Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

creepypasta virus.exe

windows7-x64

8

creepypasta virus.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    51s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/08/2024, 11:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    creepypasta virus.exe

  • Size

    73.1MB

  • MD5

    fafedc86e931a34ae8880b62913ec8b8

  • SHA1

    d9c8a5264941f66446e1ed5831d9fd58527160c7

  • SHA256

    ff8ba81e6c8558f793a41355f5a88dda5cb0fc17f5fb601912ea7e421ca469e4

  • SHA512

    d4182c3cd900433608ad288a3f5b09402396cdf76ee0fe51b335c5fe6c9639655c7970102fe2237d0812a18dcb2e5f21991628e6ea19fb2ed4a31f1cce9479b4

  • SSDEEP

    1572864:EWWQfapBZJbujGp5AuYS2aTjWWQfapBZJbujGp5AuYS2aT:lapBZJbujGpCVTapBZJbujGpCV

Score
8/10
discoveryevasionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\creepypasta virus.exe
    "C:\Users\Admin\AppData\Local\Temp\creepypasta virus.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2224
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4244
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4248
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3928
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3452
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3132
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4176
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3312
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1644
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3456
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2936
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4108
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4396
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1408
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3024
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4136
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4460
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3844
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3660
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4856
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4616
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1528
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4352
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4192
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:2448
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3900
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4892
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3376
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2900
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4428
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4128
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1824
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:1804
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2724
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3948
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4840
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4904
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3648
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1552
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1140
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1928
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3620
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:644
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3652
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4768
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4236
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4856
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2192
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4684
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3928
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1212
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1428
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:1860
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:1140
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4892
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4860
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1888
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4916
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3140
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3472
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4432
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1428
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4384
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:780
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4904
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3304
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3028
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3208
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3988
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:944
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3680
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2808
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3512
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4040
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:1192
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4148
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:840
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4904
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:2936
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:1612
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4124
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2868
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:1860
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4508
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:2896
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:1868

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              701b8e68e6409d342b0b1628e049b144

                                                                                                                              SHA1

                                                                                                                              cf99ab80ab40e2a95797d7d4cb9f201bbfc426b9

                                                                                                                              SHA256

                                                                                                                              810fa23a29a656d263028ea7cf54b6e171877e49bd4167b49cce11fa25583abf

                                                                                                                              SHA512

                                                                                                                              7fd75448ea00af9a0e0cd0e1f1c9952526e15bf04fb6115194c714c81167989699b110b61e46517df5b91650f9931f3f15408ee974f3cfb9f177bc2670d5c1f4

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133675887000867555.txt
                                                                                                                              Filesize

                                                                                                                              75KB

                                                                                                                              MD5

                                                                                                                              ba8c7509d18046be20dd702a97dedbbd

                                                                                                                              SHA1

                                                                                                                              e9b7c66d886166e2cfff41354a361a96b17194d6

                                                                                                                              SHA256

                                                                                                                              46453f306087932bd6f8fc01ed1df78c7df8a66cb6bd5aee7d62d265b054b931

                                                                                                                              SHA512

                                                                                                                              2ed5985fc5e191ea4ef596ac239751a4144ee58323e535aec6acebeff7764bada0b3184b362a15531b89e19b2923e69e04c9fa554729d00bcf24c74b99d1aaf3

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PNRCYTYY\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              97B

                                                                                                                              MD5

                                                                                                                              5e22ac0cbcc2cfca04d1b6983de47d88

                                                                                                                              SHA1

                                                                                                                              2cec1efb9cc1a5882ea7880bfcbe947c3361c37f

                                                                                                                              SHA256

                                                                                                                              15c78df0dc6078f22a8655187b6bc79f1142f5ca86fc151e361b748b119bdc4d

                                                                                                                              SHA512

                                                                                                                              fe181661eb50f5460f51015d576f688ffd9aa9a9c8e2dd1308416a15e2784d5fd1c0dfb3e2819c357c999aa9be208b372b185616e17c3691cf798e4e861bf870

                                                                                                                              Download Submit

                                                                                                                            • memory/1056-486-0x000001F4A2600000-0x000001F4A2700000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/1056-491-0x000001F4A3760000-0x000001F4A3780000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1056-500-0x000001F4A3720000-0x000001F4A3740000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1056-513-0x000001F4A3B30000-0x000001F4A3B50000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1408-639-0x0000000003F70000-0x0000000003F71000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1528-1087-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1644-329-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-328-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-335-0x00000000024B0000-0x00000000024B1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1644-333-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-334-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-331-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-332-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-327-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-330-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-325-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-326-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-322-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-319-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-320-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-321-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-324-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/1644-323-0x00000000081D0000-0x00000000081E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              64KB

                                                                                                                              Download

                                                                                                                            • memory/2224-3-0x0000000009810000-0x00000000098A2000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              584KB

                                                                                                                              Download

                                                                                                                            • memory/2224-630-0x0000000074580000-0x0000000074D30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              7.7MB

                                                                                                                              Download

                                                                                                                            • memory/2224-2-0x0000000009D00000-0x000000000A2A4000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              5.6MB

                                                                                                                              Download

                                                                                                                            • memory/2224-0-0x000000007458E000-0x000000007458F000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2224-1-0x0000000000560000-0x0000000004E7E000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              73.1MB

                                                                                                                              Download

                                                                                                                            • memory/2224-637-0x0000000074580000-0x0000000074D30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              7.7MB

                                                                                                                              Download

                                                                                                                            • memory/2224-5-0x0000000074580000-0x0000000074D30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              7.7MB

                                                                                                                              Download

                                                                                                                            • memory/2224-4-0x00000000098E0000-0x00000000098EA000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              40KB

                                                                                                                              Download

                                                                                                                            • memory/2224-482-0x000000007458E000-0x000000007458F000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2224-6-0x0000000074580000-0x0000000074D30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              7.7MB

                                                                                                                              Download

                                                                                                                            • memory/2224-1459-0x0000000074580000-0x0000000074D30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              7.7MB

                                                                                                                              Download

                                                                                                                            • memory/2936-374-0x000002BF7DC80000-0x000002BF7DCA0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2936-343-0x000002BF7D6B0000-0x000002BF7D6D0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2936-352-0x000002BF7D670000-0x000002BF7D690000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3312-208-0x000001E24FEC0000-0x000001E24FEE0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3312-181-0x000001E24EA00000-0x000001E24EB00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/3312-196-0x000001E24F5A0000-0x000001E24F5C0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3312-186-0x000001E24F5E0000-0x000001E24F600000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3452-11-0x0000000004340000-0x0000000004341000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3660-790-0x0000025672400000-0x0000025672500000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/3660-826-0x00000256738E0000-0x0000025673900000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3660-809-0x00000256732D0000-0x00000256732F0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3660-794-0x0000025673310000-0x0000025673330000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3660-789-0x0000025672400000-0x0000025672500000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4076-937-0x000002371C570000-0x000002371C670000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4076-942-0x000002371D4D0000-0x000002371D4F0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4076-954-0x000002371D490000-0x000002371D4B0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4076-965-0x000002371DAA0000-0x000002371DAC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4080-179-0x00000000045F0000-0x00000000045F1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4108-484-0x00000000048A0000-0x00000000048A1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4136-640-0x0000020A5E700000-0x0000020A5E800000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4136-655-0x0000020A5FA90000-0x0000020A5FAB0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4136-667-0x0000020A5FEA0000-0x0000020A5FEC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4136-645-0x0000020A5FAD0000-0x0000020A5FAF0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4136-641-0x0000020A5E700000-0x0000020A5E800000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4192-1089-0x0000018018000000-0x0000018018100000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4456-17-0x0000025E74A00000-0x0000025E74A20000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4456-14-0x0000025672900000-0x0000025672A00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4456-13-0x0000025672900000-0x0000025672A00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4456-28-0x0000025E747B0000-0x0000025E747D0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4456-48-0x0000025E74DC0000-0x0000025E74DE0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4460-788-0x0000000004590000-0x0000000004591000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4856-935-0x0000000004230000-0x0000000004231000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download