Overview

overview

10

Static

static

3

Awb_Tracki...00.exe

windows7-x64

8

Awb_Tracki...00.exe

windows10-2004-x64

10

Dumperfrer...es.ps1

windows7-x64

3

Dumperfrer...es.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    89s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2024 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dumperfrernes/Multiversities.ps1

  • Size

    52KB

  • MD5

    9f75d1ca6c6a219e26ceea78a6f6b218

  • SHA1

    688f14dea57c5989cdb6b29d2d2f5d6a07a460ef

  • SHA256

    203ef2d3c9984cadb87801dc09f084acf7d6f078855ba6300c6e2da79d3a23e9

  • SHA512

    a337e7288f0ed129ae27357914af9af67080835c2b15cc1000566b39f3a30756b2d9e17c910429ecdda936a0e91608ceffa75725e4f5ef3efb1bf9e6b5b6666e

  • SSDEEP

    768:TgeATHJjJp/klueGBVitBbWB+L2HuuSz35oDFkkSNa9qzgZmuPECvGf72IxJdccu:TQTHLquH7iXo+Vuy3SoaoYuCCJ0cQTB

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 17 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 34 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Dumperfrernes\Multiversities.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1752
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3556
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1808
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3936
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2972
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1852
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4600
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:5028
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1696
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1088
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4268
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2332
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1696
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4292
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3696
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3680
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2208
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1992
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:460
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4884
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2012
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1264
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4520
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4008
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3248
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4748
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:772
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:716
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5100
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2564
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3892
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:968
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3040
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1264
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2072
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4024
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2460
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1148
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:408
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3484
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2844
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4620
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
      PID:3636
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1604
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2912
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:2496
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3392
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3900
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:1532
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:764
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3676
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:2080
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:2188
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3864
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4376
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4268
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:1940
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4592
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:4548
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:3688
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:3700
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:536
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:4628
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3472
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:2600
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:3484
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:4184
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:3392
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:3248
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:4196
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:4632
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:2616
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:3800
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:3992
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:3604
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4196
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4624
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2228

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                            Filesize

                                                                            471B

                                                                            MD5

                                                                            00cd62d1c71f7cebc93821164f916e82

                                                                            SHA1

                                                                            c6ef1580c902900947355be0fc19d24a1d9647da

                                                                            SHA256

                                                                            b320f01682d14a9614da0691aee664c132abedf6e666189b3e53ca58e2247afb

                                                                            SHA512

                                                                            80a0135269b76328d95257502b2524867a0f302e961560b164d8cacab397af248d772508050f80de4c99787abf4fa4838015e0d486adbfbe8171aae4d37b61bd

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                            Filesize

                                                                            420B

                                                                            MD5

                                                                            ecb850194136cd32ae175c2384ee92d2

                                                                            SHA1

                                                                            59f7ad876b43f62cbc2eb32a9b119a507d4dd86d

                                                                            SHA256

                                                                            5361898a57dd5673639f032d6be22675ead5f723c4194998bcfb3785ded7fb45

                                                                            SHA512

                                                                            4f5085c1610093d410df4f4cfdce1b3187562d5104a93ffa60fb611f3441495982e213d2a92e41ffbb639d558aafaaf7e12a37357eaa0c6a5e7c26ce866d52aa

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            29beae1b397a606a4767b6f6bdcaf685

                                                                            SHA1

                                                                            4f8747d18e328c26e9963a4699409be270d15187

                                                                            SHA256

                                                                            882700ee7ce8c368fa2f18e3d412a2a5278aec557d0b29ccf35cb027fcd53f8b

                                                                            SHA512

                                                                            cbb5510303a8783048ff67a95a0f2d40cdcc0b9dff652e99e06817ba81e76ce2d46777d1ab7f649319a5eed0796713d5892cc8e4f7ff4283e8ad7287bc978c5a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                            Filesize

                                                                            36KB

                                                                            MD5

                                                                            0e2a09c8b94747fa78ec836b5711c0c0

                                                                            SHA1

                                                                            92495421ad887f27f53784c470884802797025ad

                                                                            SHA256

                                                                            0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                            SHA512

                                                                            61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                            Filesize

                                                                            36KB

                                                                            MD5

                                                                            ab0262f72142aab53d5402e6d0cb5d24

                                                                            SHA1

                                                                            eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                            SHA256

                                                                            20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                            SHA512

                                                                            bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133723877218190675.txt
                                                                            Filesize

                                                                            75KB

                                                                            MD5

                                                                            1bba1bf8e975fc82e881b5bbc1c9fefb

                                                                            SHA1

                                                                            1e8cf5abff8e1c3f0d124556f7eb101b2e5541eb

                                                                            SHA256

                                                                            9f2515189c0881ff2b41642ee6ee23444891faa00b621322d05fa17d88de3bfc

                                                                            SHA512

                                                                            37d46e4db6c86b0d1e8299251cce62caab2aad853ab4536d98fff60bf5bdd33268a9c855f04f3c014f666c28adf2e0068bd2a51ad868b41878ba3c555393345f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\Y25IPP08\microsoft.windows[1].xml
                                                                            Filesize

                                                                            97B

                                                                            MD5

                                                                            d07a8eeeb6da833c3c127ff207daead9

                                                                            SHA1

                                                                            cc8a12f7c600ac6ad8211f50045ca376f88f3cb6

                                                                            SHA256

                                                                            113038e3d15cda4a50c0980cb7075456d00b0770a1c436b68cea36b435363392

                                                                            SHA512

                                                                            84bac1ea9a2bac093a6356933b08c841d1ef922937d05db05b388b6b107d77a7edcf6431db083a89e611c86c2ed9e8e83207e798edb08e3e056045780a432800

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_llghsd4v.fvv.ps1
                                                                            Filesize

                                                                            60B

                                                                            MD5

                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                            SHA1

                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                            SHA256

                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                            SHA512

                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                            Download Submit

                                                                          • memory/408-1446-0x0000000004970000-0x0000000004971000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/716-853-0x0000000004110000-0x0000000004111000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/772-710-0x0000011B78E00000-0x0000011B78F00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/772-714-0x0000011B79F10000-0x0000011B79F30000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/772-709-0x0000011B78E00000-0x0000011B78F00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/772-711-0x0000011B78E00000-0x0000011B78F00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/772-723-0x0000011B79ED0000-0x0000011B79EF0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/772-732-0x0000011B7A2E0000-0x0000011B7A300000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/1088-185-0x00000000028B0000-0x00000000028B1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/1148-1299-0x000001BA0D900000-0x000001BA0DA00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/1148-1316-0x000001BA0E9C0000-0x000001BA0E9E0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/1148-1300-0x000001BA0D900000-0x000001BA0DA00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/1148-1327-0x000001BA0EDD0000-0x000001BA0EDF0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/1148-1304-0x000001BA0EA00000-0x000001BA0EA20000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/1264-590-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/1808-28-0x0000000002C10000-0x0000000002C11000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/1992-321-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/2012-468-0x000001DCC4280000-0x000001DCC42A0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2012-440-0x000001DCC2D40000-0x000001DCC2E40000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/2012-455-0x000001DCC3C60000-0x000001DCC3C80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2012-446-0x000001DCC3CA0000-0x000001DCC3CC0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2072-1164-0x00000216AB630000-0x00000216AB650000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2072-1175-0x00000216ABA40000-0x00000216ABA60000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2072-1153-0x00000216AB670000-0x00000216AB690000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2332-192-0x0000028F0F470000-0x0000028F0F490000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2332-187-0x0000028F0E320000-0x0000028F0E420000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/2332-224-0x0000028F0F840000-0x0000028F0F860000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2332-201-0x0000028F0F430000-0x0000028F0F450000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2564-891-0x0000022D086C0000-0x0000022D086E0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2564-871-0x0000022D080B0000-0x0000022D080D0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2564-859-0x0000022D080F0000-0x0000022D08110000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2564-855-0x0000022D07300000-0x0000022D07400000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/2732-18-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-20-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-13-0x000002F0FF580000-0x000002F0FF5AA000-memory.dmp

                                                                            Filesize

                                                                            168KB

                                                                            Download

                                                                          • memory/2732-16-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-12-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-0-0x00007FFD5E173000-0x00007FFD5E175000-memory.dmp

                                                                            Filesize

                                                                            8KB

                                                                            Download

                                                                          • memory/2732-14-0x000002F0FF580000-0x000002F0FF5A4000-memory.dmp

                                                                            Filesize

                                                                            144KB

                                                                            Download

                                                                          • memory/2732-10-0x000002F0FF5B0000-0x000002F0FF5D2000-memory.dmp

                                                                            Filesize

                                                                            136KB

                                                                            Download

                                                                          • memory/2732-11-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-19-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2732-15-0x00007FFD5E170000-0x00007FFD5EC31000-memory.dmp

                                                                            Filesize

                                                                            10.8MB

                                                                            Download

                                                                          • memory/2844-1472-0x000001A038E80000-0x000001A038EA0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2844-1454-0x000001A038EC0000-0x000001A038EE0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2972-35-0x000001E9A53D0000-0x000001E9A53F0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2972-57-0x000001E9A57A0000-0x000001E9A57C0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/2972-46-0x000001E9A5390000-0x000001E9A53B0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3040-1145-0x0000000004720000-0x0000000004721000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/3076-1003-0x0000024B63520000-0x0000024B63620000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/3076-1038-0x0000024B64630000-0x0000024B64650000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3076-1039-0x0000024B649C0000-0x0000024B649E0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3076-1007-0x0000024B64670000-0x0000024B64690000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3076-1002-0x0000024B63520000-0x0000024B63620000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/3248-707-0x0000000002F40000-0x0000000002F41000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/3680-351-0x0000016AD64C0000-0x0000016AD64E0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3680-327-0x0000016AD60F0000-0x0000016AD6110000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3680-332-0x0000016AD60B0000-0x0000016AD60D0000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/3892-1001-0x0000000004D80000-0x0000000004D81000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/4008-594-0x000001F792900000-0x000001F792A00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/4008-609-0x000001F793A20000-0x000001F793A40000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/4008-620-0x000001F793E20000-0x000001F793E40000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/4008-597-0x000001F793A60000-0x000001F793A80000-memory.dmp

                                                                            Filesize

                                                                            128KB

                                                                            Download

                                                                          • memory/4008-593-0x000001F792900000-0x000001F792A00000-memory.dmp

                                                                            Filesize

                                                                            1024KB

                                                                            Download

                                                                          • memory/4024-1297-0x00000000047C0000-0x00000000047C1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/4884-438-0x00000000033C0000-0x00000000033C1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download