Overview

overview

8

Static

static

1

b850bd18e0...15.exe

windows7-x64

8

b850bd18e0...15.exe

windows10-2004-x64

8

Bindemidde...ma.ps1

windows7-x64

3

Bindemidde...ma.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bindemiddels/Konsulentfirma.ps1

  • Size

    55KB

  • MD5

    d402ca057a33bc8a05d22411584f1446

  • SHA1

    62ea91a0a08037dc4126f1b6c292ecef1028390e

  • SHA256

    4faec25f3f54b20769a15b39d6eea37459b7ebc140def9f09151797a1ae497d0

  • SHA512

    8cc2ba44c1dac829d534298a13939f0f484d355a3529f662d793eefe4dc4990cc4b38f23fe4e3e872bb2374c0921b88b8a8d4d815ecfa2703d0d9b19ee6c45fd

  • SSDEEP

    1536:K5BUEGM8EpDcZwwc8EU+0jB9gSk2Ci0hULKcfO/A7ch:KfcMJcZwb8lNmsBAUOgU

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Bindemiddels\Konsulentfirma.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4068
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1824
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1684
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4388
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:516
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2260
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1916
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4216
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:5100
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2952
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5024
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1544
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4932
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4464
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3876
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:516
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4488
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1544
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4596
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3116
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3852
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:672
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4864
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4184
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Modifies registry class
    PID:2016
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:220
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:3916
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3468
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3144
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3256
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2416
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3272
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:5072
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4368
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4036
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3440
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4056
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3256
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2536
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1264
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2172
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4676
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4992
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4336
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4156
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4912
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3468
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3748
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1016
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3524
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3480
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4784
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4368
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:4932
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3512
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1956
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1120
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:4312
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4016
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:1148
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3832
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1232
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2688
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:3140
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1132
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:4528
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4556
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4312
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3416
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2044
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4892
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:1908
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1256
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3916
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:2456
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:3508
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:1268
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:3992
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:3144
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:4176
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:2232
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:4616
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:4312
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:2208
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:1644
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:4284
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:3064

                                                                                                                              Network

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                                Filesize

                                                                                                                                471B

                                                                                                                                MD5

                                                                                                                                f83dc6d29ec51c15a555c8af37d3cb10

                                                                                                                                SHA1

                                                                                                                                240e381ff41a884a2a2d531a2f45c583c639a8c8

                                                                                                                                SHA256

                                                                                                                                564c573f762157ba3d34ded55ac2662acc58110eba0c42a2be6ccd586dce8a8b

                                                                                                                                SHA512

                                                                                                                                0a0c5b3744365a534259557d2e26cc35dbf7fb251b348686b60a33c231e2d8513e40f2501935550effab3e5ab39ab4addeb7880136b8623a2ff6ee0243a0d0c6

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                                Filesize

                                                                                                                                420B

                                                                                                                                MD5

                                                                                                                                ee30e86c225d57578355833e149db3e8

                                                                                                                                SHA1

                                                                                                                                f92404f256dab88cc129b9e9e62fb68fd3a60a99

                                                                                                                                SHA256

                                                                                                                                f38f65dc34fbf9450f7aba44ea5569abe60850d53d816f8af1a8aa89ab3d6272

                                                                                                                                SHA512

                                                                                                                                eee94e92c4012e91152d2f582217e7ce2e82cdc1b3dee1500731ebac02d283a1a885273e431bfb02a9a8ae53aa92754869bd9d989d24b5ea7fc2a6e5fa5f3243

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                Filesize

                                                                                                                                2KB

                                                                                                                                MD5

                                                                                                                                91c3b0341fb93e4efa829609c509519d

                                                                                                                                SHA1

                                                                                                                                a4e0d6c92d5fbeb80aec55ab4979dcaf21555228

                                                                                                                                SHA256

                                                                                                                                ba63cd31928e44862e8eb47d42ea85cbc88c522998adc7093dd5c9a74cb16cfa

                                                                                                                                SHA512

                                                                                                                                faea10ae01e7942b4b3dc5c81e07570e2875b4ca8e6c350a95467bae3f325603aaff43b2882f8b9d8770b998bf3d91b8222cf0740849c75729c0c9555fcfaab4

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MP05IF81\microsoft.windows[1].xml
                                                                                                                                Filesize

                                                                                                                                96B

                                                                                                                                MD5

                                                                                                                                188f8f76ad695de69c313c1113722ec5

                                                                                                                                SHA1

                                                                                                                                acf66cf340e75c0997ab844f745ed139e05b5c1c

                                                                                                                                SHA256

                                                                                                                                d926dfadf64142c9d6e871f8e3d4709e78b5e82e237fcde0680740eed9c82b5b

                                                                                                                                SHA512

                                                                                                                                00eb7bda00afe8efe5b3f29460e2d92d173911f7deabb097d9995fb9af556371c4cecb473d328c8f9c7c85978fd560b1b9cec723805c44bd167ff59c3cf5bbf3

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3shiaueo.5hb.ps1
                                                                                                                                Filesize

                                                                                                                                60B

                                                                                                                                MD5

                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                SHA1

                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                SHA256

                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                SHA512

                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                Download Submit

                                                                                                                              • memory/516-635-0x000002116A900000-0x000002116AA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/516-640-0x000002116B9E0000-0x000002116BA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/516-672-0x000002116BFB0000-0x000002116BFD0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/516-664-0x000002116B9A0000-0x000002116B9C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/516-636-0x000002116A900000-0x000002116AA00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/672-1079-0x0000000004120000-0x0000000004121000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/1544-784-0x000002311EF00000-0x000002311F000000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1544-814-0x0000023120620000-0x0000023120640000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1544-783-0x000002311EF00000-0x000002311F000000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1544-785-0x000002311EF00000-0x000002311F000000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1544-484-0x0000000004E20000-0x0000000004E21000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/1544-788-0x0000023120260000-0x0000023120280000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1544-800-0x0000023120220000-0x0000023120240000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1916-179-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2016-1225-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2260-42-0x0000024F9AC30000-0x0000024F9AC50000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2260-52-0x0000024F9B040000-0x0000024F9B060000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2260-35-0x0000024F9AC70000-0x0000024F9AC90000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2260-32-0x0000024F99C00000-0x0000024F99D00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2260-31-0x0000024F99C00000-0x0000024F99D00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3256-1380-0x00000210CFB40000-0x00000210CFB60000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3256-1375-0x00000208CDC00000-0x00000208CDD00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3468-1374-0x00000000047E0000-0x00000000047E1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3852-936-0x000001D46FB00000-0x000001D46FC00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3852-940-0x000001D470E40000-0x000001D470E60000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3852-935-0x000001D46FB00000-0x000001D46FC00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3852-962-0x000001D471200000-0x000001D471220000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3852-950-0x000001D470E00000-0x000001D470E20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3876-633-0x0000000004D10000-0x0000000004D11000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3916-1243-0x000001C8161D0000-0x000001C8161F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3916-1255-0x000001C8167E0000-0x000001C816800000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3916-1226-0x000001C815100000-0x000001C815200000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3916-1231-0x000001C816420000-0x000001C816440000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4068-14-0x0000020743DC0000-0x0000020743DE4000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                144KB

                                                                                                                                Download

                                                                                                                              • memory/4068-16-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-13-0x0000020743DC0000-0x0000020743DEA000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                168KB

                                                                                                                                Download

                                                                                                                              • memory/4068-12-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-1-0x000002072AF10000-0x000002072AF32000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                136KB

                                                                                                                                Download

                                                                                                                              • memory/4068-11-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-0-0x00007FF9837D3000-0x00007FF9837D5000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                8KB

                                                                                                                                Download

                                                                                                                              • memory/4068-15-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-20-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-19-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4068-18-0x00007FF9837D0000-0x00007FF984291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4184-1085-0x000001E7832F0000-0x000001E783310000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4184-1080-0x000001E782500000-0x000001E782600000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4184-1094-0x000001E7832B0000-0x000001E7832D0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4184-1108-0x000001E7838C0000-0x000001E7838E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4216-186-0x000001CDF6B60000-0x000001CDF6B80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4216-182-0x000001CDF5A00000-0x000001CDF5B00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4216-209-0x000001CDF6F30000-0x000001CDF6F50000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4216-195-0x000001CDF6B20000-0x000001CDF6B40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4216-181-0x000001CDF5A00000-0x000001CDF5B00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4388-28-0x0000000004540000-0x0000000004541000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4464-491-0x000002802C440000-0x000002802C460000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4464-523-0x000002802C810000-0x000002802C830000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4464-501-0x000002802C400000-0x000002802C420000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4464-487-0x000002802B100000-0x000002802B200000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4464-486-0x000002802B100000-0x000002802B200000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4488-782-0x00000000045D0000-0x00000000045D1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4596-933-0x0000000004280000-0x0000000004281000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/5024-340-0x000001EC102B0000-0x000001EC102D0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/5024-362-0x000001EC10680000-0x000001EC106A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/5024-349-0x000001EC10270000-0x000001EC10290000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/5100-333-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download