Overview

overview

10

Static

static

3

5a99c490bd...af.exe

windows7-x64

8

5a99c490bd...af.exe

windows10-2004-x64

10

Catchpoleship.ps1

windows7-x64

3

Catchpoleship.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    49s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2024 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Catchpoleship.ps1

  • Size

    56KB

  • MD5

    bea0253bd1d370c8bcc515e8ff7bb6e9

  • SHA1

    9b1443ba1094479087b73d1999cbadfb8e2eacbd

  • SHA256

    844e8c95af74d9b8b7ee184a61f16ce1221679b84556cb78b9acab1d0fb9936b

  • SHA512

    1930e412af035f6a4ba452b3af21ba77c316fb757d32250fe343e648b3bee421c495f2607f3549cd20e1a079f9934a0ab5f7a7af0b648742ecd00b1f9e0c18be

  • SSDEEP

    1536:M34qzsYB1X+FcuzJjBn0cfNI2egeqrDxe0U:M34UBP2zJjBn0k2eneJ

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Catchpoleship.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4368
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:372
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4196
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1228
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3044
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4148
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4664
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:320
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4684
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4176
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2076
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3128
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4064
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1732
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3124
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4148
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4696
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1584
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2608
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4212
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:384
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:404
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4800
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2520
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4056
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:3528
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4996
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1156
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3756
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:2188
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3292
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1732
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:3992
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3128
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4408
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3028
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4456
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:540
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:5048
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4852
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3496
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2772
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4380
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4364
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4832
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3748
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2236
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3088
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1984
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:1720
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:4128
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3316
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:384
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4016
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:320
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4544
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:1540
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:3276
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3300
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:3828
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4812
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1720
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3916
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:2604
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:2524
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:3952
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:412
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4732
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3528
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3316
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:3088
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:2644
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:2760
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:632
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:3600
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4568
                                                                                                      • C:\Windows\explorer.exe
                                                                                                        explorer.exe
                                                                                                        1⤵
                                                                                                          PID:4120
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                          1⤵
                                                                                                            PID:4412
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:4856
                                                                                                            • C:\Windows\explorer.exe
                                                                                                              explorer.exe
                                                                                                              1⤵
                                                                                                                PID:1172
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                1⤵
                                                                                                                  PID:3748
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                  1⤵
                                                                                                                    PID:3964
                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                    explorer.exe
                                                                                                                    1⤵
                                                                                                                      PID:2360
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                      1⤵
                                                                                                                        PID:4852
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                        1⤵
                                                                                                                          PID:3756
                                                                                                                        • C:\Windows\explorer.exe
                                                                                                                          explorer.exe
                                                                                                                          1⤵
                                                                                                                            PID:628
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                            1⤵
                                                                                                                              PID:2132
                                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                              1⤵
                                                                                                                                PID:4368

                                                                                                                              Network

                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                              Replay Monitor

                                                                                                                              Loading Replay Monitor...

                                                                                                                              Downloads

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                Filesize

                                                                                                                                471B

                                                                                                                                MD5

                                                                                                                                dbe5b78d5ad206c87804f68b608cc95e

                                                                                                                                SHA1

                                                                                                                                3aa24aa955ace99602b9c09a730d139a016dd2c8

                                                                                                                                SHA256

                                                                                                                                f35d6a98cc817f736776aa78ab90a11339bfed638788bc79eb6ee65a563e5d39

                                                                                                                                SHA512

                                                                                                                                afb286e0c34b06562b697e5632fa0021ab808f389329d4308df2daec8711c221cca1090fc4496b8911a02964043d4d82dcc0e4ff343821be4aad2787762ef289

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                                                Filesize

                                                                                                                                412B

                                                                                                                                MD5

                                                                                                                                602d6c26072e5929166d7d89f154a480

                                                                                                                                SHA1

                                                                                                                                e4e41aade9d9ca94f61e724b689a6cbf523832be

                                                                                                                                SHA256

                                                                                                                                183bee07825eab54247e047c318c3098bb52a6d3d3a69bdcebb21f8ed2dc1ff3

                                                                                                                                SHA512

                                                                                                                                854c388be9164f55d8f1f6e4e676d24a5c1a1f72d1296d7b58216c3f615d3375e747bd924a2fe0db22c608b6ad5d9bf8e1f3f3d02795fac785063f67ae50c8d6

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                Filesize

                                                                                                                                2KB

                                                                                                                                MD5

                                                                                                                                44877f6ea89d7cd5aa391d34ec3cd66b

                                                                                                                                SHA1

                                                                                                                                39677715af33244284088f973b9c6521b82bd385

                                                                                                                                SHA256

                                                                                                                                0af4427afe2c8a0cd1d47eb19e1bc3086f02551eec18662543ef48d88201f986

                                                                                                                                SHA512

                                                                                                                                78d6c1fa34a208db5d07f4a19b074be9202983a4030654bf2ced50a08a6dc013bc0d11f66ae2af4ed3d8e51154a0e5589ac58a6fda5d8baf0b8de66e85bf0272

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133753345849593878.txt
                                                                                                                                Filesize

                                                                                                                                75KB

                                                                                                                                MD5

                                                                                                                                f06470aa193372640c2fdc3b8ac47e6a

                                                                                                                                SHA1

                                                                                                                                4122fe2e7ae62705cfceaf5b20087fcaf549edfd

                                                                                                                                SHA256

                                                                                                                                c3ecc97b8d754876487a65203be80d6869739390a96ca962faa6e319c8b7c66e

                                                                                                                                SHA512

                                                                                                                                e119d7258fd4bdcd7851c3497011fd3573d4eca7a6d978b1abeb6fbb6f429ede063fa71c6fa455a552012b90289917bd4add77549e385ee4d146b2b386bf3746

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YOZOSN6K\microsoft.windows[1].xml
                                                                                                                                Filesize

                                                                                                                                97B

                                                                                                                                MD5

                                                                                                                                e6ba99d8293b4c7951bad0a2c6761b8e

                                                                                                                                SHA1

                                                                                                                                87aaf2d975cdef4db219e4f9f2b1469dd05a6b0b

                                                                                                                                SHA256

                                                                                                                                773b2b8b752a5bfd3d93b7475dbb7f659bad014ffd06292ee0450c216892ac29

                                                                                                                                SHA512

                                                                                                                                e6861e87688861f4c43d80f9e98996fc476a11d4e147eb3c55f66d6f1abc065690e2662dd34dca32c0284b64056b95142d932697aa1fa6d6b755ef0f57031ee0

                                                                                                                                Download Submit

                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_idp201ac.qby.ps1
                                                                                                                                Filesize

                                                                                                                                60B

                                                                                                                                MD5

                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                SHA1

                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                SHA256

                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                SHA512

                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                Download Submit

                                                                                                                              • \??\PIPE\srvsvc
                                                                                                                                MD5

                                                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                SHA1

                                                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                SHA256

                                                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                SHA512

                                                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                Download Submit

                                                                                                                              • memory/404-976-0x0000024C22C10000-0x0000024C22C30000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/404-957-0x0000024C22800000-0x0000024C22820000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/404-945-0x0000024C22840000-0x0000024C22860000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1234-0x0000029498B00000-0x0000029498C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1235-0x0000029498B00000-0x0000029498C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1239-0x0000029499C40000-0x0000029499C60000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1261-0x000002949A010000-0x000002949A030000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1248-0x0000029499C00000-0x0000029499C20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1156-1236-0x0000029498B00000-0x0000029498C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1228-29-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/1620-495-0x0000017691600000-0x0000017691620000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1620-504-0x00000176915C0000-0x00000176915E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1620-515-0x00000176919D0000-0x00000176919F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/1620-491-0x0000017690300000-0x0000017690400000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/1732-640-0x0000000004290000-0x0000000004291000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/2608-811-0x000001B9959C0000-0x000001B9959E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2608-795-0x000001B994E00000-0x000001B994F00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2608-799-0x000001B995D00000-0x000001B995D20000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/2608-794-0x000001B994E00000-0x000001B994F00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/2608-823-0x000001B9962E0000-0x000001B996300000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3128-353-0x0000012932B20000-0x0000012932B40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3128-348-0x00000129319B0000-0x0000012931AB0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3128-372-0x0000012932EE0000-0x0000012932F00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3128-362-0x00000129327D0000-0x00000129327F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/3292-1375-0x0000013676A00000-0x0000013676B00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3292-1376-0x0000013676A00000-0x0000013676B00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3292-1374-0x0000013676A00000-0x0000013676B00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/3528-1233-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/3756-1372-0x0000000002B80000-0x0000000002B81000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4056-1119-0x0000028FE2490000-0x0000028FE24B0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-1082-0x0000028FE1000000-0x0000028FE1100000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4056-1102-0x0000028FE2080000-0x0000028FE20A0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4056-1087-0x0000028FE20C0000-0x0000028FE20E0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4064-489-0x00000000041E0000-0x00000000041E1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4148-647-0x0000021FD5DD0000-0x0000021FD5DF0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-642-0x0000021FD4B00000-0x0000021FD4C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4148-659-0x0000021FD5D90000-0x0000021FD5DB0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-54-0x0000018FBB7E0000-0x0000018FBB800000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-671-0x0000021FD61A0000-0x0000021FD61C0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-43-0x0000018FBB3D0000-0x0000018FBB3F0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-644-0x0000021FD4B00000-0x0000021FD4C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4148-643-0x0000021FD4B00000-0x0000021FD4C00000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4148-35-0x0000018FBB410000-0x0000018FBB430000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4148-30-0x0000018FBA400000-0x0000018FBA500000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4148-31-0x0000018FBA400000-0x0000018FBA500000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4176-346-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4212-937-0x0000000002760000-0x0000000002761000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4368-17-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-15-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-19-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-0-0x00007FFA4C883000-0x00007FFA4C885000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                8KB

                                                                                                                                Download

                                                                                                                              • memory/4368-6-0x00000203CCE60000-0x00000203CCE82000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                136KB

                                                                                                                                Download

                                                                                                                              • memory/4368-20-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-11-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-12-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-13-0x00000203CF3D0000-0x00000203CF3FA000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                168KB

                                                                                                                                Download

                                                                                                                              • memory/4368-18-0x00007FFA4C880000-0x00007FFA4D341000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                10.8MB

                                                                                                                                Download

                                                                                                                              • memory/4368-14-0x00000203CF3D0000-0x00000203CF3F4000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                144KB

                                                                                                                                Download

                                                                                                                              • memory/4664-194-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4684-197-0x000001C5BCC40000-0x000001C5BCD40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4684-223-0x000001C5BE170000-0x000001C5BE190000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4684-212-0x000001C5BDD60000-0x000001C5BDD80000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4684-200-0x000001C5BDDA0000-0x000001C5BDDC0000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                128KB

                                                                                                                                Download

                                                                                                                              • memory/4684-195-0x000001C5BCC40000-0x000001C5BCD40000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                1024KB

                                                                                                                                Download

                                                                                                                              • memory/4696-792-0x0000000004D90000-0x0000000004D91000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download

                                                                                                                              • memory/4800-1080-0x0000000004410000-0x0000000004411000-memory.dmp

                                                                                                                                Filesize

                                                                                                                                4KB

                                                                                                                                Download