0000000004841000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/3888-956-0x000001C8B03E0000-0x000001C8B0400000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3888-976-0x000001C8B0AF0000-0x000001C8B0B10000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3888-941-0x000001C8AF600000-0x000001C8AF700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3888-944-0x000001C8B0720000-0x000001C8B0740000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3888-939-0x000001C8AF600000-0x000001C8AF700000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3916-791-0x000002F5B0B00000-0x000002F5B0C00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3916-790-0x000002F5B0B00000-0x000002F5B0C00000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1024KB

                                                                                                                          Download

                                                                                                                        • memory/3916-817-0x000002F5B2190000-0x000002F5B21B0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3916-805-0x000002F5B1B80000-0x000002F5B1BA0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/3916-796-0x000002F5B1BC0000-0x000002F5B1BE0000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          128KB

                                                                                                                          Download

                                                                                                                        • memory/4360-1370-0x0000000004A20000-0x0000000004A21000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4820-788-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/5016-1516-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download