Overview

overview

10

Static

static

1

PO 2024132...__.exe

windows7-x64

8

PO 2024132...__.exe

windows10-2004-x64

10

Saganashes.ps1

windows7-x64

3

Saganashes.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    69s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2024 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Saganashes.ps1

  • Size

    51KB

  • MD5

    86971efe48eae4401b734e86152c12aa

  • SHA1

    93376b7df5fa9f5d363e263dd898b86e42e40ec0

  • SHA256

    8e626d6dc0bb24ed272eaec732b70f81e306c38eba28df9e96ce78d61a75e455

  • SHA512

    a04489dfa81e2fe20f1a8f07c562ed4a05f85b74d5745d6cb712252a46f997a7de6c9f11c3fa902c7c7b03f6ff8596e89e064c251b6a348dfb0d3b7ff6a02455

  • SSDEEP

    768:AN4iitGvtxOdn/KpRVkmzfjoAPPSQJorIsqd1d4FdJF9wBYExO4u5lwSnuzC:C6o7kn/KdHdf2rtC1d42BYExOT5lwQ

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 14 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 28 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Saganashes.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3660
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2124
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2888
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3512
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3504
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1724
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:844
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2728
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2712
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4236
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3220
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4612
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1352
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4560
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4040
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:456
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2700
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:2476
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2776
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4976
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3600
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3528
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4020
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:820
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3152
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3632
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3912
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3468
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3632
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4204
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1460
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1444
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1732
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4104
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3156
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4884
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4496
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4160
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3356
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:1336
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:5032
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3428
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3464
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:1716
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4336
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2816
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3584
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2404
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3464
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2736
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:4036
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3508
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3208
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3504
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:3868
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:3152
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3944
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4840
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:2608
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:3028
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:4048
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:3104
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:3516
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:2476
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4720
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:4864
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:984
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:5092
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4884
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:3428
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:3492
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:4008
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:4168
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3776
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3936
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:3012
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:3020
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:3368
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:2484
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:4316
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:3820
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1740
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:1352
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                      1⤵
                                                                                                        PID:4640

                                                                                                      Network

                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                      Replay Monitor

                                                                                                      Loading Replay Monitor...

                                                                                                      Downloads

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                        Filesize

                                                                                                        471B

                                                                                                        MD5

                                                                                                        dbe5b78d5ad206c87804f68b608cc95e

                                                                                                        SHA1

                                                                                                        3aa24aa955ace99602b9c09a730d139a016dd2c8

                                                                                                        SHA256

                                                                                                        f35d6a98cc817f736776aa78ab90a11339bfed638788bc79eb6ee65a563e5d39

                                                                                                        SHA512

                                                                                                        afb286e0c34b06562b697e5632fa0021ab808f389329d4308df2daec8711c221cca1090fc4496b8911a02964043d4d82dcc0e4ff343821be4aad2787762ef289

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                        Filesize

                                                                                                        412B

                                                                                                        MD5

                                                                                                        367adf62626eabf2c601efff8123833a

                                                                                                        SHA1

                                                                                                        3ccae07eed6e8d5e85ed7b7ecf46ca91f05b928e

                                                                                                        SHA256

                                                                                                        49b9aa5081f704b209817be8d96a2e8f8f662811e6f3941c48ff4476d48d3e9e

                                                                                                        SHA512

                                                                                                        b239c878087b9df1c058f8afe4fef58e19b850782aa53a915d4e72354ce55b141da3bc3e655a3da67d946b2f42810abb34dc64773760b1860f20d437fb55b04a

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                        Filesize

                                                                                                        2KB

                                                                                                        MD5

                                                                                                        48a26b69d346c2b9e617eadb281b7ce8

                                                                                                        SHA1

                                                                                                        fda36239add21f7b3b041ffd53788b0dc2bc1dfe

                                                                                                        SHA256

                                                                                                        2dd08988976b2b4db29d9ed89c26f2314975644a2ebf49db0befc68a1493bb45

                                                                                                        SHA512

                                                                                                        bb2b41d9e0fa0e04e86ef0c9e97f6a55a793da0080ae2e56d036af78b1e3a4c9106b7354cdc815ad338bbca5e8ef073296e7148f80922f6bdb0a98900a931181

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help
                                                                                                        Filesize

                                                                                                        36KB

                                                                                                        MD5

                                                                                                        8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                        SHA1

                                                                                                        231237a501b9433c292991e4ec200b25c1589050

                                                                                                        SHA256

                                                                                                        813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                        SHA512

                                                                                                        1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe
                                                                                                        Filesize

                                                                                                        36KB

                                                                                                        MD5

                                                                                                        f6a5ffe5754175d3603c3a77dcfeca6b

                                                                                                        SHA1

                                                                                                        dacd500aeef9dd69b87feae7521899040e7df1d9

                                                                                                        SHA256

                                                                                                        fab3529f4a4df98271fa2f6a7860a28fdc30215144b7eefbaf6d424a2847d035

                                                                                                        SHA512

                                                                                                        66ec46041f1fe20203cda7a4d68b61d2e5bcdd09a36ee8171efa53fe92a9e6e023c5a254a4c43c110a99749829d7b99613f8d13dfb4c42656097cb8d224a531e

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133753614735977472.txt
                                                                                                        Filesize

                                                                                                        75KB

                                                                                                        MD5

                                                                                                        9d6821189bb5258e657aa489096f5035

                                                                                                        SHA1

                                                                                                        a3e2d7e43531b0c2d4d38ea6374259fcd45ad833

                                                                                                        SHA256

                                                                                                        ab98374c6e47b5c47c2035227751101039eb0ca56591bba0405cf144c5086b95

                                                                                                        SHA512

                                                                                                        211b715ce7cf52e9c6094aee90649799bcf70b03575a647fa2a70000a55cde1e4540591dacbd43a74979ef19406e2015b87c4dd84531933c7740d12b5afb54e4

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\M6JCG2RK\microsoft.windows[1].xml
                                                                                                        Filesize

                                                                                                        96B

                                                                                                        MD5

                                                                                                        732a32ad072ef786d816a4f85b1b6bea

                                                                                                        SHA1

                                                                                                        fe1945717c160ac3266f291564a003c044d409b0

                                                                                                        SHA256

                                                                                                        7dd2262373fcd6ebe2ed2c6e66242c85b1434c3fe23ca92ba41ae328ce8b941e

                                                                                                        SHA512

                                                                                                        55b57d5bf942f20a3557f20adeebb4c01cde4aec9d7a4fa8bfe6281fe0981773d8ce637fdbd1dc64f25abe72d75fad2a6538fadc86483ede9fdc5b59c0d36b79

                                                                                                        Download Submit

                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w0r0wz1r.4wg.ps1
                                                                                                        Filesize

                                                                                                        60B

                                                                                                        MD5

                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                        SHA1

                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                        SHA256

                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                        SHA512

                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                        Download Submit

                                                                                                      • memory/456-1223-0x00000238C0A00000-0x00000238C0B00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/456-1234-0x00000240C2B20000-0x00000240C2B40000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/456-1228-0x00000240C2B60000-0x00000240C2B80000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/456-1225-0x00000238C0A00000-0x00000238C0B00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/456-1224-0x00000238C0A00000-0x00000238C0B00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/456-1248-0x00000240C2F20000-0x00000240C2F40000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/820-1076-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1444-1516-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1460-1388-0x000001E5FFDE0000-0x000001E5FFE00000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1460-1402-0x000001DD804F0000-0x000001DD80510000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1460-1375-0x000001E5FF000000-0x000001E5FF100000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/1460-1380-0x000001DD80120000-0x000001DD80140000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/1460-1377-0x000001E5FF000000-0x000001E5FF100000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/1724-30-0x0000000004710000-0x0000000004711000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/1732-1519-0x000002065B360000-0x000002065B460000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/1732-1520-0x000002065B360000-0x000002065B460000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/2476-783-0x0000000002E70000-0x0000000002E71000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2700-637-0x0000020258B00000-0x0000020258C00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/2700-653-0x0000020A5A9B0000-0x0000020A5A9D0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2700-664-0x0000020A5AFC0000-0x0000020A5AFE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2700-641-0x0000020A5AC00000-0x0000020A5AC20000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/2700-636-0x0000020258B00000-0x0000020258C00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/2712-342-0x0000000004D50000-0x0000000004D51000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/2728-196-0x0000000004410000-0x0000000004411000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3220-354-0x000002B9CDE30000-0x000002B9CDE50000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3220-378-0x000002B9CE240000-0x000002B9CE260000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3220-349-0x000002B9CDE70000-0x000002B9CDE90000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3600-932-0x0000000004730000-0x0000000004731000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3632-1096-0x0000014094650000-0x0000014094670000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3632-1115-0x0000014094A60000-0x0000014094A80000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3632-1079-0x0000014093540000-0x0000014093640000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/3632-1080-0x0000014093540000-0x0000014093640000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/3632-1083-0x0000014094690000-0x00000140946B0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/3632-1078-0x0000014093540000-0x0000014093640000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/3632-1374-0x00000000049A0000-0x00000000049A1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/3660-18-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-16-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-15-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-19-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-20-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-14-0x00000179AC610000-0x00000179AC634000-memory.dmp

                                                                                                        Filesize

                                                                                                        144KB

                                                                                                        Download

                                                                                                      • memory/3660-0-0x00007FFBB9E73000-0x00007FFBB9E75000-memory.dmp

                                                                                                        Filesize

                                                                                                        8KB

                                                                                                        Download

                                                                                                      • memory/3660-13-0x00000179AC610000-0x00000179AC63A000-memory.dmp

                                                                                                        Filesize

                                                                                                        168KB

                                                                                                        Download

                                                                                                      • memory/3660-12-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-11-0x00007FFBB9E70000-0x00007FFBBA931000-memory.dmp

                                                                                                        Filesize

                                                                                                        10.8MB

                                                                                                        Download

                                                                                                      • memory/3660-6-0x00000179ABAD0000-0x00000179ABAF2000-memory.dmp

                                                                                                        Filesize

                                                                                                        136KB

                                                                                                        Download

                                                                                                      • memory/3912-1222-0x0000000004590000-0x0000000004591000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4020-951-0x000002726BC70000-0x000002726BC90000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4020-962-0x000002726C280000-0x000002726C2A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4020-938-0x000002726BCB0000-0x000002726BCD0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4020-934-0x000002726AD50000-0x000002726AE50000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4020-933-0x000002726AD50000-0x000002726AE50000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4040-634-0x0000000004990000-0x0000000004991000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4552-33-0x00000270CC100000-0x00000270CC200000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4552-31-0x00000270CC100000-0x00000270CC200000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4552-45-0x00000270CD070000-0x00000270CD090000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4552-57-0x00000270CD680000-0x00000270CD6A0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4552-36-0x00000270CD0B0000-0x00000270CD0D0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4552-32-0x00000270CC100000-0x00000270CC200000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4560-526-0x0000021DF5DC0000-0x0000021DF5DE0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4560-506-0x0000021DF57B0000-0x0000021DF57D0000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4560-495-0x0000021DF5A00000-0x0000021DF5A20000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4612-487-0x00000000042C0000-0x00000000042C1000-memory.dmp

                                                                                                        Filesize

                                                                                                        4KB

                                                                                                        Download

                                                                                                      • memory/4976-785-0x0000020EA5D00000-0x0000020EA5E00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4976-790-0x00000216A8040000-0x00000216A8060000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4976-803-0x00000216A8000000-0x00000216A8020000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4976-787-0x0000020EA5D00000-0x0000020EA5E00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4976-786-0x0000020EA5D00000-0x0000020EA5E00000-memory.dmp

                                                                                                        Filesize

                                                                                                        1024KB

                                                                                                        Download

                                                                                                      • memory/4976-822-0x00000216A8400000-0x00000216A8420000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4992-216-0x0000017EED220000-0x0000017EED240000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4992-203-0x0000017EED260000-0x0000017EED280000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download

                                                                                                      • memory/4992-228-0x0000017EED620000-0x0000017EED640000-memory.dmp

                                                                                                        Filesize

                                                                                                        128KB

                                                                                                        Download