Overview

overview

10

Static

static

1

faa7829ce9...64.exe

windows7-x64

8

faa7829ce9...64.exe

windows10-2004-x64

10

Unengrossi...le.ps1

windows7-x64

3

Unengrossi...le.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    45s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2024 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unengrossing/Independable.ps1

  • Size

    54KB

  • MD5

    9bb7bc97960fef33d8884cdca423c2dd

  • SHA1

    a316731a54a85c2b2c99be377b81196a08c81d7f

  • SHA256

    e03ca6b56a172df4b35a9862314b1c8993d4981923a7bca152b8324931f3b303

  • SHA512

    3b314d83e646b01e5e2506cb9d16101fe8f3f5ae1ee74291fd12ac6be5abb80ebc8c55cd19fd07050962bb4181d16ace9f12d3100f86ca6cf6962faecdef45d8

  • SSDEEP

    1536:h4gmjN3ekb38e9Q4rjWK2kO6qXmBIvNdMhsf6x/u6T:mP17x9QAjZlIm6/MSC

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Unengrossing\Independable.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1056
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3356
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4492
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2608
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:5080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4140
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2176
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2360
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:832
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3048
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1104
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4572
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1636
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:932
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3900
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4100
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5012
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2636
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2068
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:3848
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:1092
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3220
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:2612
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:4252
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:4772
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2496
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:4900
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:3164
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:5024
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:3220
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:1304
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:4728
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:2096
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:3572
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4996
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1360
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:1804
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:4720
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:3624
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:3164
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:2028
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:2068
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:1648
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:3848
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:2348
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:3924
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:336
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:224
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3988
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1352
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:412
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:832
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:456
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:2560
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2044
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:3176
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:1928
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:4420
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3004
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:864
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:4616
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:1420
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:4028
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3480
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4860
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:1856
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:2136
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:8
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4560
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:4644
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1336
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:4320
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4196
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:436
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:1724
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:4780
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:4188
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:3644
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:5092
                                                                                                                          • C:\Windows\explorer.exe
                                                                                                                            explorer.exe
                                                                                                                            1⤵
                                                                                                                              PID:212

                                                                                                                            Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                              Filesize

                                                                                                                              471B

                                                                                                                              MD5

                                                                                                                              6a406ad96e5b0fb95b19fd5c525659e8

                                                                                                                              SHA1

                                                                                                                              89c48a17daeb402c78a406ed31980ce381c1e66a

                                                                                                                              SHA256

                                                                                                                              fff6d4beb65672c459a492cf64ebdcc3ae0b5e635533fd761876300e1f4da6a5

                                                                                                                              SHA512

                                                                                                                              c336db63c06d794ea67bd2d779db15777d1caf244119e76bd640e58e0168afc52dd744be20dfa4bdeb45dfb9435e3cc187099c1ac745d8a7e19ed9a343d886de

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                                                              Filesize

                                                                                                                              420B

                                                                                                                              MD5

                                                                                                                              b6d3fe5cec482a239dc7b65316e3a7d4

                                                                                                                              SHA1

                                                                                                                              6d3a33ff6f60bc6c15b2b48be2048c6e6e90be2f

                                                                                                                              SHA256

                                                                                                                              6a1ab350fb78a8cbcdfddb96c6c63cf31aefefafc95f12c8e6400e7937feb7b3

                                                                                                                              SHA512

                                                                                                                              847188ef0d2f67fe98b8073a9754dfbe57f787a64cc1f11106ef916e00d2e55ff12005878dafcf510ce86c700eb18bef2a5c614aed11c9f3246f45bff68f512d

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              b5d128e122fbf9390d9561a65284b612

                                                                                                                              SHA1

                                                                                                                              5fdda0a3d7db056d8d56da9804d5c614e6b95e18

                                                                                                                              SHA256

                                                                                                                              4daa39931d6eb5b55b89c61bdf424dfdb810a5b06b15c926d298149b3b8f0d92

                                                                                                                              SHA512

                                                                                                                              c9d6f5bea5390f8c6e65b7cf98b57f112844bd8209de790128159736cc426ca672428cb92111bba4b77ecb4769359c91337cc4f739a29a4e7e6389af0296d5d8

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                                                                                                                              Filesize

                                                                                                                              36KB

                                                                                                                              MD5

                                                                                                                              0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                              SHA1

                                                                                                                              92495421ad887f27f53784c470884802797025ad

                                                                                                                              SHA256

                                                                                                                              0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                              SHA512

                                                                                                                              61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                                                                                                                              Filesize

                                                                                                                              36KB

                                                                                                                              MD5

                                                                                                                              ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                              SHA1

                                                                                                                              eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                              SHA256

                                                                                                                              20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                              SHA512

                                                                                                                              bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QKJHZK6M\microsoft.windows[1].xml
                                                                                                                              Filesize

                                                                                                                              96B

                                                                                                                              MD5

                                                                                                                              c80e07f2e2bce84e8f3380b42ba6bd94

                                                                                                                              SHA1

                                                                                                                              33e20b05fc67a22ac3f3c214a32057254f97f2e7

                                                                                                                              SHA256

                                                                                                                              14808d37f1d44780098ddc2af07f7862b3c0c5ab1bfed6b267621e0a332a8bbd

                                                                                                                              SHA512

                                                                                                                              f5adf8b7bbc1b450249034376f7df69eaf2a7be8e516d511bb82828c19efddbee9247d20e4b4c629b7fe58c9391c31fbf48bdb1b857ca13e5f52b80cb7883f24

                                                                                                                              Download Submit

                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i3f34l01.ln0.ps1
                                                                                                                              Filesize

                                                                                                                              60B

                                                                                                                              MD5

                                                                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                              SHA1

                                                                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                              SHA256

                                                                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                              SHA512

                                                                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                              Download Submit

                                                                                                                            • memory/212-6-0x000002554BE20000-0x000002554BE42000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              136KB

                                                                                                                              Download

                                                                                                                            • memory/212-15-0x00007FFF7A6D0000-0x00007FFF7AA25000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              3.3MB

                                                                                                                              Download

                                                                                                                            • memory/212-17-0x00007FFF7A6D0000-0x00007FFF7AA25000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              3.3MB

                                                                                                                              Download

                                                                                                                            • memory/212-13-0x000002554BFC0000-0x000002554BFEA000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              168KB

                                                                                                                              Download

                                                                                                                            • memory/212-12-0x00007FFF7A6D0000-0x00007FFF7AA25000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              3.3MB

                                                                                                                              Download

                                                                                                                            • memory/212-0-0x00007FFF7A6D0000-0x00007FFF7AA25000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              3.3MB

                                                                                                                              Download

                                                                                                                            • memory/212-11-0x00007FFF7A6D0000-0x00007FFF7AA25000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              3.3MB

                                                                                                                              Download

                                                                                                                            • memory/212-14-0x000002554BFC0000-0x000002554BFE4000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              144KB

                                                                                                                              Download

                                                                                                                            • memory/680-187-0x00000269DA400000-0x00000269DA420000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/680-184-0x00000269D9300000-0x00000269D9400000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/680-219-0x00000269DA7D0000-0x00000269DA7F0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/680-183-0x00000269D9300000-0x00000269D9400000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/680-182-0x00000269D9300000-0x00000269D9400000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/680-213-0x00000269DA3C0000-0x00000269DA3E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/1104-624-0x0000000004BF0000-0x0000000004BF1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/1636-775-0x0000000004570000-0x0000000004571000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2080-476-0x0000000004C70000-0x0000000004C71000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2176-324-0x0000000004020000-0x0000000004021000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2552-626-0x0000023899E00000-0x0000023899F00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2552-630-0x000002409BF10000-0x000002409BF30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2552-639-0x000002409BED0000-0x000002409BEF0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2552-662-0x000002409C2E0000-0x000002409C300000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2608-32-0x0000012807DE0000-0x0000012807E00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2608-54-0x00000128086C0000-0x00000128086E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2608-41-0x0000012807DA0000-0x0000012807DC0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2608-28-0x0000012807100000-0x0000012807200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2608-27-0x0000012807100000-0x0000012807200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2612-1377-0x0000000004B80000-0x0000000004B81000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/2620-1078-0x00000124D3100000-0x00000124D3200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2620-1079-0x00000124D3100000-0x00000124D3200000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/2620-1093-0x00000124D3FB0000-0x00000124D3FD0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2620-1083-0x00000124D4200000-0x00000124D4220000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2620-1115-0x00000124D45C0000-0x00000124D45E0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/2636-1076-0x0000000004E90000-0x0000000004E91000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3048-496-0x0000021945600000-0x0000021945620000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3048-483-0x0000021945640000-0x0000021945660000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3048-511-0x0000021945A10000-0x0000021945A30000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3220-1267-0x000001A322230000-0x000001A322250000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3220-1235-0x000001A321E60000-0x000001A321E80000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3220-1230-0x000001A320D00000-0x000001A320E00000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/3220-1266-0x000001A321E20000-0x000001A321E40000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3356-25-0x0000000004A50000-0x0000000004A51000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3848-1229-0x0000000004170000-0x0000000004171000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/3900-777-0x000001EE47F00000-0x000001EE48000000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/3900-814-0x000001EE493A0000-0x000001EE493C0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3900-792-0x000001EE48F90000-0x000001EE48FB0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3900-782-0x000001EE48FD0000-0x000001EE48FF0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/3900-778-0x000001EE47F00000-0x000001EE48000000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4100-924-0x0000000004150000-0x0000000004151000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download

                                                                                                                            • memory/4448-343-0x000001F011EC0000-0x000001F011EE0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4448-327-0x000001F011000000-0x000001F011100000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4448-330-0x000001F011F00000-0x000001F011F20000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4448-325-0x000001F011000000-0x000001F011100000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4448-356-0x000001F0124E0000-0x000001F012500000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/4772-1379-0x000001F499300000-0x000001F499400000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/4772-1380-0x000001F499300000-0x000001F499400000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/5076-963-0x000002556F770000-0x000002556F790000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/5076-928-0x000002556E240000-0x000002556E340000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/5076-931-0x000002556F3A0000-0x000002556F3C0000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/5076-927-0x000002556E240000-0x000002556E340000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/5076-938-0x000002556F360000-0x000002556F380000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              Download

                                                                                                                            • memory/5076-926-0x000002556E240000-0x000002556E340000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              Download

                                                                                                                            • memory/5080-180-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              Download