Overview

overview

10

Static

static

1

SecuriteIn...80.exe

windows7-x64

8

SecuriteIn...80.exe

windows10-2004-x64

10

$WINDIR/co...sy.ps1

windows7-x64

3

$WINDIR/co...sy.ps1

windows10-2004-x64

8

Resubmissions

30-09-2024 11:56

240930-n31jtsyalh 10

Analysis

  • max time kernel
    47s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 11:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $WINDIR/compromis/Aerognosy.ps1

  • Size

    52KB

  • MD5

    552ed0904239d64db1895620b38dc799

  • SHA1

    8a6a6c6efd31b04c716cde1783b45783f2843e20

  • SHA256

    d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514

  • SHA512

    21f283ac39223437470036ec08eb01bf40c4a0c45ea5b94bb4d902cf66923db4d14641ce68370d240ab2b213527552dfde13eb1ff4b21a0bbf0c1ee6aed7ade7

  • SSDEEP

    1536:Yb2DFjNKjwJJCwZuTEaiwLAm7C24yWjc2:YSrvJEwZtwM6qg2

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\$WINDIR\compromis\Aerognosy.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4888
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3628
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3424
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2240
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4860
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2288
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3284
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1732
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3596
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4544
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1116
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4796
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3952
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4936
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1292
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4332
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:392
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2224
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1228
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5012
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1940
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1400
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4316
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3884
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1640
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:3828
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1504
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1944
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4756
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:5040
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3208
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1428
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3688
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:2396
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:696
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1832
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3736
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3704
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4972
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:536
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1116
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:772
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3756
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4072
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:664
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1020
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:840
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3780
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1996
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4256
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1292
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:1436
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:1420
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:1940
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3560
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2132
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1908
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4148
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4356
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4760
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4272
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:5088
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:2544
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4584
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1092
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4748
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:3956
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:732
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4256
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4864
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3228
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4444
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4516
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:968
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:2108
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:452
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4612
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:2420
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:3900
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:1564
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:5060
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:3892
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4172
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:2256
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:4952
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:3048

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                            Filesize

                                                                                                                            471B

                                                                                                                            MD5

                                                                                                                            de639bf72b0b8332402c712c045c571f

                                                                                                                            SHA1

                                                                                                                            cad3bb99fcf5687c1232070e11c6779cbb593283

                                                                                                                            SHA256

                                                                                                                            378c061d3b82d857d4b1ad8d27929823330edfc44167b1ee1cd750088ec69747

                                                                                                                            SHA512

                                                                                                                            98563df76077b74c8ab8c2fdf330bc155e5a7992bdc3b6807e738e08d45bf1ebfdff127653fe8578e1b48f5585bb45ad60720f90ee616f25dc3df10bdd0cc0e5

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                            Filesize

                                                                                                                            420B

                                                                                                                            MD5

                                                                                                                            e14c5711f87d9b10ea02cf42f97b6e27

                                                                                                                            SHA1

                                                                                                                            1bcae0c6a04bcfc0667c09b509efcde1e2ce9bc6

                                                                                                                            SHA256

                                                                                                                            4b649acff44568b0a02302a57163288df80d7ae0d2ab0cb21847a4b50514d7e1

                                                                                                                            SHA512

                                                                                                                            47a3b1065e4873d6d26ed00a1298bb0f118f12743308c9b04fe17ccb708ecbfad214808024f74db20d0720a3e68e8f5e628dacc8387c6dbf79341d8556efdd16

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            e40e4876cb3959e835f196ca41225d9a

                                                                                                                            SHA1

                                                                                                                            793ed1e41b14f6e30e3913f449f3002db92b7d83

                                                                                                                            SHA256

                                                                                                                            3cdd47c8f409bfe92c0431a2c595bf2d1858bc9f18a88e816f38dc1773ae4d41

                                                                                                                            SHA512

                                                                                                                            76d2979fe5f0f6a02ff2cc4e9796b925ce2382810c95849e370a338c3dc45a6e7a5f6d18b6f6e59762c751caca8c4b8b0c8ba92de309f125f9655b1b0eaf4329

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                            Filesize

                                                                                                                            36KB

                                                                                                                            MD5

                                                                                                                            0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                            SHA1

                                                                                                                            92495421ad887f27f53784c470884802797025ad

                                                                                                                            SHA256

                                                                                                                            0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                            SHA512

                                                                                                                            61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                            Filesize

                                                                                                                            36KB

                                                                                                                            MD5

                                                                                                                            ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                            SHA1

                                                                                                                            eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                            SHA256

                                                                                                                            20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                            SHA512

                                                                                                                            bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MP05IF81\microsoft.windows[1].xml
                                                                                                                            Filesize

                                                                                                                            96B

                                                                                                                            MD5

                                                                                                                            188f8f76ad695de69c313c1113722ec5

                                                                                                                            SHA1

                                                                                                                            acf66cf340e75c0997ab844f745ed139e05b5c1c

                                                                                                                            SHA256

                                                                                                                            d926dfadf64142c9d6e871f8e3d4709e78b5e82e237fcde0680740eed9c82b5b

                                                                                                                            SHA512

                                                                                                                            00eb7bda00afe8efe5b3f29460e2d92d173911f7deabb097d9995fb9af556371c4cecb473d328c8f9c7c85978fd560b1b9cec723805c44bd167ff59c3cf5bbf3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cc10ybk5.ac1.ps1
                                                                                                                            Filesize

                                                                                                                            60B

                                                                                                                            MD5

                                                                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                            SHA1

                                                                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                            SHA256

                                                                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                            SHA512

                                                                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                            Download Submit

                                                                                                                          • memory/392-768-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/948-182-0x0000020110CC0000-0x0000020110CE0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/948-192-0x0000020110C80000-0x0000020110CA0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/948-213-0x00000201112A0000-0x00000201112C0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1116-471-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1228-770-0x0000020B7D700000-0x0000020B7D800000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1228-775-0x0000020B7E7C0000-0x0000020B7E7E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1228-799-0x0000020B7EB90000-0x0000020B7EBB0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1228-787-0x0000020B7E780000-0x0000020B7E7A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1228-771-0x0000020B7D700000-0x0000020B7D800000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1400-927-0x0000020858980000-0x00000208589A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1400-958-0x0000020858D50000-0x0000020858D70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1400-957-0x0000020858940000-0x0000020858960000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1428-1518-0x0000000004050000-0x0000000004051000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1640-1079-0x0000024749320000-0x0000024749340000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1640-1076-0x0000024748400000-0x0000024748500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1640-1075-0x0000024748400000-0x0000024748500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1640-1098-0x0000024749900000-0x0000024749920000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1640-1084-0x00000247492E0000-0x0000024749300000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1225-0x00000198F1000000-0x00000198F1100000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1228-0x00000198F20B0000-0x00000198F20D0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1251-0x00000198F2480000-0x00000198F24A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1224-0x00000198F1000000-0x00000198F1100000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1223-0x00000198F1000000-0x00000198F1100000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1944-1240-0x00000198F2070000-0x00000198F2090000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2240-29-0x0000000003480000-0x0000000003481000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/2288-66-0x000001CD197C0000-0x000001CD197E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2288-30-0x000001CD18100000-0x000001CD18200000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2288-46-0x000001CD193B0000-0x000001CD193D0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2288-35-0x000001CD193F0000-0x000001CD19410000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3208-1384-0x0000019E67990000-0x0000019E679B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3208-1396-0x0000019E67DA0000-0x0000019E67DC0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3208-1376-0x0000019E679D0000-0x0000019E679F0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3208-1371-0x0000019E66900000-0x0000019E66A00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3284-174-0x0000000004F20000-0x0000000004F21000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3596-322-0x0000000004760000-0x0000000004761000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3828-1221-0x00000000049A0000-0x00000000049A1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3952-488-0x000002644CBC0000-0x000002644CBE0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3952-501-0x000002644CFD0000-0x000002644CFF0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3952-478-0x000002644CC00000-0x000002644CC20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3952-473-0x000002644BB00000-0x000002644BC00000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4316-1072-0x0000000000950000-0x0000000000951000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4332-622-0x000001A2F8400000-0x000001A2F8500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4332-623-0x000001A2F8400000-0x000001A2F8500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4332-639-0x000001A2F92B0000-0x000001A2F92D0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4332-627-0x000001A2F92F0000-0x000001A2F9310000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4332-650-0x000001A2F98C0000-0x000001A2F98E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4332-624-0x000001A2F8400000-0x000001A2F8500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4544-351-0x0000024BD8930000-0x0000024BD8950000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4544-329-0x0000024BD8560000-0x0000024BD8580000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4544-325-0x0000024BD7400000-0x0000024BD7500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4544-324-0x0000024BD7400000-0x0000024BD7500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4544-338-0x0000024BD8520000-0x0000024BD8540000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4544-326-0x0000024BD7400000-0x0000024BD7500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/4756-1369-0x00000000047C0000-0x00000000047C1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/4888-0-0x00007FFE6B873000-0x00007FFE6B875000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            8KB

                                                                                                                            Download

                                                                                                                          • memory/4888-17-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-15-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-14-0x000002CAE8BC0000-0x000002CAE8BE4000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            144KB

                                                                                                                            Download

                                                                                                                          • memory/4888-13-0x000002CAE8BC0000-0x000002CAE8BEA000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            168KB

                                                                                                                            Download

                                                                                                                          • memory/4888-18-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-19-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-20-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-12-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-11-0x00007FFE6B870000-0x00007FFE6C331000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            10.8MB

                                                                                                                            Download

                                                                                                                          • memory/4888-10-0x000002CAE86A0000-0x000002CAE86C2000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            136KB

                                                                                                                            Download

                                                                                                                          • memory/4936-620-0x0000000004530000-0x0000000004531000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/5012-920-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download