Overview

overview

10

Static

static

1

24100311.EXE.exe

windows7-x64

8

24100311.EXE.exe

windows10-2004-x64

10

Unengrossi...le.ps1

windows7-x64

3

Unengrossi...le.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2024 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unengrossing/Independable.ps1

  • Size

    54KB

  • MD5

    9bb7bc97960fef33d8884cdca423c2dd

  • SHA1

    a316731a54a85c2b2c99be377b81196a08c81d7f

  • SHA256

    e03ca6b56a172df4b35a9862314b1c8993d4981923a7bca152b8324931f3b303

  • SHA512

    3b314d83e646b01e5e2506cb9d16101fe8f3f5ae1ee74291fd12ac6be5abb80ebc8c55cd19fd07050962bb4181d16ace9f12d3100f86ca6cf6962faecdef45d8

  • SSDEEP

    1536:h4gmjN3ekb38e9Q4rjWK2kO6qXmBIvNdMhsf6x/u6T:mP17x9QAjZlIm6/MSC

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Unengrossing\Independable.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4772
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4832
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2052
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3496
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:724
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4764
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3468
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3708
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4556
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3932
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3416
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4092
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4028
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3572
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2752
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4264
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4052
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4812
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2312
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3084
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3912
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2420
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2088
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1948
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4060
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2100
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:224
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3868
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:2100
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2144
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4980
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:1668
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4432
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4196
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:4092
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1620
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3384
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3720
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1896
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4220
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:3384
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:664
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4860
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:1168
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1524
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:216
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3492
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:1996
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:5028
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:116
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:408
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:536
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1220
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2848
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:2404
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2680
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3040
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2316
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:3112
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4960
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:2284
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:5108
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2752
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:2012
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:5100
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3396
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1480
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1840
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:4820
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:5004
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2108
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:3652
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4932
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4020
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:1480
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:1076
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:4544
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:3860
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:408
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3504
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1640
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3684
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:2524
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:3908
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:1340
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:1232

                                                                                                                    Network

                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                      Filesize

                                                                                                                      471B

                                                                                                                      MD5

                                                                                                                      6a406ad96e5b0fb95b19fd5c525659e8

                                                                                                                      SHA1

                                                                                                                      89c48a17daeb402c78a406ed31980ce381c1e66a

                                                                                                                      SHA256

                                                                                                                      fff6d4beb65672c459a492cf64ebdcc3ae0b5e635533fd761876300e1f4da6a5

                                                                                                                      SHA512

                                                                                                                      c336db63c06d794ea67bd2d779db15777d1caf244119e76bd640e58e0168afc52dd744be20dfa4bdeb45dfb9435e3cc187099c1ac745d8a7e19ed9a343d886de

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                      Filesize

                                                                                                                      420B

                                                                                                                      MD5

                                                                                                                      05cb569b32802d9c91366ed3f6502ee3

                                                                                                                      SHA1

                                                                                                                      eff7cf2ca5def41ea9266ac12bbc045c103d0f7b

                                                                                                                      SHA256

                                                                                                                      0f93ad2fec3bac516c5c65a34db1ca5ef4bf858f4974f74068cc58874425b7e5

                                                                                                                      SHA512

                                                                                                                      e5613d3e84aa444cabdc32b19cb45e9f29758f2a5f39d2a3c66bb2073400c5b29d5b878d852c4e3614bc7e19e7ba4f66fbbcc6f39bd6b98e46814ba4333127ee

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                      Filesize

                                                                                                                      2KB

                                                                                                                      MD5

                                                                                                                      1d3ca880c769b88111d3a824f73a074a

                                                                                                                      SHA1

                                                                                                                      ce0d9a2e0c4779ce087125f1616ba430563fa305

                                                                                                                      SHA256

                                                                                                                      cf3beff359ed0d9ebf3733ec76c9867ee95de8d8a958b7403c25a677f183df33

                                                                                                                      SHA512

                                                                                                                      f7ee79bb31f5176c83a64e0e2de5edd4c9526ba9b3ae18845c13515c053c6b85a05c752010c14fe7af0fa0ccc0848ae1233fd806ef96a11b318a341807e89a4e

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PNRCYTYY\microsoft.windows[1].xml
                                                                                                                      Filesize

                                                                                                                      97B

                                                                                                                      MD5

                                                                                                                      5e22ac0cbcc2cfca04d1b6983de47d88

                                                                                                                      SHA1

                                                                                                                      2cec1efb9cc1a5882ea7880bfcbe947c3361c37f

                                                                                                                      SHA256

                                                                                                                      15c78df0dc6078f22a8655187b6bc79f1142f5ca86fc151e361b748b119bdc4d

                                                                                                                      SHA512

                                                                                                                      fe181661eb50f5460f51015d576f688ffd9aa9a9c8e2dd1308416a15e2784d5fd1c0dfb3e2819c357c999aa9be208b372b185616e17c3691cf798e4e861bf870

                                                                                                                      Download Submit

                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2rbhqh10.d5m.ps1
                                                                                                                      Filesize

                                                                                                                      60B

                                                                                                                      MD5

                                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                      SHA1

                                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                      SHA256

                                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                      SHA512

                                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                      Download Submit

                                                                                                                    • memory/448-485-0x00000219D24F0000-0x00000219D2510000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/448-480-0x00000219D1600000-0x00000219D1700000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/448-481-0x00000219D1600000-0x00000219D1700000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/448-507-0x00000219D2AC0000-0x00000219D2AE0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/448-494-0x00000219D24B0000-0x00000219D24D0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/724-179-0x0000000003740000-0x0000000003741000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/1948-1215-0x0000000004E60000-0x0000000004E61000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2052-28-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2088-1076-0x00000286B7D00000-0x00000286B7E00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/2088-1112-0x0000028EBA3C0000-0x0000028EBA3E0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2088-1075-0x00000286B7D00000-0x00000286B7E00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/2088-1080-0x0000028EBA000000-0x0000028EBA020000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2088-1092-0x0000028EB9DB0000-0x0000028EB9DD0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1234-0x0000020B75FE0000-0x0000020B76000000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1222-0x0000020B76320000-0x0000020B76340000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1219-0x0000020B75200000-0x0000020B75300000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1217-0x0000020B75200000-0x0000020B75300000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1248-0x0000020B766F0000-0x0000020B76710000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2100-1511-0x0000000004C40000-0x0000000004C41000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2312-929-0x0000000002A30000-0x0000000002A31000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2420-1073-0x0000000004390000-0x0000000004391000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2516-1361-0x0000000004880000-0x0000000004881000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/2752-666-0x0000019E16D20000-0x0000019E16D40000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2752-629-0x0000019E15800000-0x0000019E15900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/2752-643-0x0000019E16920000-0x0000019E16940000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2752-635-0x0000019E16960000-0x0000019E16980000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/2752-630-0x0000019E15800000-0x0000019E15900000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/3416-479-0x0000000004410000-0x0000000004411000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3468-185-0x0000024D8B5D0000-0x0000024D8B5F0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3468-209-0x0000024D8B9A0000-0x0000024D8B9C0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3468-197-0x0000024D8B590000-0x0000024D8B5B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3708-330-0x0000000004730000-0x0000000004731000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/3868-1369-0x000002AC4ACA0000-0x000002AC4ACC0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3868-1377-0x000002AC4AC60000-0x000002AC4AC80000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3868-1400-0x000002AC4B280000-0x000002AC4B2A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3912-936-0x0000029FA33C0000-0x0000029FA33E0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3912-946-0x0000029FA3380000-0x0000029FA33A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3912-959-0x0000029FA3790000-0x0000029FA37B0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3932-332-0x000001E809400000-0x000001E809500000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/3932-360-0x000001E80A900000-0x000001E80A920000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3932-347-0x000001E80A2E0000-0x000001E80A300000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3932-337-0x000001E80A320000-0x000001E80A340000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/3932-333-0x000001E809400000-0x000001E809500000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4000-45-0x000001F64EB90000-0x000001F64EBB0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4000-31-0x000001F64DD00000-0x000001F64DE00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4000-32-0x000001F64DD00000-0x000001F64DE00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4000-35-0x000001F64EBD0000-0x000001F64EBF0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4000-30-0x000001F64DD00000-0x000001F64DE00000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4000-56-0x000001F64F1A0000-0x000001F64F1C0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4028-628-0x0000000004690000-0x0000000004691000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4076-12-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-15-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-0-0x00007FF92DA03000-0x00007FF92DA05000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      8KB

                                                                                                                      Download

                                                                                                                    • memory/4076-11-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-6-0x00000188294E0000-0x0000018829502000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      136KB

                                                                                                                      Download

                                                                                                                    • memory/4076-19-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-20-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-18-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-17-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      10.8MB

                                                                                                                      Download

                                                                                                                    • memory/4076-13-0x0000018842430000-0x000001884245A000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      168KB

                                                                                                                      Download

                                                                                                                    • memory/4076-14-0x0000018842430000-0x0000018842454000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      144KB

                                                                                                                      Download

                                                                                                                    • memory/4264-777-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      Download

                                                                                                                    • memory/4812-786-0x0000016A78740000-0x0000016A78760000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4812-783-0x0000016A78780000-0x0000016A787A0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4812-815-0x0000016A78B50000-0x0000016A78B70000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4980-1512-0x000002338BF00000-0x000002338C000000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4980-1513-0x000002338BF00000-0x000002338C000000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4980-1514-0x000002338BF00000-0x000002338C000000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      1024KB

                                                                                                                      Download

                                                                                                                    • memory/4980-1517-0x0000023B8E020000-0x0000023B8E040000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download

                                                                                                                    • memory/4980-1524-0x0000023B8DDD0000-0x0000023B8DDF0000-memory.dmp

                                                                                                                      Filesize

                                                                                                                      128KB

                                                                                                                      Download