Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    27s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2024, 23:19

General

  • Target

    705b55902ae2a401bcaa25bc6ab47726a752cb0621f8c70b84f4f265939bb4f2.exe

  • Size

    93KB

  • MD5

    995b8f8f204269a5ec58200abb269e4a

  • SHA1

    0ac126df1e7c26da9ef23ab02adf7de27fa11b1f

  • SHA256

    705b55902ae2a401bcaa25bc6ab47726a752cb0621f8c70b84f4f265939bb4f2

  • SHA512

    73dfe7815eb43f07770f0beae1442d6b437acee6a8945c5ba0d84ab6a7db6ce223c7878fc275adf0cf99990c0bfbe3db9d431712f8fbe025005b0d2940930005

  • SSDEEP

    1536:v7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf0xn:Dq6+ouCpk2mpcWJ0r+QNTBf0

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 6 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables Task Manager via registry modification
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies registry class 64 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\705b55902ae2a401bcaa25bc6ab47726a752cb0621f8c70b84f4f265939bb4f2.exe
    "C:\Users\Admin\AppData\Local\Temp\705b55902ae2a401bcaa25bc6ab47726a752cb0621f8c70b84f4f265939bb4f2.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:456
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C3EC.tmp\C3ED.tmp\C3EE.bat C:\Users\Admin\AppData\Local\Temp\705b55902ae2a401bcaa25bc6ab47726a752cb0621f8c70b84f4f265939bb4f2.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Windows\system32\reg.exe
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
        3⤵
        • Modifies registry key
        PID:1008
      • C:\Windows\system32\reg.exe
        reg add "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies" /v Wallpaper /d "C:\ProgramData\WindowsCache\wall.png" /f
        3⤵
          PID:1960
        • C:\Windows\system32\reg.exe
          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /d "C:\ProgramData\WindowsCache\wall.png" /f
          3⤵
          • Sets desktop wallpaper using registry
          PID:1248
        • C:\Windows\system32\reg.exe
          reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "explorer.exe, C:\ProgramData\WindowsCache\ir.exe" /f
          3⤵
          • Modifies WinLogon for persistence
          PID:4688
        • C:\Windows\system32\taskkill.exe
          taskkill /f /im explorer.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:936
        • C:\Windows\system32\timeout.exe
          timeout /nobreak /t 1
          3⤵
          • Delays execution with timeout.exe
          PID:112
        • C:\Windows\explorer.exe
          explorer.exe
          3⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:100
        • C:\Windows\system32\rundll32.exe
          rundll32.exe user32.dll,UpdatePerUserSystemParameters
          3⤵
            PID:1836
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1644
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4072
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4856
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2496
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4004
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:972
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:2368
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3208
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4692
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2700
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:112
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2180
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:1848
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3512
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:5088
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:1400
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2988
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3748
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3452
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2700
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:1472
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3812
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1372
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:1140
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4456
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:704
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2128
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3812
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1116
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:2204
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:2012
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:1384
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:804
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:1956
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1952
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4780
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:1792
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3764
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1824
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3060
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1372
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2664
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3524
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:1268
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:2372
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:680
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4544
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:3772
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:1248
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:400
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4928
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:4644
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3268
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:1856
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:3980
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:420
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3844
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:3748
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:1940
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:4316
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4360
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:212
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:2860
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1664
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3944
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4368
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:1392
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:2464
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:1704
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4204
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:3076
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:2852
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:4112
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:1456
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:8
                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                  explorer.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:100
                                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                    1⤵
                                                                                                                                      PID:4256
                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                      1⤵
                                                                                                                                        PID:4484
                                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                                        explorer.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:2988
                                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                          1⤵
                                                                                                                                            PID:5076
                                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                            1⤵
                                                                                                                                              PID:400
                                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                                              explorer.exe
                                                                                                                                              1⤵
                                                                                                                                                PID:4464
                                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                1⤵
                                                                                                                                                  PID:636
                                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                  1⤵
                                                                                                                                                    PID:4692
                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                    explorer.exe
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2848
                                                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                                      1⤵
                                                                                                                                                        PID:4620
                                                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                                        1⤵
                                                                                                                                                          PID:3936

                                                                                                                                                        Network

                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                        Replay Monitor

                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                        Downloads

                                                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                                          Filesize

                                                                                                                                                          471B

                                                                                                                                                          MD5

                                                                                                                                                          f08ccc940a1fabf04c8a91d7c41df298

                                                                                                                                                          SHA1

                                                                                                                                                          03d9562a822b6c04edbb4b83e8b56444208482d1

                                                                                                                                                          SHA256

                                                                                                                                                          8bd2a3bcc91ec2b72f5e6c3a09d2625cc062c875fb363cf83dc472303f6d815c

                                                                                                                                                          SHA512

                                                                                                                                                          9724fb15c190a802ab2789ca88fede360a4732053a1461250b384cfe38013dae4ec094870ffaaa64e07a22a3c1badb87683dfb0c9daca23390a3f1cf2cba3edf

                                                                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                                                          Filesize

                                                                                                                                                          412B

                                                                                                                                                          MD5

                                                                                                                                                          300f9deed641ee67a19fefe984f615cd

                                                                                                                                                          SHA1

                                                                                                                                                          2e8ffa51d2bb93aebc071ed1008c0460843f31fc

                                                                                                                                                          SHA256

                                                                                                                                                          dde39fc18c5117734d2f9a07f924189da78f27b1f2afbea7a3647488556d733c

                                                                                                                                                          SHA512

                                                                                                                                                          3ccead7e5aa6799bffbba35d6725ba1e4c5343bfa3b3b6635eca4abc30a66c1133710af14601ed53bebad6a36cc32e08e1454b6f3d5b13ea8375698288763457

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                                                          Filesize

                                                                                                                                                          2KB

                                                                                                                                                          MD5

                                                                                                                                                          9b26ff571bef5f6cb2e97ecaa5a52f67

                                                                                                                                                          SHA1

                                                                                                                                                          825e86e0ef99075ac707c1be851e8d79747e4dce

                                                                                                                                                          SHA256

                                                                                                                                                          b9218a1577aca6b6d9422c4eba929cf62d4020001fdd0b350138d4651f30b1d6

                                                                                                                                                          SHA512

                                                                                                                                                          655ead4483df750dbca2a938327635951971cfa426aaaad9cad120b453facc3cd10a780ede2813b45c7e7ef0e8f769da88cbebc59b1a6d4972c6b4b3facc4a89

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                                                                          Filesize

                                                                                                                                                          36KB

                                                                                                                                                          MD5

                                                                                                                                                          0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                                                          SHA1

                                                                                                                                                          92495421ad887f27f53784c470884802797025ad

                                                                                                                                                          SHA256

                                                                                                                                                          0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                                                          SHA512

                                                                                                                                                          61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                                                                          Filesize

                                                                                                                                                          36KB

                                                                                                                                                          MD5

                                                                                                                                                          ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                                                          SHA1

                                                                                                                                                          eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                                                          SHA256

                                                                                                                                                          20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                                                          SHA512

                                                                                                                                                          bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133739399853113613.txt

                                                                                                                                                          Filesize

                                                                                                                                                          76KB

                                                                                                                                                          MD5

                                                                                                                                                          73d736528ddbac541164451e804d82f0

                                                                                                                                                          SHA1

                                                                                                                                                          c347b9962164319f7495295a9166fa41e605ff03

                                                                                                                                                          SHA256

                                                                                                                                                          c0063b101f38b64117976ad47c8ede61b66e7112cf4fa223d06a78edbe84f15b

                                                                                                                                                          SHA512

                                                                                                                                                          a60a004d16410abe1898b48bebd900e74b814ce69ad1e164fd3e34e64285f4aba325102b7fdf9ec7ba9901ae06336edbb1941e24ff45cf447ddc2223c5093a09

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\FKEP33TV\microsoft.windows[1].xml

                                                                                                                                                          Filesize

                                                                                                                                                          96B

                                                                                                                                                          MD5

                                                                                                                                                          dcfd0f22889d8b3a982fbe019d01d543

                                                                                                                                                          SHA1

                                                                                                                                                          fe866022f3fdf8fba4d3bd366ff0e2683fe58e59

                                                                                                                                                          SHA256

                                                                                                                                                          2337927b5b24c83c8ab37dfc0fe7ddcd832ffb16d0cee5d50344478218893f5b

                                                                                                                                                          SHA512

                                                                                                                                                          11b59e18705c1d95508e298938525f931c12c9010cdc03fad15f5585bc503713670d93739668d886ed9446d528c3dc7ac8cbc8e52198eb85ea6557821a124cc8

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\C3EC.tmp\C3ED.tmp\C3EE.bat

                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          ba97708785cba1962c39d0ae8e690258

                                                                                                                                                          SHA1

                                                                                                                                                          21caf881a1e5fe939f733bc4b8f8a4ff8b94d88e

                                                                                                                                                          SHA256

                                                                                                                                                          9c28201975579600fa4083241c5248e92740c1908cf103816838bd30ec9ffe93

                                                                                                                                                          SHA512

                                                                                                                                                          9c6463e429bf378d1cce28ffd2c54b0ba4aae04b212a1d6aadb427cd6de5b3664b1841bf4f035c423e541ec3c7033bc0440a7793975887ef6f951f8012ca461a

                                                                                                                                                        • memory/804-1331-0x0000020F70C00000-0x0000020F70D00000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/804-1330-0x0000020F70C00000-0x0000020F70D00000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/972-13-0x000001A868A00000-0x000001A868B00000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/972-47-0x000001B06AD00000-0x000001B06AD20000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/972-46-0x000001B06A970000-0x000001B06A990000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/972-17-0x000001B06A9B0000-0x000001B06A9D0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/972-12-0x000001A868A00000-0x000001A868B00000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/1140-933-0x000001F14D420000-0x000001F14D440000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1140-947-0x000001F14DA40000-0x000001F14DA60000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1140-915-0x000001F14D460000-0x000001F14D480000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1140-911-0x000001F14C500000-0x000001F14C600000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/1140-910-0x000001F14C500000-0x000001F14C600000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/1400-604-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/1472-788-0x000001AF94780000-0x000001AF947A0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1472-767-0x000001AF947C0000-0x000001AF947E0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1472-789-0x000001AF94B90000-0x000001AF94BB0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/1848-473-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/2012-1328-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/2128-1068-0x00000266E83C0000-0x00000266E83E0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2128-1079-0x00000266E87D0000-0x00000266E87F0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2128-1059-0x00000266E8400000-0x00000266E8420000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2128-1054-0x00000266E7300000-0x00000266E7400000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2180-322-0x00000218ED600000-0x00000218ED700000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2180-336-0x00000218EE720000-0x00000218EE740000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2180-348-0x00000218EEB20000-0x00000218EEB40000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2180-327-0x00000218EE760000-0x00000218EE780000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2180-324-0x00000218ED600000-0x00000218ED700000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2204-1222-0x0000029FDC840000-0x0000029FDC860000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2204-1211-0x0000029FDB800000-0x0000029FDB900000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2204-1210-0x0000029FDB800000-0x0000029FDB900000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2204-1209-0x0000029FDB800000-0x0000029FDB900000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/2204-1246-0x0000029FDCC50000-0x0000029FDCC70000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2204-1214-0x0000029FDC880000-0x0000029FDC8A0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/2368-177-0x00000000033A0000-0x00000000033A1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/2496-11-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/2700-321-0x0000000004170000-0x0000000004171000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/3452-759-0x00000000041C0000-0x00000000041C1000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/3748-629-0x000002B34E240000-0x000002B34E260000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/3748-619-0x000002B34DC30000-0x000002B34DC50000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/3748-606-0x000002B34CD20000-0x000002B34CE20000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/3748-611-0x000002B34DC70000-0x000002B34DC90000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/3812-909-0x0000000004D80000-0x0000000004D81000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/3812-1207-0x0000000004610000-0x0000000004611000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/4456-1052-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          4KB

                                                                                                                                                        • memory/4692-200-0x0000028EC7220000-0x0000028EC7240000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/4692-216-0x0000028EC7630000-0x0000028EC7650000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/4692-181-0x0000028EC5F00000-0x0000028EC6000000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/4692-184-0x0000028EC7260000-0x0000028EC7280000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/4692-180-0x0000028EC5F00000-0x0000028EC6000000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/5088-488-0x000001D795800000-0x000001D795820000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/5088-509-0x000001D795C00000-0x000001D795C20000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/5088-476-0x000001D794700000-0x000001D794800000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/5088-479-0x000001D795840000-0x000001D795860000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          128KB

                                                                                                                                                        • memory/5088-475-0x000001D794700000-0x000001D794800000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB

                                                                                                                                                        • memory/5088-474-0x000001D794700000-0x000001D794800000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1024KB