Overview

overview

8

Static

static

1

EGS-EP2409...R).exe

windows7-x64

3

EGS-EP2409...R).exe

windows10-2004-x64

3

Middle/mes...ic.ps1

windows7-x64

8

Middle/mes...ic.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Middle/messingens/Sortkjolernes67/Permanganic.ps1

  • Size

    59KB

  • MD5

    11e1974573075a613a43f0b1678e8ac8

  • SHA1

    4ac842d91c14c5f2be7541223568336d7efab375

  • SHA256

    847c0aec5765d5fbe9c72aee962ed9939e079877eb557b77532e20ef0236c3a9

  • SHA512

    005bbec6429afc827d5ecd55dc85bbde2b8a65d3bd047ed046375ae6438a7cf87adc95420db7a4f7fde3d1e693c5797ef0ee1e7b7ac5500ab7649e8fb19fc6bc

  • SSDEEP

    1536:q85lZ8tkEDlXpUJaYx23/qLZfHJ1qR8S0o6iUH:9pokYpsa6Blx1vU8H

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Middle\messingens\Sortkjolernes67\Permanganic.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" "/c set /A 1^^0"
      2⤵
        PID:2724
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:808
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2144
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1692
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3680
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3548
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SendNotifyMessage
      PID:4960
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4300
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3520
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of SendNotifyMessage
      PID:4576
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3692
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4056
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:3312
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4152
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3696
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2540
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4184
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4548
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2312
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:944
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2100
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:2600
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2244
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:632
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      PID:1048
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4092
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3588
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Boot or Logon Autostart Execution: Active Setup
      PID:3144
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:2856
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:2668
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4216
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3692
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3568
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3684
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4516
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4408
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2668
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3160
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2952
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4476
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2340
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:2136
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:3108
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1972
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4356
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3440
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3596
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4872
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3868
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:1752
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:208
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4252
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3056
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:3560
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3152
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:1084
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4460
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:3196
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3052
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:212
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4228
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4352
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4444
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:2004
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2408
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4108
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:628
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3828
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2008
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4228
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4876
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:4224
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4872
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3888
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:4020
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3692
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:3440
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3252
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:2952
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:2312
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:1364
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:4352
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:4428
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:648
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:3828
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:4568
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:1436
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:1268
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:3556

                                                                                                                              Network

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                Filesize

                                                                                                                                2KB

                                                                                                                                MD5

                                                                                                                                ed6d05540de7cd6adbc103afdade2623

                                                                                                                                SHA1

                                                                                                                                37deca4b1027b8a7a9373d6fe61e97f0b8b0b251

                                                                                                                                SHA256

                                                                                                                                71626ac12f7d04df4829d209819929d4512bf53e977a07b599c26bed65c6d0f0

                                                                                                                                SHA512

                                                                                                                                6f116a8fa11aab724d37d3360c74d9835711dd4b94b0ba95c31b5554c5798310961083d1eed4e0f0abb13ce829f5248d9a12a2803f3d8e8ab302975296b1089d

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133649921805695471.txt
                                                                                                                                Filesize

                                                                                                                                74KB

                                                                                                                                MD5

                                                                                                                                9dd5a4d01c14051ae2d0b0d3e019cab1

                                                                                                                                SHA1

                                                                                                                                ffa89f274f7bcf219155c31687defad0bc778ac7

                                                                                                                                SHA256

                                                                                                                                ceab7e16d36e83a55fdaaae521c8eb6b87997f3a2ffdcc2dfe4b2ba1c0c487ae

                                                                                                                                SHA512

                                                                                                                                c613b407e450e1a56fc419d0be6113cab2db05f9d32cecf85901225302f17448a456cb3e7e704fb934d0f156455fa63f7e29fdd692fe8ed1696c1bd0463b220c

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4GNLNS14\microsoft.windows[1].xml
                                                                                                                                Filesize

                                                                                                                                96B

                                                                                                                                MD5

                                                                                                                                ccb66d6c668ede38cd352c15fa6a608a

                                                                                                                                SHA1

                                                                                                                                6e522a860e7dc9a40fb6ff80c4c286dd1ce281cd

                                                                                                                                SHA256

                                                                                                                                c7cd4df096aedb5fee5815d2f4b51d098c8b82bc1ed9ba400c5c40935301e665

                                                                                                                                SHA512

                                                                                                                                1620fbf363150496a9bc87dbf2bf652bccf1d47eb9438b08ec02aecc5d2f360cfcfa9e10bb37ff3ded118e561ace94a5c21ba475e971d35cad197ceb845658af

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yql45tjn.2ns.ps1
                                                                                                                                Filesize

                                                                                                                                60B

                                                                                                                                MD5

                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                SHA1

                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                SHA256

                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                SHA512

                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                Download Submit

                                                                                                                              • memory/632-935-0x00000205BBA20000-0x00000205BBA40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/632-925-0x00000205BBA60000-0x00000205BBA80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/632-922-0x00000205BA900000-0x00000205BAA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/632-921-0x00000205BA900000-0x00000205BAA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/632-947-0x00000205BBE20000-0x00000205BBE40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/632-920-0x00000205BA900000-0x00000205BAA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1048-1067-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/1692-23-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2100-794-0x00000288F4B80000-0x00000288F4BA0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2100-772-0x00000280F2B00000-0x00000280F2C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2100-776-0x00000288F4BC0000-0x00000288F4BE0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2100-771-0x00000280F2B00000-0x00000280F2C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2100-808-0x00000288F4F90000-0x00000288F4FB0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2312-770-0x0000000004170000-0x0000000004171000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2540-625-0x0000000004770000-0x0000000004771000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2600-919-0x00000000049A0000-0x00000000049A1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2668-1222-0x000002498B240000-0x000002498B340000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2668-1221-0x000002498B240000-0x000002498B340000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2668-1248-0x000002498C770000-0x000002498C790000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2668-1236-0x000002498C360000-0x000002498C380000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2668-1226-0x000002498C3A0000-0x000002498C3C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3144-1219-0x0000000003E80000-0x0000000003E81000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3312-478-0x0000000004390000-0x0000000004391000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3520-196-0x000001785EB20000-0x000001785EC20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3520-194-0x000001785EB20000-0x000001785EC20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3520-199-0x000001785FE80000-0x000001785FEA0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3520-217-0x0000017860250000-0x0000017860270000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3520-207-0x000001785FE40000-0x000001785FE60000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3548-25-0x000001F9EF000000-0x000001F9EF100000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3548-26-0x000001F9EF000000-0x000001F9EF100000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3548-27-0x000001F9EF000000-0x000001F9EF100000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3548-30-0x000001F9F0100000-0x000001F9F0120000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3548-47-0x000001F9F04C0000-0x000001F9F04E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3548-37-0x000001F9EFDB0000-0x000001F9EFDD0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3588-1074-0x000001E79CA90000-0x000001E79CAB0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3588-1087-0x000001E79CA50000-0x000001E79CA70000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3588-1106-0x000001E79CE60000-0x000001E79CE80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3588-1071-0x000001DF9A940000-0x000001DF9AA40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3588-1069-0x000001DF9A940000-0x000001DF9AA40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3696-492-0x00000238E7020000-0x00000238E7040000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3696-479-0x00000238E5F00000-0x00000238E6000000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3696-484-0x00000238E7060000-0x00000238E7080000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3696-506-0x00000238E7420000-0x00000238E7440000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-339-0x000002421BE00000-0x000002421BF00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4056-342-0x000002421CF60000-0x000002421CF80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-354-0x000002421CF20000-0x000002421CF40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-337-0x000002421BE00000-0x000002421BF00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4056-366-0x000002421D330000-0x000002421D350000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-338-0x000002421BE00000-0x000002421BF00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4216-1358-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4440-2-0x0000022497580000-0x00000224975A2000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                136KB

                                                                                                                                Download

                                                                                                                              • memory/4440-16-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-0-0x00007FFCFCF03000-0x00007FFCFCF05000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                8KB

                                                                                                                                Download

                                                                                                                              • memory/4440-18-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-17-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-11-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-12-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-13-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4440-14-0x00007FFCFCF00000-0x00007FFCFD9C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4548-629-0x0000024C1DB40000-0x0000024C1DC40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4548-632-0x0000024C1EAA0000-0x0000024C1EAC0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4548-627-0x0000024C1DB40000-0x0000024C1DC40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4548-662-0x0000024C1F080000-0x0000024C1F0A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4548-650-0x0000024C1EA60000-0x0000024C1EA80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4576-335-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4960-192-0x0000000003E90000-0x0000000003E91000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download