Overview

overview

10

Static

static

1

SecuriteIn...80.exe

windows7-x64

8

SecuriteIn...80.exe

windows10-2004-x64

10

$WINDIR/co...sy.ps1

windows7-x64

3

$WINDIR/co...sy.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    48s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $WINDIR/compromis/Aerognosy.ps1

  • Size

    52KB

  • MD5

    552ed0904239d64db1895620b38dc799

  • SHA1

    8a6a6c6efd31b04c716cde1783b45783f2843e20

  • SHA256

    d4d98fdbe306d61986bed62340744554e0a288c5a804ed5c924f66885cbf3514

  • SHA512

    21f283ac39223437470036ec08eb01bf40c4a0c45ea5b94bb4d902cf66923db4d14641ce68370d240ab2b213527552dfde13eb1ff4b21a0bbf0c1ee6aed7ade7

  • SSDEEP

    1536:Yb2DFjNKjwJJCwZuTEaiwLAm7C24yWjc2:YSrvJEwZtwM6qg2

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\$WINDIR\compromis\Aerognosy.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3112
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4488
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1676
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3588
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4380
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3772
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4604
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4220
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1376
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1240
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3888
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4604
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2688
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4888
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1116
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3916
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3772
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:832
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2680
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2564
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3228
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3568
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5024
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2988
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:688
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4432
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4472
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1136
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1880
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4128
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:832
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4164
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:816
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:1736
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3248
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3548
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2872
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:8
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1184
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:712
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1296
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:384
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:2184
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4176
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:1116
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2904
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2348
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3432
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:2664
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4488
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2184
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:2492
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:1168
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2060
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:5084
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:1524
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3744
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:448
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:2840
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:1444
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:3140
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1420
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:2268
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2192
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3828
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4244
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:1072
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4464
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4032
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3568
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:4200
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:5072
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:2624
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2352
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:3484
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4920
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:2192
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:1452
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:4112
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:224
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4880
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4960
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:2864
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:2884
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:3880
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:3564

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                              Filesize

                                                                                                                              471B

                                                                                                                              MD5

                                                                                                                              de639bf72b0b8332402c712c045c571f

                                                                                                                              SHA1

                                                                                                                              cad3bb99fcf5687c1232070e11c6779cbb593283

                                                                                                                              SHA256

                                                                                                                              378c061d3b82d857d4b1ad8d27929823330edfc44167b1ee1cd750088ec69747

                                                                                                                              SHA512

                                                                                                                              98563df76077b74c8ab8c2fdf330bc155e5a7992bdc3b6807e738e08d45bf1ebfdff127653fe8578e1b48f5585bb45ad60720f90ee616f25dc3df10bdd0cc0e5

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                              Filesize

                                                                                                                              420B

                                                                                                                              MD5

                                                                                                                              a5f2ad1a6ca9ad3d3f0dbad52d96c014

                                                                                                                              SHA1

                                                                                                                              0fb6be06375251e445b83952d316ef650dda4163

                                                                                                                              SHA256

                                                                                                                              7c37781e687738ea3e68f249f8faef4c94aee82f8797303e2b02a3c27b86b816

                                                                                                                              SHA512

                                                                                                                              8b8135ec5c26990adc230db0d55fe0dc4fcc16a8abe58f93526bf30b414f58b19c1a005647dd4e0660263f6da43d0f23b65950bba9eb2fa7557bf54e5ff539f2

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              a6274fdb85550da27983d6af43631d13

                                                                                                                              SHA1

                                                                                                                              91e000bcda747fe2b475979889d1b4291bad0cbf

                                                                                                                              SHA256

                                                                                                                              dfc7c4519b36a6bf7bc07c533f6b6d1614c3eb55f2ddacd58e7e0704455245ef

                                                                                                                              SHA512

                                                                                                                              78b5d34431ac5ccfe8f49c80e47cf44363460bf92737da964c9b3e318c449a5c4a259337ff0b294ab1347b951e8e345ebfd5958388db4f6121dbf66500544845

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MP05IF81\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              188f8f76ad695de69c313c1113722ec5

                                                                                                                              SHA1

                                                                                                                              acf66cf340e75c0997ab844f745ed139e05b5c1c

                                                                                                                              SHA256

                                                                                                                              d926dfadf64142c9d6e871f8e3d4709e78b5e82e237fcde0680740eed9c82b5b

                                                                                                                              SHA512

                                                                                                                              00eb7bda00afe8efe5b3f29460e2d92d173911f7deabb097d9995fb9af556371c4cecb473d328c8f9c7c85978fd560b1b9cec723805c44bd167ff59c3cf5bbf3

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1mnw3q0k.3am.ps1
                                                                                                                              Filesize

                                                                                                                              60B

                                                                                                                              MD5

                                                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                              SHA1

                                                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                              SHA256

                                                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                              SHA512

                                                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                              Download Submit

                                                                                                                            • memory/688-1180-0x0000000003F30000-0x0000000003F31000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/832-745-0x0000029D94800000-0x0000029D94900000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/832-749-0x0000029D95740000-0x0000029D95760000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/832-744-0x0000029D94800000-0x0000029D94900000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/832-772-0x0000029D95D20000-0x0000029D95D40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/832-759-0x0000029D95700000-0x0000029D95720000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1116-626-0x000001DBC0220000-0x000001DBC0240000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1116-606-0x000001DBBFE60000-0x000001DBBFE80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1116-603-0x000001D3BDD00000-0x000001D3BDE00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/1116-602-0x000001D3BDD00000-0x000001D3BDE00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/1116-601-0x000001D3BDD00000-0x000001D3BDE00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/1116-614-0x000001DBBFE20000-0x000001DBBFE40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1136-1327-0x0000000004760000-0x0000000004761000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1240-467-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1676-28-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1884-14-0x00000187F1680000-0x00000187F16A4000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              144KB

                                                                                                                              Download

                                                                                                                            • memory/1884-13-0x00000187F1680000-0x00000187F16AA000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              168KB

                                                                                                                              Download

                                                                                                                            • memory/1884-18-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-12-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-17-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-15-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-20-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-11-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-19-0x00007FFB47A60000-0x00007FFB48521000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              10.8MB

                                                                                                                              Download

                                                                                                                            • memory/1884-7-0x00000187F1250000-0x00000187F1272000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              136KB

                                                                                                                              Download

                                                                                                                            • memory/1884-0-0x00007FFB47A63000-0x00007FFB47A65000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              8KB

                                                                                                                              Download

                                                                                                                            • memory/2680-890-0x0000000004450000-0x0000000004451000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2688-600-0x0000000004480000-0x0000000004481000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2732-199-0x00000271541A0000-0x00000271541C0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2732-187-0x0000027153100000-0x0000027153200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2732-190-0x00000271541E0000-0x0000027154200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2732-185-0x0000027153100000-0x0000027153200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2732-186-0x0000027153100000-0x0000027153200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2732-209-0x00000271545B0000-0x00000271545D0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2988-1054-0x000002A4C9AA0000-0x000002A4C9AC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2988-1042-0x000002A4C9AE0000-0x000002A4C9B00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2988-1037-0x000002A4C8C00000-0x000002A4C8D00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2988-1067-0x000002A4CA0C0000-0x000002A4CA0E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3228-911-0x0000020492700000-0x0000020492720000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3228-929-0x0000020492B10000-0x0000020492B30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3228-898-0x0000020492740000-0x0000020492760000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3568-1036-0x0000000003E60000-0x0000000003E61000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3772-184-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3916-742-0x00000000044F0000-0x00000000044F1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4056-329-0x0000025432360000-0x0000025432380000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4056-337-0x0000025432320000-0x0000025432340000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4056-325-0x0000025431200000-0x0000025431300000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4056-324-0x0000025431200000-0x0000025431300000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4056-361-0x0000025432720000-0x0000025432740000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4128-1329-0x000001F297900000-0x000001F297A00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4128-1346-0x000001F2989C0000-0x000001F2989E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4128-1357-0x000001F298FD0000-0x000001F298FF0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4128-1334-0x000001F298C00000-0x000001F298C20000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4220-322-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4380-48-0x000001F441FB0000-0x000001F441FD0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4380-60-0x000001F4425C0000-0x000001F4425E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4380-30-0x000001F440E90000-0x000001F440F90000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4380-31-0x000001F440E90000-0x000001F440F90000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4380-35-0x000001F441FF0000-0x000001F442010000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4472-1218-0x0000017893430000-0x0000017893450000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4472-1198-0x0000017893020000-0x0000017893040000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4472-1188-0x0000017893060000-0x0000017893080000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4604-505-0x000001C537360000-0x000001C537380000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4604-470-0x000001BD34E40000-0x000001BD34F40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4604-473-0x000001C536F90000-0x000001C536FB0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4604-469-0x000001BD34E40000-0x000001BD34F40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4604-468-0x000001BD34E40000-0x000001BD34F40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4604-481-0x000001C536F50000-0x000001C536F70000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download