Overview

overview

10

Static

static

1

z42MNA2024..._K.exe

windows7-x64

10

z42MNA2024..._K.exe

windows10-2004-x64

4

Eksploderi...es.ps1

windows7-x64

8

Eksploderi...es.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    53s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2024, 17:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Eksploderingers/Graasteneres.ps1

  • Size

    56KB

  • MD5

    3af25a5af9271a50f9612e436103000c

  • SHA1

    9c2507bfdaabcff84d9355b109fed3106a70976d

  • SHA256

    dedc6344e4d80358faf38231d58dbca7b47212e78cd19fde523fd309b9b5419b

  • SHA512

    9d8da2ccd98060b7b67f803877ea31fc52f3e16eea5c5bd5824734df11f0380ab2d668da9e2add937d9c565e856236e1c665e972287ac1136ad0270c8f4a77b0

  • SSDEEP

    1536:QPX6uN4p9wvQv2rkddGHMttJhIqZsoy+xuDcx:QSuN4+i20ttzIYsBVcx

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 12 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Eksploderingers\Graasteneres.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "set /A 1^^0"
      2⤵
        PID:4308
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1192
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:100
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2568
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4068
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3812
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:5044
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3460
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2556
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3352
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4332
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4200
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:4400
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3596
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3924
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3888
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1192
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4392
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      PID:3780
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:1436
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1548
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2956
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4584
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1488
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3872
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3624
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1392
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3692
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3956
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1820
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1012
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4228
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Modifies Installed Components in the registry
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1452
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2168
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:404
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4056
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1540
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4504
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:5020
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4100
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:2120
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:5112
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:2920
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3520
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:5104
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4200
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1664
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2128
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4456
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2024
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4476
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:2828
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3472
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:828
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:1776
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:652
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1956
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2588
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:920
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3568
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:884
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:5104
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2268
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3848
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3728
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4004
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4432
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:5104
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1032
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3816
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:1520
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:448
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:1584
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:2876
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4344
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:2420
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:2896
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3628
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3696
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3300
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:732
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4796
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3976
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:3820
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4324
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:3492
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:1820
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:828
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:2420
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:4436
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:552
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:2556
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:2872
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:4808
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                              1⤵
                                                                                                                                PID:2700
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                1⤵
                                                                                                                                  PID:4160

                                                                                                                                Network

                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                      Replay Monitor

                                                                                                                                      Loading Replay Monitor...

                                                                                                                                      Downloads

                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                        Filesize

                                                                                                                                        471B

                                                                                                                                        MD5

                                                                                                                                        d167bef885776a71caa9137918853a44

                                                                                                                                        SHA1

                                                                                                                                        938e9840d92645b708450c23ea59d988b79c0f14

                                                                                                                                        SHA256

                                                                                                                                        a97ae8fa2227175303e2f3ea42160aced0e5d03108b249f2607aa89d25d78c40

                                                                                                                                        SHA512

                                                                                                                                        b79448a89d8f1b8afd68c5d16ac20348d4eee9f49aff3384b2419766f49183b7213e82a57da91230b1b780038fc7d3d6d507913c45e206c53e01745e4fe3ad57

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                                                        Filesize

                                                                                                                                        412B

                                                                                                                                        MD5

                                                                                                                                        6b1798ffa1340d464c32035d9ae7b2ab

                                                                                                                                        SHA1

                                                                                                                                        bb33fe6a9d39e4d063ca40297c04a12a84020ff3

                                                                                                                                        SHA256

                                                                                                                                        1686b94f081fed0b0025e05d8bb90390f730fa0bfb9b6d420d8621ad368e0329

                                                                                                                                        SHA512

                                                                                                                                        b91da226fff0cdfdd34ad391f30b56a41f10099aa8b8ad4290bed40cae5ce658687f61162ccb7f44d93555801f2ffde5737ca0b6db8403d485269dd9f71ee8cd

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        7cbd76d5d16ad5b2ee2462e7cf35ffe6

                                                                                                                                        SHA1

                                                                                                                                        16c0fa4e5ac6942cce69133afde813a7537d69c1

                                                                                                                                        SHA256

                                                                                                                                        8fb983f2d1e5b24973bea73bec0bd54c6a454fc8543463a9101a8285076f2318

                                                                                                                                        SHA512

                                                                                                                                        ae7110da64c4d7b91d2f7f3f87bb700079ebd12ba539ef75efae7f71360de366175ccb1be5b9dfe166016b79b6bfcaeddc920aac43fb67ca96b0965ee859134f

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4F70DE3A\microsoft.windows[1].xml
                                                                                                                                        Filesize

                                                                                                                                        97B

                                                                                                                                        MD5

                                                                                                                                        aac7d5913b8448593e8566d95788ced6

                                                                                                                                        SHA1

                                                                                                                                        e967e8d8ef9b46e250575b2e6e5590c6c6bab57e

                                                                                                                                        SHA256

                                                                                                                                        3d1dfdee76cf0d9c09c1f82000c6871c1f44a5a8128a6bb3bac326cc50bfdeda

                                                                                                                                        SHA512

                                                                                                                                        f4a13cf4fa6c4a78856097aa2a201b0a3d4b216dd2f8fe8a23175e9c2f5986f543dab59b99a915c5b741238bb4a21a2b39f842e0e324f50ffaefd87322fad1a8

                                                                                                                                        Download Submit

                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kkyeqoa0.auv.ps1
                                                                                                                                        Filesize

                                                                                                                                        60B

                                                                                                                                        MD5

                                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                        SHA1

                                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                        SHA256

                                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                        SHA512

                                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                        Download Submit

                                                                                                                                      • memory/404-237-0x000001DACDCC0000-0x000001DACDCE0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/404-232-0x000001DACD6E0000-0x000001DACD700000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/404-234-0x000001DACD6A0000-0x000001DACD6C0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1392-181-0x00000000021D0000-0x00000000021D1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1452-225-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1488-169-0x0000021268B10000-0x0000021268B30000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1488-167-0x0000021268700000-0x0000021268720000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1488-165-0x0000021268740000-0x0000021268760000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1548-146-0x0000025B72000000-0x0000025B72020000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1548-142-0x0000025B71C30000-0x0000025B71C50000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1548-144-0x0000025B71BF0000-0x0000025B71C10000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1664-327-0x0000027367520000-0x0000027367540000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1664-325-0x0000027367560000-0x0000027367580000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1664-329-0x0000027367920000-0x0000027367940000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/1820-201-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-9-0x0000021D772B0000-0x0000021D772D2000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        136KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-10-0x00007FFB5BE00000-0x00007FFB5C8C1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-11-0x0000021D5E6D0000-0x0000021D5E6E0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-12-0x0000021D5E6D0000-0x0000021D5E6E0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-13-0x0000021D5E6D0000-0x0000021D5E6E0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-15-0x0000021D5E6D0000-0x0000021D5E6E0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        64KB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-18-0x00007FFB5BE00000-0x00007FFB5C8C1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        10.8MB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-17-0x0000021D76DF0000-0x0000021D7700C000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        2.1MB

                                                                                                                                        Download

                                                                                                                                      • memory/1864-16-0x0000021D77320000-0x0000021D77324000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        16KB

                                                                                                                                        Download

                                                                                                                                      • memory/2024-350-0x0000020D4A7B0000-0x0000020D4A7D0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2024-352-0x0000020D4ADC0000-0x0000020D4ADE0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2024-348-0x0000020D4A7F0000-0x0000020D4A810000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2120-279-0x000001EF52490000-0x000001EF524B0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2120-283-0x000001EF52A60000-0x000001EF52A80000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2120-281-0x000001EF52450000-0x000001EF52470000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2128-340-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/2556-57-0x00000227EC340000-0x00000227EC360000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2556-59-0x00000227EC750000-0x00000227EC770000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2556-55-0x00000227EC380000-0x00000227EC3A0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/2568-26-0x00000000048D0000-0x00000000048D1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/2956-157-0x0000000004250000-0x0000000004251000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/3352-69-0x0000000002E00000-0x0000000002E01000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/3472-371-0x000001DD8CF10000-0x000001DD8CF30000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3520-304-0x000001CEFBFD0000-0x000001CEFBFF0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3520-302-0x000001CEFC320000-0x000001CEFC340000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3520-307-0x000001CEFC6E0000-0x000001CEFC700000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3780-134-0x00000000036E0000-0x00000000036E1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/3812-33-0x000002212E1F0000-0x000002212E210000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3812-37-0x000002212E5F0000-0x000002212E610000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3812-35-0x000002212E1B0000-0x000002212E1D0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3888-111-0x0000000004E90000-0x0000000004E91000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/3924-103-0x000002B2BEF40000-0x000002B2BEF60000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3924-99-0x000002B2BEB70000-0x000002B2BEB90000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3924-101-0x000002B2BEB30000-0x000002B2BEB50000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3956-191-0x000001B660D20000-0x000001B660D40000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3956-189-0x000001B660D60000-0x000001B660D80000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/3956-193-0x000001B661120000-0x000001B661140000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4056-247-0x0000000004430000-0x0000000004431000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4200-80-0x0000024D41B50000-0x0000024D41B70000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4200-78-0x0000024D41740000-0x0000024D41760000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4200-76-0x0000024D41780000-0x0000024D417A0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4228-213-0x0000018ACFE80000-0x0000018ACFEA0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4228-211-0x0000018ACF870000-0x0000018ACF890000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4228-209-0x0000018ACF8B0000-0x0000018ACF8D0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4392-119-0x000002842EAA0000-0x000002842EAC0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4392-121-0x000002842EA60000-0x000002842EA80000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4392-123-0x000002842F080000-0x000002842F0A0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4400-91-0x00000000037C0000-0x00000000037C1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4476-363-0x00000000049F0000-0x00000000049F1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/4504-259-0x00000215B15B0000-0x00000215B15D0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4504-257-0x00000215B11A0000-0x00000215B11C0000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/4504-255-0x00000215B11E0000-0x00000215B1200000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        128KB

                                                                                                                                        Download

                                                                                                                                      • memory/5020-271-0x0000000004700000-0x0000000004701000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/5020-269-0x00007FFB78F50000-0x00007FFB78FBB000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        428KB

                                                                                                                                        Download

                                                                                                                                      • memory/5044-47-0x00000000040F0000-0x00000000040F1000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/5104-318-0x0000000004240000-0x0000000004241000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download

                                                                                                                                      • memory/5112-294-0x0000000004D30000-0x0000000004D31000-memory.dmp

                                                                                                                                        Filesize

                                                                                                                                        4KB

                                                                                                                                        Download